Archive for Risk Management

Sep
01

… resilience as a balancing act

Posted by: Ken Simpson | Comments View Comments

I read a post on John Adams’ blog which I wanted to draw to people’s attention.

Let me start where Adams’ finishes;

“Resilience is not calculable. Unquantifiable, disputable, and disputed judgement will remain central to its pursuit.”

It is becoming rare to find people thinking and writing about resilience who recognise that it is not a candidate for standardisation and process-driven approaches. In the article Adams asserts there are no units by which resilience can be measured.

Adams has some really interesting ideas about the nature of risk management and the way we practice these things. I have posted on this subject before, and there is a link to both my earlier post and Adams blog at the end of this post. The pursuit of resilience involves risk management, hence his views on risk management provide the starting point.

Adams presents a model that he refers to as a risk thermostat – it is about balancing behaviours as a result of perceptual filters through which we view the risk and reward (the up and down sides of risk taking behaviour). However he notes that most institutional risk management is devoted to the prevention of bad things happening – which is only the bottom loop in his model.

People, organisations and entire societies are becoming risk averse, but this does not mean they are becoming resilient. In fact, he argues, accident avoidance actually constrains the extent of reward that can be achieved, and therefore the extent of resilience that could be achieved. Building resilience requires that we have the resources to invest in becoming more robust and in building and maintaining an adaptive capacity.

Resilience, especially the adaptive capacity, is a skill or attribute we acquire through experience. To learn, and therefore have the scope to become more resilient, we need to take a risk.

The Board and the CEO are positioned as the key folks to ensure that both the risk and reward loops are being adequately addressed. CRO – if it is Chief Resilience Officer – is really the role of the CEO. When it is used to indicate a Chief Risk Officer, and they focus on only the ‘bad things’ loop (by viewing risk as an equation : Risk = Consequence x Probability), then the role is less relevant to resilience.

As Adams puts it – “Achieving resilience is a balancing act.” It requires people apply their judgement, learn from experience (which will normally involve a mistake or two) and address both the potential rewards and the potential losses.

Do you manage the reward (or upside) of risk?

Is it an occupational hazard in BC that we see the glass as always “half empty” – just the ‘bad’ side of risk?

References

Share and Enjoy:
  • del.icio.us
  • LinkedIn
  • Facebook
  • blogmarks
  • Digg
  • FriendFeed
  • Netvibes
  • StumbleUpon
  • Technorati
  • Twitter
  • Google Bookmarks
  • Live
  • RSS
  • Posterous
  • Tumblr
  • Blogosphere News
Categories : Resilience Thinking, Risk Management
Comments View Comments
Jun
24

… profession or not?

Posted by: Ken Simpson | Comments View Comments

Things have been fairly hectic since my return from Toronto. A new client engagement to get started, not to mention a number of late nights watching the FIFA World Cup, have distracted me from posting here.

While catching up on my reading I came across this article in Risk Magazine. The quoted comments are in response to the question “What do you think are the significant challenges facing the risk profession in Australia?”

“Our greatest challenge is that we are not really a profession and do not always behave as professionals.”

That was how Grant Purdy started his response. Grant is the Chair of the Standards Australia/New Zealand Committee on Risk Management. This is the group that led the production of AS4360, on which the bulk of ISO31000 is based. Take a look at his CV (linked below) and you will see that is a practitioner not just a theorist or bureaucrat.

He continues as follows …

“By way of contrast it would not, for example, be possible for me to practice as an accountant or an engineer without proper training and a universally recognised qualification … I would not trust the servicing of my car to an unqualified mechanic and yet many organisations trust their entire strategy for managing risk with someone who has never worked in that area before or who cannot, for example, describe a risk correctly …”

Not only is this often true for Risk Managers, but too often for BC Managers. No universally recognised qualification – but numerous competing certification bodies. No need for experience, rote learning and reciting the text in the exam will suffice.

A number of other observers in the area have made similar observations on the subject. I have included the links below.

  • Nat Forbes provides an interesting litany of the various competing certifications in BC
  • Trevor Levine talks about the same aspect in the RM field
  • John Glenn takes the debate to a specific industry sector in his home in Florida.

Where we do require some degree of certification for a BC (or Risk) Manager, too often we find that these people are not doing the real work but tasking others. Lawyers and Accountants actually do the specific work of their profession, of course there are different levels and the heavy lifting is done by the junior folks. Too often in Risk and BC the heavy lifting is sent to be done by local ‘co-ordinators’ and other non-certified folks.

In particular John Glen’s post targets one of the central issues – are we talking ‘Risk Management’ or the management of risk?

Grant Purdy explains it this way …

“There is also one other, profound and associated challenge we face, that is concerned with , quite simply, how we describe ourselves and what we do. If we continue to describe what we do as risk management and ourselves as risk managers, then we will never advance our profession and enhance its standing. We must realise that we do not manage risk – that is the job of others. Our role is to help, assist and sometimes cajole them to manage risk more effectively.”

If we want to be professionals we first need a profession. Not just the single training and certification approach – but professionals actually doing the skilled work rather than oversight of frameworks and compliance processes.

Are we looking at this the wrong way?

Has BCM and RM become a governance and compliance profession?

Is the management of risk and continuity simply just another aspect of the practice/profession of management?


References/Links

Photo Credit

Risk Magazine, June 2010, Issue 75

Grant Purdy – Broadleaf Capital International

John Glen Post on risk certifications

Trevor Levine, Riskczar post on certification

Nathaniel Forbes post on certification in BC

Share and Enjoy:
  • del.icio.us
  • LinkedIn
  • Facebook
  • blogmarks
  • Digg
  • FriendFeed
  • Netvibes
  • StumbleUpon
  • Technorati
  • Twitter
  • Google Bookmarks
  • Live
  • RSS
  • Posterous
  • Tumblr
  • Blogosphere News
Categories : BC Practice, Management Thinking, Risk Management
Comments View Comments
Next Page »

SUBSCRIBE

Delicious ')+'&title='+encodeURIComponent(''),'delicious', 'toolbar=no,width=550,height=550'); return false;"> Bookmark this on Delicious

Archives

Recent Comments

RSS My Resilience Bookmarks

Tags

Adaptability Agility ATM Banking BCI BCM BC Practice Benchmarking Center for Resilience Cloud Computing Communication Communities Conferences Crisis Management Disaster Recovery Disruption Earthquake Economics Frameworks Goals High Reliability Homeland Security IT Service Management LinkedIn NZ Resilience Trust Ohio State University Operational Risk Pandemic People Plans QANTAS Resilience Resilient Organisations Retrospective Risk Management Robustness Salesforce.com Skills Standards System Failure Theory Tools/Technology Vulnerablity WCDM Weather

Blogroll

Shared from Google Reader

UA-11717227-1