Tải bản đầy đủ - 0 (trang)
2 ``Dynamic´´ Frameworks of Risk Management

2 ``Dynamic´´ Frameworks of Risk Management

Tải bản đầy đủ - 0trang

Fig. 5 Dynamic factors dominating risk management

Linking Strategy to the Real World



W.K. Kross

to as the efficient frontier, i.e. the level of residual risk under which no further risk

reduction is generally warranted.

Figure 5 further introduces the reader to some of the factors, which play a

significant role in both the quantification of current levels of risk, and future levels

of risk. Each factor in itself poses a treat, and unfortunately each factor reflects a

specific degree of uncertainty. In particular, it is submitted that “fire” as a risk

factor, by and large has become a factor that is well understood – and coherent with

far-reaching risk transfer mechanisms such as insurance packages. Other factors

such as IT failure, the War against Terror, Pandemic Flu or Global Warming are far

less understood and hence reflect more elevate degrees of uncertainty for risk

managers. Ignoring them in their entirety simply because the true quantitative

impacts cannot be assessed at this stage, should be considered an act of gross

negligence – if not more.

Risk managers in real life organizations, unfortunately, have to cope with far

more. The world, in which they operate, has mutated from single work places to

integrated supply chain networks with partially unknown levels of complexity and

some unknown interdependencies. At the same time, any attempt of an organization

to enhance the economic value added, be it through risk reduction initiatives,

organizational growth or the increased returns, usually has an impact on the residual

levels of risk. A choice of business models in order to reduce operating costs, for

example through just-in-time inventory management, of course can cause elevated

levels of residual risk too.

Needless to say, today’s complexities and dynamics render the bulk of the

available standards and regulatory frameworks almost useless when the main

focus is to provide governance and leadership to the true practical challenges

faced by risk managers.


Risk Management in Integrated Supply Chain Networks

To add insult to injury, the degree of dependency of individual organizations

ranging from the overall value chain that reaches from raw products to the ultimate

end consumer, has increased drastically in the last decades.

Figure 6, originally borrowed from internal presentation material of Marsh Risk

Consulting, outlines some typical risk factors, which may become relevant for the

design of a risk management system in the retail sector. Incidentally, while real-life

(risk) management systems may neglect some or most of these factors in their strife

for what is commonly referred to as enterprise-wide risk management, simply

because historically such frameworks were dominated far too much by accounting

and risk provisioning frameworks, the good news is that checklists can be traced via

the Internet to an extent that helps identify almost all risk factors fairly easily.

Today’s primary concern, however, reaches far beyond the scope of identifying

individual risk factors and designing response strategies. As a consequence of

having designed integrated supply chain networks and outsourcing, organizations

Fig. 6 Risk management in integrated supply chain networks

Linking Strategy to the Real World



W.K. Kross

have evolved to becoming rather vulnerable to changes in their supplier networks,

and this phenomena appears to be happening to an increasing extent. As a consequence of the financial crisis, numerous organizations have disappeared off the

market and/or have been fileted by institutional investors. And if not, these

organizations in many cases have become more vulnerable, and often impeded by

the fact that banks no longer function the same fashion they did prior to the crisis –

whether right or wrong. A speculation, which can be traced in common literature

and the media, and which would need to be substantiated, is that while financial

markets seem to have recovered from the financial crisis, the real world is still in the

midst of it – and will be so for an extended period of time.

The problem appears to be that more than just a few organizations have

outsourced what can and should be considered a part of their core business – at

least in the not so distant future. Hence, in the event of a core “strategic” supplier

disappearing, or of a change in attitude, or of a supplier being consolidated into a

new context, which unfortunately applies primarily to one of the core suppliers,

some central elements of the corporate value chain may become dysfunctional.

To add further insult to injury, the main interface between organizations and

their suppliers, besides technical and certain operational issues, is the procurement

function – which, as several authors have claimed, are far from adequately positioned or skilled to cope with today’s realities. It is submitted that a procurement

function should, in order to be effective, be able to assess the risk position of their

entire supplier organizations, including their respective suppliers and related

vulnerabilities in transportation from A to B. Buffering capacities, insurance

coverage, the true wording of contracts, and the effectiveness of early detection

mechanisms in risk and issue management have been equally or become more

important when compared to the historical set of quality and cost related key


Moreover, the skill set and the structural authority of the procurement function

appears to have become an impediment for effective beyond-enterprise risk management in that usually, the procurement function would be far from capable or

authorized to design and implement higher-level intervention mechanisms such as

supporting suppliers through short-term cash injections (be it debt or equity),

longer-term contracts in conjunction with forfeiting mechanisms, or even (partial)

insourcing decisions. Needless to say, such decisions would typically require the

structural power and higher authority of a corporate board. The question is, then,

why it is taking so much time to modify organizational structures to the effect that

the procurement function is raised to corporate board level, or that a board member

takes over the actual management of the procurement function. In this context the

reader is advised that such overdue changes are not observable as an obvious trend

in the quarterly or annual reports of most Fortune 500 organizations.

As a comment on the side, the author firmly believes that the above set of new

challenges will have an even worse impact on the effectiveness and efficiency of

risk management to the extent that, it relates to public sector organizations. The

same new vulnerabilities apply, however, the ability to react is far more impeded

than is the case in private sector organizations, given that public sector

Linking Strategy to the Real World


organizations are usually bound by public tendering policies and procedures which

were originally designed to render procurement neutral and robust against manipulation. In today’s environment, however, these policies and procedures as well as

related regulatory frameworks have the potential of becoming one of the worst

nightmares that is conceivable in the public sector. Of course, again: future will tell.

4 Implementing Risk Management in Real Life


Frameworks of Change: Project Management Techniques

It is submitted that one of the predominant organizational frameworks for the

introduction of change, are projects. The advantage is, of course, that projects

today are well understood and easily manageable. Frameworks such as PMI’s

renowned “Project Management Body of Knowledge” (PMBOK) offer a practicable process model including the integration of all related knowledge areas. Complementary frameworks such as the best-practice oriented PRINCE2 standard of the

Office of Government Commerce offer valuable additional tools and techniques.

The reader may be aware that a large number of complementary standards and

practitioner guides exist to address similar or complementary topics such as program management, project portfolio management, scheduling, project risk management, organizational project management maturity, work breakdown structures,

earned value management, and the like.

While one should assume that project management has become a technique in

which everything is entirely under control, the opposite seems to be the case in

larger organizations, and larger-scale change initiatives. Kross (2006) systematically traced troubled or failing change initiatives in the modernization of largerscale banks’ IT landscapes back to what can be considered a logical sequence in

which poor decisions and work processes of the past became the core change

impediment for the future – as Fig. 7 reflects.

Figure 7 renders it apparent that the increasing gap between true progress from

completed activities, and budget consumption, coincides with a lack of true complexity reduction in projects’ respective life cycles. The techniques, which are

commonly employed, seem unable to cure this problem. In particular, larger

changes to the IT landscapes in banks often follow a model whereby initially the

business departments define what is commonly referred to as their 180% solution to

business requirements (in order to leave some space for negotiations), followed by a

specification of technical requirements which are usually not questioned by anyone

but which coincide with a slight reduction or otherwise modification of the business

related scope and requirements. Then, everything is thrown over the fence into a

project management framework in which initially, a standard software solution is

chosen and parameterized. As soon as it is recognized that the standard software

solution cannot cope, logic and functionality is transferred into intelligent software


W.K. Kross

Fig. 7 Flawed risk management in typical major change initiatives

interfaces and complementary libraries or software modules. As and when the

resulting complexity has become unbearable, the scope or the quality is reduced

in order to keep a cap on the costs.

In these situations, project managers become vulnerable to separating themselves from their original set of responsibilities, partially because their escalations

typically do not result in the desired feedback from higher authorities. Risk Owner

systems such as those described by Kross (2009) become dysfunctional and counterproductive. Moreover, an elevated vulnerability to manipulation is established,

which augments the issues between the translation of facts and figures into human

perception and language – and backwards. The reader is advised that numerous

authors have addressed the “soft” factors in risk management very well.


Flawed Change and its Impacts for Risk Management

The earlier sections highlight numerous undesirable side effects for risk management, which result from flawed conceptual design and implementation of risk

analytics and risk management in dynamic environments, and the further impacts

resulting from flawed organizational change. It is submitted that the conflict arising

between overlapping organizational structures and processes, as well as the

resulting conflicting goals and objectives which face individual and team decision

makers, have the potential of making matters even worse. The reader may also

imagine the likely implications for any future change initiatives, which then need to

Linking Strategy to the Real World


be designed to operate within a partially dysfunctional landscape as it results of

earlier flawed change initiatives, and potentially with a scope that includes both the

new project focus, and the various liabilities, which have remained unresolved and

unaddressed by the earlier attempts.

Unfortunately, in some cases this is not the full story. Figure 8 displays for a

financial services provider environment, how certain dysfunctional aspects in

change initiatives have the potential to stifle the organization’s ability to perform

effective risk management line functions.

In particular, Fig. 8 reflects that flawed change management initiatives and/or

poor compromises lead to impeding effects in operational processes. For example,

value-adjustments and write-offs are performed or detected too late in order to

enable the back and middle offices to perform an early recognition of deviations

from the rule, and related reactions. Moreover, due to a flaw in the design and

implementation of risk management initiatives, ultimately, the financial services

provider becomes ineffective or entirely unable to perform what is commonly

referred to as risk-adjusted pricing. Needless to say, this would be a problem.


Framework for the Introduction of Systemic Process-Related

Risk Management in Real Life Organizations

In a number of earlier publications, the author suggested that a more systematic and

process-related framework for risk management should not be based on the assumption that the wheel needs to be reinvented. Rather, most organizations practice risk

management in some or other fashion already. The issue is, however, that risk

management in real life organizations often lacks more than just fragments of what

is commonly referred to as the risk analytics toolbox, and that decisions are hence

made on the basis of an insufficiently stable foundation. In more informal risk

management frameworks as they seem to have remained the norm in small to

medium scale enterprises, and in a surprisingly large number of public sector

organizations where the same status seems to apply, good risk-based decision by

logical inference become an accidental surprise and incident.

In order to develop a fast appreciation of what is truly needed, what is already

there and which priorities need to be set in order to close the gaps quickly and

efficiently, it is sensible to first, on the basis of a cursory understanding of a new

policy on risk management, identify how reactive and proactive risk management

techniques are employed in processes and work flows, and which metrics have a

true meaning for the organization (Fig. 9).

Corrective action including what is commonly referred to as “quick-win’s” can

then be interfaced into the real-life situation, and can be complemented with a

gradual enhancement of processes and workflows, and an upgrade and refocusing of

the key indicators that should have a true meaning for the organization. Planning

and implementing a prioritized action list can then become the basis of a continuous

Fig. 8 Impact of flawed change initiatives on risk management


W.K. Kross

Linking Strategy to the Real World


Fig. 9 Introducing systematic risk management in real-life

improvement framework, or a six-sigma framework for that matter. As things

evolve, an enhanced degree of quantification should be the target.


Shifting the Focus from Risk to Opportunity Management

While this chapter clearly outlines that risk management in real-life organizations is

far from what could be characterized as “fully under control,” and that a long road

to success is yet to be overcome, it is submitted that this is not the ultimate target.

Rather, the road from chaotic conditions via a systematic problem management, a

more systematic risk management, and via an increasingly systematic opportunity

management should ultimately be focused on the true success factors which count

in the sustainable competitive advantages of an organization; building on

frameworks such as the famous five forces of Michael Porter, and the like.

Given that a systematic opportunity management cannot function in real life

organizations as yet, partially due to the lack of risk management related skills as

they have remained in practice and academia, a quantitative proof of concept and

even more a quantitative proof of effectiveness and efficiency cannot be presented

at this stage. Rather, arguments must remain qualitative at this stage.

Perhaps an interim step in the ultimate direction can be to refer to a framework

which was originally conceived by Harold Kerzner (2000), commonly known to be

one of the gurus and the leading thinkers in the field of project management.

Kerzner submitted several years ago that the maturity models, which had developed


W.K. Kross

an elevated level of attractiveness for knowledge workers in many industries,

reflected some conceptual flaws. Kerzner identified it as a rather positive factor

that quite apparently, knowledge workers are ready to adopt change and to improve,

in some cases rather substantially. However, the highest level of most maturity

models, thus a continuous improving of the level of high maturity, cannot be the

ultimate goal. Kerzner presented the analogy of a product which, as soon as a high

level of maturity has been reached, potentially losses its attractiveness.

Kerzner suggested that the willingness to change should be considered as an

opportunity by higher level management, which could jump onto the change

initiatives and interface a vision for the development of sustainable competitive

advantages and what is commonly referred to as strategic competencies. Excellence

becomes the higher-level target, not just maturity.

Please note that Fig. 10 reflects a somewhat modified graphical representation of

Kerzner’s model in which his expression “project” was replaced by the word “risk,”

thereby submitting the notion that the model can apply similarly: enhanced beyondmaturity risk management, similarly to what seems to apply for the field of project

management, can become an opportunity enabler in which organizations differentiate themselves in their ability to manage risk, and change, far better than their

competitors do.

Fig. 10 Perspectives of effective risk and opportunity management

Linking Strategy to the Real World


5 Conclusions and Recommendations

This chapter submits that corporate and project (portfolio) risk management must

be set up for the specific circumstances of an organization within its supply chain

network, consisting of various inter-layered analysis and management levels.

Conceptually, this is not trivial and dreaming of all-encompassing software

solutions does not solve the problem. But, the good news is that many significant

problems have already been resolved conceptually, it is hence not necessary to

conceive or implement an overly narrowly minded approach; and there is usually no

need for the reinvention of the wheel. Historically, an overemphasized controlling

function seems to have prevailed in risk management, resembling a “tail wagging

the dog.” A probabilistic approach will in most cases be the most sensible framework for risk analytics, given the inherent degrees of uncertainty and the remaining

skill and knowledge gaps in theory and practice.

Projects should be understood as the main framework for change. These however require an upgrade toward enhanced risk and ultimately an explicit opportunity

management. Truly significant is the handling of‚ “soft” factors, as numerous

authors have submitted; “hard” metrics will not suffice in real life organizations.

This is due to numerous factors including but not limited to the observations that the

human understanding and attempts to manipulate dominate the initial evaluation,

the subsequent implementation, the delegation of responsibility, and the strategic

stakeholder communication. Rather than establishing “hard” controlling and

auditing frameworks first, and following the route of historic regulatory-driven

risk management initiatives, the targets should become an entrepreneurial prioritization framework, creating a transparent and strategy-supporting risk culture,

enhanced risk awareness, facilitated flexibility, and the creation of a fully functional

risk ownership structure.

It appears that risk management on the systems-, processes-, projects-, portfolio-,

initiative-, enterprise-wide and supply chain levels is currently experiencing a

fundamental change in mindset, a cultural paradigm change toward incentive

schemes for the delegated responsibility. This necessarily coincides with the

urgently needed creation of an interface to optimization and opportunity generation

frameworks, beyond enterprise boundaries and integrated logistic networks.


Clemen, R. T., & Reilly, T. (2001). Making hard decisions. Pacific Grove: Duxbury Thomson

Learning, Brooks/Cole.

Howson, C., & Urbach, P. (1989). Scientific reasoning: The Bayesian approach. Lasalle: Open

Court Publishing Company.

Kahneman, D., Slovic, P., & Tversky, A. (1982). Judgment under uncertainty: Heuristics and

biases. Cambridge, MA: Cambridge University Press.

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

2 ``Dynamic´´ Frameworks of Risk Management

Tải bản đầy đủ ngay(0 tr)