Thursday, February 25, 2010

Strategic Risk

Risk management has a history of sloshing about in the nether regions of the organisation: focussing on operational type risks, processes, insurance, that type of thing. Don't get me wrong, I think those things are important, but shouldn't we be dealing with the strategic issues? You know, M&A, what is the future of the organisation? What is coming at us over the horizon?

I have a view that we should be looking a lot more at strategic risk, and I like to tie it back to value drivers (via objectives?) such as those that drive shareholder value (or whatever your equivalent might be for our organisation).

This leads me to pose several questions:
  • Do we as a profession have enough face time with the CEO and Chairmen of our organisations?
  • Do we get involved in strategic plans before or after they happen? eg, do we get involved in risk based due diligence after the transaction is announced, or when options for acquisitions are being discussed?
  • How often do we, as a profession, facilitate board awaydays focussing on more distant strategy (say 5 to 10 years out)?
  • Does anyone have any really good war stories on this that you are happy to share on line?



Wednesday, February 17, 2010

Ethics and Risk Management

It is my contention, as I have often said, that Corporate Ethics is one of four key attributes of Risk Management, and that is is often in tension with a performance culture (another of my four key attributes).

A number of things have cropped up over the recent years:
  • Clearly Toyota has some "ethical" questions to answer with regard to brakes, accelarators and now steering systems.
  • It seems unutterbaly proven that there were dubious (at best) ethics in banking which allowed the situation to arise for the financial crisis.
  • A few politicians in the UK have exhibited less than the highest standards in the ethical field.
  • Greece (aided and abetted by at least one bank) appears to have been cooking the books, with disastrous consequences for other Eurozone countries.
  • BAe has paid a stinging penalty to the US and a modest one in the UK.
  • We have a new bribery act coming onto the statute book in the UK (if it gets through before the election).

I believe that risk management can ONLY work where there is an ethical dimension to the organisation. And yet, perversely, this allows free-riding unethical corporations to duck and weave unhindered and leave the ethical corporation trailing - at least for a period of time.

I would welcome people's views on the interaction of ethics and risk management.

As ever, I am likely to turn the discussion into a paper in due course, summarising the contributions - if you are uncomfortable with that, let me know in your response.