Using ERM to
position yourself as
a Strategic Partner
Steve Treece
Assistant Director Risk Resilience & Safety
Identity & Passport Service
IRM GLOBAL RISK MANAGEMENT
PROFESSIONAL DEVELOPMENT FORUM
22nd March 2011
Identity and Passport Service V1.00 Not Protectively Marked
Agenda
Using ERM to position yourself as a Strategic Partner
Risk management as a source of competitive advantage, not a cost
• IPS background
• Driving returns by Business Alignment and Integration across the business
• Demonstrate the Value of Risk Management (rather than the costs)
• Challenging conventional concepts of risk tolerance in decision making or
– Risk Tolerance: a mirage?
• Importance of Dialogue and Understanding
• Making Enterprise Risk Management live
Identity and Passport Service V1.00 Not Protectively Marked
Identity & Passport Service
• Executive Agency of the Home Office
• Activities
– Issuing Passports (5.35 million: 2009/10)
– Operations of General Register Office (England & Wales – 1.92 million vital event certificates: 2009/10)
• £380 million annual income
• Over 4,000 employees
• Wide range of suppliers and partners
• Business change initiatives
• Manage risks in context of Principles
– Trusted and Secure
– Customer Service
– Operational Focus
– People
– Cost
Identity and Passport Service V1.00 Not Protectively Marked
New Challenges Require New Thinking First
Context of major change in the public sector
“The world we have made as a result of the level of thinking we have done thus far creates problems we cannot solve at the same level of thinking at which we created them” – Albert
Einstein
We need more effective thinking and dialogue to make Enterprise Risk Management more effective
Identity and Passport Service V1.00 Not Protectively Marked
ERM in a Business Context
Corporate outcomes
Directorate outcomes
Corporate activities
Directorate activities
Corporate resources
Directorate resources
Future
OutcomesHierarchical
Future
ResourcesFuture
Activities
Manage Risks and Rewards in this context
Identity and Passport Service V1.00 Not Protectively Marked
Measures
& TargetsActivities
Savings2. How will
we measure
achievement?
4. What
should
we stop?
Present
Future
?
5. What resources do
we need to produce
our outcomes?
I want experts to give me
customised, specialised
solutions
ART, Financial &
industry experience
Develop & manage
risk solutions
Partner to
deliver solutions
Provide direct
assessments
Link to U/W desktop
Shared accountability & incentives
Build
sophisticated ART
& fee-based solutions
business
1. What do we need
to deliver?
Embedding ERM as a Strategic Partner
8. Should we
add resource
or stop?
7. Are we
getting the
benefits? Can
we afford them?
I want experts to give me
customised, specialised
solutions
ART, Financial &
industry experience
Develop & manage
risk solutions
Partner to
deliver solutions
Provide direct
assessments
Link to U/W desktop
Shared accountability & incentives
Build
sophisticated ART
& fee-based solutions
business
6. What will
they cost?
Budget
£
Resources
Investment
Prediction/
Review
Outcomes 3. What do
we need to
do?
Priorities
Identity and Passport Service V1.00 Not Protectively Marked
How Risks are Managed affects Results
Step Deliverable
What do we need to deliver? Linked future outcomes
How will we measure success? Predictable outcomes
What do we need to do? Value chain
What should we stop? Savings
What resources do we need to produce our outcomes?
Staffing and budget needs
Are we getting the benefits? Benefits realisation
Identity and Passport Service V1.00 Not Protectively Marked
ERM as a Cost/Value to the Business?
• Cut across silos: facilitate understanding across the business
• Insight: consequences of investment etc. decisions
• Minimise costs by early intervention and incident analysis
• Risks related to Performance Indicators & Early Warning Signs
• Ensure controls aren’t just overheads
• Horizon scanning and scenario planning
• Protect reputation and ratings
Identity and Passport Service V1.00 Not Protectively Marked
Value Proposition
CEO and EDs are confident that we are key to ensuring that we are a resilient business and actively reduce risk, especially as we go through significant change and uncertainty.
All of our interactions support this because we are brilliant at:
• Listening to and understanding the business, its key objectives and concerns
• Expert analysis and consultancy support
• Reliable, clear and timely risk and incident information & analysis, which drives insight and informed key decisions
• Simple business focused language and tools which enhance integrity, capability, communication and engagement
• Exercises of scenarios around significant risk events to explore consequences and solutions
Identity and Passport Service V1.00 Not Protectively Marked
Risk Management Insight: Light the Road
• Have a positive outlook on risk
• High quality, reliable MI and tools to promote:
– Consistency
– Transparency
– Structure for what is intuitive
• Increase confidence key challenges are:
– Understood
– Prepared for; and
– Under appropriate control to achieve success
• Early warning to avoid unplanned surprises
– Conscience?
• “Ignorance more frequently begets confidence than does knowledge” (Charles Darwin)
Identity and Passport Service V1.00 Not Protectively Marked
Risk Tolerance: a mirage
• Vital or a myth?
• Everyone says it is important
• But nobody agrees on what it is
• ISO31000– Amount & type of risk that an organisation is willing to pursue or retain
• BS31100– Amount and type of risk that an organisation is prepared to seek, accept or
tolerate
• Corporate Governance Code– “The Board is responsible for determining the nature and extent of the
significant risks it is willing to take in achieving its strategic objectives”
– “The Board should maintain sound risk management and internal control systems”
Identity and Passport Service V1.00 Not Protectively Marked
Structured Decision Making
• How much risk are you prepared to take/retain/accept?
• How much control are you prepared to exercise/relinquish?
• What are the Priority Business Outcomes and Objectives?
– Conflicts and Compromises
• Balance with Risk Themes
– Trusted and Secure (Data security, legally compliant, resilient)
– Customer Service (Performance)
– Operational Focus (Efficiencies)
– People (Safe and Engaged)
– Cost (VFM and business benefits)
• Cross Business sign off
– Acceptable level of residual risk/opportunity will result
– Clear time bound action plans to improve management if necessary
– Contingency plans in place should a risk be realised
Identity and Passport Service V1.00 Not Protectively Marked
Understand the Business first
• ERM core skill and value
• “Seek first to understand, then be understood”
• “There are three constants in life... change, choice and principles.”
– Stephen R Covey
• Power of positive change and the positive question
Identity and Passport Service V1.00 Not Protectively Marked
Advocacy
• A western educational & business tradition that stresses:
- critical thinking - critiquing
- adversarial thinking - confrontation
- testing one viewpoint against the other to find the strongest
• We focus almost exclusively on advocacy
- presenting our views and arguing strongly for them
- debating forcefully to influence others
• Most managers are trained to be advocates
Identity and Passport Service V1.00 Not Protectively Marked
Enquiry
• A complementary skill to advocacy that:
• seeks to uncover information about why a view is held
• asks questions about underlying assumptions, beliefs,
reasoning
• explores:
- why do you believe this ?
- what logic leads to this conclusion ?
- what facts and data do you have ?
- what examples or past experience exists ?
• Supported by attitude of wanting to understand, explore,
learn, expand
• Not a technique to cross examine people or find fault
Identity and Passport Service V1.00 Not Protectively Marked
Appreciative Enquiry
• Appreciative Enquiry is a way of achieving positive learning and change by gathering information and closely examining its quality, significance, and magnitude, focusing on strengths.
(From OED)
Appreciate– Esteem highly, value
– Be sensitive to
– To raise in value
• Enquiry– The process of asking questions or seeking information.
– A close examination in a quest for truth.
Identity and Passport Service V1.00 Not Protectively Marked
Comparison to Problem Focus
• What to fix
• Underlying grammar = problem, symptoms, causes, solutions, action plan, intervention
• Breaks things into pieces & specialties, guaranteeing fragmented responses
• Slow! Takes a lot of positive emotion to make real change.
• Assumes organisations are constellations of problems to be overcome
• Traditional risk management?
• What to grow
• New grammar of the true, good, better, possible
• “Problem focus” implies that there is an ideal. AE breaks open the box of what the ideal is first.
• Expands vision of preferred future. Creates new energy fast.
• Assumes organisations are sources of infinite capacity and imagination
• Minimises defensiveness
• Breaks down silos
• A better context for risk management?
Problem Solving Appreciative Enquiry
Identity and Passport Service V1.00 Not Protectively Marked
AE in practice: Understand the Board
• What’s going on in their world?
• What’s important to them?– What do you value about… yourself, work, organisation?
– If you had three wishes for this organisation, what would they be?
– What are your key concerns and opportunities at the moment?
• Avoid received wisdom
– That’s how we have always done it
– This is the way is must be done
• Provide insight
Identity and Passport Service V1.00 Not Protectively Marked
AE in practice:
Understand the wider business
• External forces
• Customers
• Shareholders
• Other Stakeholders
– Community
– Suppliers
– Government/regulators
– Press/Media
• Internal
– Current and prospective employees
– Other departments
Identity and Passport Service V1.00 Not Protectively Marked
Management Board &
Executive Directors
Management
This is what we are worried
about
What are you doing about it?
(Delegation)
This is what we are doing about your concerns
This is what we are worried about as well
Did you know?
Are you happy with what we are doing?
(Assurance)
Identity and Passport Service V1.00 Not Protectively Marked
Don’t forget your Supply Chain
Key Issues
• Reputation risks difficult to fully transfer
• Potentially competing priorities/agendas
– Other Government Departments and similar
– Shareholders
• Collaborative approach
– Shared understanding, principles and behaviours
• Shared management of key risks
– Clear and transparent ownership
• Supply chain resilience
• Engage all key functions:
– Commercial; Operations; IT service and supplier management
Identity and Passport Service V1.00 Not Protectively Marked
AE in practice: Communication
• Simples!
• People buy benefits
• Align language used to the way the business speaks
• Attitude and behaviour more important than content
Identity and Passport Service V1.00 Not Protectively Marked
Understand Risk Attitude/Culture
Risk IgnorantRisk Deluded
Risk AverseRisk Aware
Identity and Passport Service V1.00 Not Protectively Marked
What is your view of risk?
• Who drives their children to school?
• Who lets their child go swimming?
• Why?
What is more likely?
• Is a child more likely to be (US statistics 2003: Dan Gardner, “Risk”):
• Abducted by a stranger
– 1 in 655,555
• Drown in a swimming pool
– 1 in 210,526 = 3 times more likely
• Killed in a car crash
– 1 in 24,502 = 26 times more likely
• When do sales of earthquake insurance increase most quickly?
• Do we focus on impact to exclusion of likelihood?
– Coloured by media coverage and recent events
– Ignore the real risks (“it’s never happened here before”)
Identity and Passport Service V1.00 Not Protectively Marked
Make it live: Scenario planning
• Real life examples
• Go beyond conventional Business Continuity events
• Make it relevant (Business Outcomes and Risk Themes):
• One man’s problem is another man’s opportunity?
Identity and Passport Service V1.00 Not Protectively Marked
Case study: Challenger Space Shuttle
Presidential Commission 1986
• Pressure seal in joint between two lower segments of right Solid Rocket Motor failed
• Faulty design unacceptably sensitive to a number of factors including temperature
• Contractor advised against launch below 53 degrees F
• Temperature at launch 36 degrees F, 15 lower than next coldest previous launch
• Joint test programme inadequate – motors not tested as in flight
• No analysis flight history O-ring performance – correlation damage and low temperature
• Failed to recognise the problem; failed to fix it; treated as acceptable flight risk
• Launch decision made without awareness of O-ring problems and contractor recommendation
• Escalating risk accepted because “got away with it last time”
Identity and Passport Service V1.00 Not Protectively Marked
Case Study: Mobile phone industry
Economist Intelligence Unit 2009
• Philips microchip plant New Mexico
• Major fire contaminated millions of mobile phone chips
• Nokia switched suppliers
• Erikson accepted assurances on recovery
• Lost market share and over $400m annual earnings
• Nokia profits rose 42%
• What further risks/opportunities from economic downturn– Tighter credit
– Pressure to drive down costs
– Energy price volatility
Identity and Passport Service V1.00 Not Protectively Marked
In Conclusion
• Align ERM within the business
– Business Cycle
– Structured Decision Making
• Demonstrate understanding and value
• Make ERM live as part of the day job
– Flexibility to manage
– Achievement of objectives and outcomes
– Satisfaction from not continually fire fighting
– Security from adverse performance review
– Time to think and plan
Identity and Passport Service V1.00 Not Protectively Marked
It’s only History repeating?
• “The budget should be balanced, the Treasury should be filled,
public debt should be reduced, the arrogance of officialdom
should be tempered and controlled, and the assistance to
foreign lands should be curtailed lest Rome be bankrupt.
People must again learn to work, instead of living on public
assistance.”
• Marcus Tullius Cicero
• “We trained hard, but it seemed that every time we were
beginning to form up into teams we would be reorganised. I was
to learn later in life that we tend to meet any new situation by
reorganising : and a wonderful method it can be for creating the
illusion of progress, while producing confusion, inefficiency and
demoralisation.”
• Caius Petronius, Roman Consul, 66 AD
Identity and Passport Service V1.00 Not Protectively Marked
Thank you
Any questions?
Top Related