Author Archive: admin

Improving Risk Management by Adding Internal Controls

Many organizations learned hard financial lessons during the recent economic crisis. Most of those companies that survived the downturn did so because they had control of their finances during these critical times. If your company does not have an effective risk management strategy in place, now is the time to take it off the to do list and put it into action. Work with an outsourced accounting department to develop internal controls that will mitigate your company’s risk.

Improving Operations

The first of three key components to a risk management program is operations. Day to day tasks in a company must be done in a manner that is both effective and efficient. Internal controls need to become a regular party of daily activity, not an afterthought or a “when we get around to it” task.

The expertise of an outsourced accounting department is a great start to improving company operations. The sad fact is even many large businesses do not conduct financial operations in compliance with Generally Accepted Accounting Principles and this increases their risk. Hiring accountants rather than simply bookkeepers adds a set of guidelines designed specifically to reduce risk, bias and unethical activities. Internal financial operations turned over to accounting services are lower risk because they are conducted under these principles.

Better Reporting

One reason many businesses floundered or failed during the downturn was they were caught by surprise. Many of these organizations didn’t have a clear picture of their company’s financial position. Events occurred so quickly that reports from the previous quarter were quickly outdated. Decisions were made based on old information, and this proved to be disastrous.

Outsourced accounting departments provide ongoing analysis and reporting that businesses need in today’s economy. Although financial operations have been moved outside the company, the availability of secure internet connections allows client businesses to still have full, live access to their books. In fact outsourced accounting services offer many organizations better access than their internal departments can. Armed with current information, managers make better decisions and companies thrive.

Regulatory Compliance

Businesses are forming partnerships with outsourced accounting departments for a variety of reasons but one of the leading motivators is the confusing web of financial regulations. Catastrophic financial events in this country have led to sweeping regulatory reform, and it is difficult for even professional accountants, much less busy executives, to keep up with the latest developments.

Changes in tax codes, documentation requirements or investment laws can suddenly leave a company in a tenuous legal position. Ignorance of the law does not protect an organization and the larger the company the more likely it will become the target of government or private investigations. Accounting services are necessary for understanding and complying with these laws and protecting the company from liability.

Risk and Reward: Manager Profiles and Innovation Outcomes

One of the interesting challenges that managers face is the tension between expectations of senior leaders that managers minimize risks for their organizations while also motivating their direct reports to be more innovative. Finding a balance is no easy task, as managers consider the impact of decision-making on their reputation, job security, the impact decisions might have on their direct reports, and the short- and long-term impact of their decision-making on their organization.

Consider the following management profiles and the possible outcomes of these mindsets:

HIGH RISK AVOIDER – This manager defaults to the safest possible decision and encourages his or her direct reports to do the same. The manager will rely heavily on established policies and procedures and punish his or her employees who do not carefully follow these guidelines. This fosters a culture of risk avoidance in this unit. Employees that will thrive in this environment are those that like a predictable routine and are reassured by the presence of clear parameters for decision-making. This manager will likely push any risk up the chain of command rather than making a tough call himself or herself.

HIGH RISK TOLERATOR – This manager is very comfortable with risk and encourages his or her employees to test the boundaries of policies and procedures when a possible benefit can be seen for the company. This manager expects that his or her employees will fail and make mistakes and accepts this is the cost of doing business on the cutting edge. The manager will encourage employees to try new things and step outside of their comfort zones, rewarding them when they successfully innovate but avoid punishments that might stifle future innovation. Employees that will thrive in this environment are those that enjoy autonomy, are comfortable with change, and naturally look for new and better ways of doing things. This manager will likely assume responsibility for decision-making and look to upper management for the financial support and latitude to achieve innovative outcomes.

MODERATE RISK MANAGER – This manager is willing to take calculated risks and recognizes that he or she may forego major innovations when the potential for success seems slim. He or she will likely encourage employees to keep their eye out for opportunities and allow latitude for deviations from policy or process, but feel more comfortable if the employees discuss anything beyond minor risks with him or her before moving forward. This manager is likely to forgive minor missteps as a result of innovative activities, but large-scale mistakes would not be expected or accepted without repercussions. Employees that will thrive in this environment are those who appreciate the opportunity to be creative, but prefer to defer to managers when greater risks are apparent. This manager will likely involve upper management before taking action on riskier decisions in the same way he or she expects to be involved in these decisions with his or her direct reports.

It is important for managers to recognize that the way that they approach risk in their business unit and the value they place on innovation must be in alignment. A manager cannot expect to play it completely safe and also generate large-scale innovations. How employees are rewarded (and punished) influences the way that they approach problems and their willingness to try new things.

There is no “right” way, as each approach has its own benefits and drawbacks. High risk managers are probably not well suited for managing nuclear power plants. High risk avoiders are probably not well suited for working on Wall Street. A moderate approach is not a silver bullet compromise either. Small incremental changes may be great in a large bureaucracy, but equally harmful if the next great innovation would be missed because it appeared too risky on the surface.

Programme Risk Management

 If you have approached your project or programme well, you will have developed a Risk Plan/Strategy document. Risk needs to be proactively managed, as opposed to allowing it to manage you and the environment around you.

Many people are afraid of risk management and some Project and Programme Managers are often reluctant to publicise risk to executive management. The reality is that things change, assumptions become false, expectations are not met and suddenly you can find yourself facing a very different looking environment.  For a risk plan to really help (and play its role) it needs to be accompanied by a ‘proactive’ approach by applying Risk Avoidance, Transference, Mitigation and Acceptance.

Most well run organisations will have risk managed at four distinct levels which are;

  • Corporate or Strategic
  • Programme
  • Project
  • Operational

To do this effectively, a framework for managing risk needs to be designed and implemented to address the following list of 9 hows:

  1. how risks are identified;
  2. how information about their probability and potential impact is addressed;
  3. how risks are quantified;
  4. how options to deal with them are identified;
  5. how decisions on risk management are made;
  6. how all these decisions are implemented;
  7. how actions are evaluated for their effectiveness;
  8. how appropriate communication mechanisms are set up and supported;
  9. how stakeholders are engaged on an ongoing basis

But this is just the beginning because it’s all very well having a thorough framework documented and sitting pretty on the shelf with a tick in the box, but risk management needs to instilled within the people of the organisation. A healthy culture of risk management needs to exist and for this to happen, everyone involved needs help in appreciating and understanding risk within the organisation.

This often requires sponsorship from the top down and if leaders at the corporate level understand this too, they will take the time to ensure that risk is taken seriously and subsequently managed well. Setting up a good risk culture is a real challenge and the UK OGC suggests that it involves at least the following:

  • strategic planning;
  • legal requirements;
  • agreements and contracts;
  • communication techniques and information management;
  • staff matters, including how staff can be motivated and involved;
  • education opportunities and continual professional development;
  • continuous improvement and/or analytical techniques;
  • how the organisation is monitored and evaluated;
  • resource management, including equal opportunities and delegation.

The subject of risk management is vast and if you need help with some guidelines for a framework, a great place to start is the OGC’s Guidelines for Managing Risk.

More detail can also be found in the following publications:

Managing Successful Programmes
OGC Management of Risk Guidelines
OGC’s Achieving Excellence Guides
Management of Risk : Practitioner guide
Some if not all of these can be purchased from the TSO in London.

If you need a list of generic pain points that risk management will address to support your case for better risk management within your organisation, you could start with these:

  • increased certainty and fewer surprises;
  • better service delivery;
  • more effective management of change;
  • more efficient se of resources;
  • better management at all levels through improved decision making;
  • reduced waste and fraud and better value for money;
  • innovation;
  • management of contingent and maintenance activities.

To build your case, don’t forget the more specific pains that your organisation is already suffering.

I read an interesting article about risk and opportunity in the aerospace industry. Whilst PMBOK considers risk as both negative and positive, the folk in aerospace consider risk as negative and opportunity as positive. Good risk management is not about fear of failure, but removing barriers to success.

After all, project and programme management is success oriented, focused on producing products and services for customers. When the success orientation is combined with risk management, opportunity management emerges, which is the identification of opportunities to help attain project goals, and the identification and implementation of actions to capture those opportunities.

Below are the keys to success taken from a Space Risk Management Symposium. Whilst their view on risk is slightly different from others, the points are not rocket science and can help most people who are responsible for complex projects or programmes.

  • Sound risk and opportunity management cannot save a poorly planned program with bad processes;
  • Prevent the competition between risks and opportunities;
  • Prevent unhealthy competition between teams;
  • Risk and opportunity management provide diminishing returns if overused;
  • The costs of pursuing opportunities and managing risks must be weighed against the expected benefits;
  • An environment should be created to encourage risk and opportunity management;
  • Risks and opportunities are not just normal variations in plan;
  • Recognise the difference between risks and opportunities;
  • Opportunities are not ‘positive risks’.

No matter where you sit within the organisation, if you see that risk is not being appropriately addressed, take the initiative, pluck up the courage and set out to facilitate some change. Remember that managing risk is the alternative to being managed by risk.

How to Define a Risk Management Consultant and Their Work

Risk management consultants are experts, who are hired on part time basis in order to help solve problems. In a financial services business, risk management includes assessing and quantifying business risks and taking actions to control or diminish them. Risk management often is a part of the observance function, but may also be a part of precise business units, such as securities trading desks or loan instigation departments.

Risk management is apprehensive with identifying and computing the risks faced by the firm. Risk managers can either be generalists, who cover several diverse areas or specialists, who deliberate on a single one. Within the financial services commerce, the major categories of risk consist of, but are not limited to, defaults on loans unmitigated by the firms, losses on securities stocks held by traders, losses on speculation securities held for the bank account of the firm, counter party risk which, happens when another financial is failing in its obligations to yours etc.

Risk-management consultants identify, characterize and assess the threats which are a business is facing. They also assess the susceptibility of critical assets to specific threats and determine the danger that is the expected consequences of precise types of attacks on specific assets. One of their major tasks is to identify different ways to reduce those risks and prioritize risk reduction measures, based on an approach, especially designed to tackle the confronting risks.

Risk-management personnel enlarge, put into practice and make obligatory all the rules and procedures, designed to alleviate these risks. For example, the value of inventory held by a securities trader might be strictly restricted.

Risk-management personnel also make use of various financial instruments and contracts to control risks, such as insurance, swaps, derivatives, futures contracts and options contracts. These options make the risk managers bring all their terminologies and techniques into practice.

Risk management is a critical function, and thus, has an enormous deal of inherent job satisfaction. Furthermore, positions in this area of practice are well-paid and well-respected, whereas, the work can be fast-paced and motivating.

The disadvantage of working in such a significant field is that the demands of the job can become overwhelming in unstable periods for the industry or the firm, when substantial decisions may have to be made on a short notice. Also, the “policeman” aspect of risk-management can create a disagreeable adversarial association with some categories of producers, especially securities traders.

Applying Collective Intelligence in Risk Management

I was reading a risk management blog today and was very impressed with the technical article covering various aspects of solvency and valuation of insurance industry. As I was reading it, my mind analyzed the information with respect to various laws, sections, cases etc. After finishing reading it, I took a breath and thought- “I actually felt like referring to various books to understand the article, will a regular business operation employee actually understand it?” This resulted in a depressing thought- “I do the same, to show my knowledge; I mention sections and case laws of various acts which leave business people stumped.” Well, in my defense I will say, it gives a heightened sense of satisfaction and success.

Somewhere I feel risk managers ( referred to as RM) are having their cake and eating it to. The primary responsibility of managing risks is of business operation team. The RM’s role is of a support function, a facilitator to the business. The business managers are not being provided with the necessary information, knowledge and tools to proactively manage their risks. Let me explain why I am making this statement.

In their role as auditors, they are focused on what went wrong in the past rather than equip the business managers to how to deal with the future. It is a feedback rather than feed-forward system working. The other aspect is that they in their role as advisors issue guidelines and policies without the complete involvement of the business people.

Scenario 1: Let me take a scenario here of implementation of information assurance policies. The RM will discuss the overall requirement with the business managers, prepare the policy, take feedback regarding it and then issue the final policy. Then they will tell business users to implement it. Since in quite a few areas implementation may not be possible, exceptions will be granted to the business users. In nutshell, around 75% of the policy only will be implemented.

In both these roles the involvement of business operations team is minimal at the commencement of the project. They are expected to implement the recommendations.

Considering the above mentioned short comings in the above mentioned approach, I wished to explore the concept of collective intelligence and its applicability to risk management functions.

As a first step, let us understand the nature of information and intelligence which risk managers require to conduct their jobs:

1) Organizational Intelligence– Information regarding processes, structure, culture and technology. These they normally get from the business managers through interviews and review of standard operating procedures.

2) Commercial Intelligence– Information regarding the external environment- customers, suppliers and competitors. This information they obtain from interviews with business managers, customers and suppliers. Other sources are various media and research reports published.

3) Technical Intelligence – Information regarding the various laws, acts, methodologies and tools applicable for risk management. RMs have the knowledge on how to conduct the risk management while using this information appropriately.

As can be seen business managers have more information and knowledge on two of the three intelligence capabilities required for conducting risk management. In a more collaborative approach the risk managers should be able to impart their skill specialization to the business managers effectively.

The question is how can this collaborative model work? Let me take the example again of preparing information assurance policies.

Scenario 2: In this scenario the RM puts up the objectives of preparing and implementing information assurance policies along with a table of contents and broad outline on the intranet. Now it is open to the employees to contribute and decide how it should be developed and implemented. The employees comment on what is applicable, how the process works, what are the bottlenecks and challenges, who should review it, how it should be implemented etc. The RM identifies the major contributors and meets them up to interview them. Based on the web interactions and meetings, the RM prepares a draft policy document and uploads it on the intranet. Again the employees are invited to review the same and provide feedback. After incorporating the feedback, the risk manager proceeds to obtain approval of the senior managers.

In this approach the RM has the buy in of the employees before the finalization of the policy. Hence, implementation will be easier since employees feel a sense of collective ownership and responsibility. This will enable adoption of information assurance polices as part of organization culture.

To further delve on the approach, I am adding the example which I read in “Collective Intelligence- Creating a Prosperous World of Peace” fore-worded by Yoachai Benkler and remixed by Hassam Masum. I have adapted the example “Three ways to storytelling” to the risk management function.

Three Ways of Story Telling- Risk Management Adaption

Let us formulate three societies for risk management: Red, Blue and Green. Each society has specific procedures on how to conduct and discuss risk management activities.

Red: In Red society hierarchical top down approach is followed. All the risk issues/ observations can be reported by the risk management department to the CXO’s. Business operation manager is required to go to their respective RMs to discuss their issues. A business process team member has to route their risk issue/ query through the business operation manager to the respective risk manager.

The senior management issues the guidelines, policies and reports to the business operation team. The business operation team members hear regarding the issues only from the senior management and implement accordingly. In this case, an employee’s understanding of risk issues is at an overall level controlled by the senior management. An employee’s perceptions and knowledge are based on the information provided to him/her by the seniors.

Blue: In Blue society again hierarchical top down approach is followed however with a slight difference. Here the business operation manager can bring up the risk issues directly to the CXO’s attention. Then the risk management department and business operation manager work in collaboration to address the issue. In this case, a change agent from business operation team can be nominated to address the risk issue.

In this scenario, the business operation team members hear about the risks which senior managers, RMs and their elected change agents inform them about. The employee’s perception, knowledge and awareness on risk issues are governed by this select group. Though information is not controlled as in the completely top down approach of Red, it is controlled by the major key players in the business operation team.

Green: In Green society the approach adopted towards risk management is of collective intelligence. Business operation team members can put all their concerns, suggestions and problems regarding risk management on the intranet. The other team members including the risk members would discuss the same on intranet and meetings, to suggest a solution to the issue and mitigate the risk.

In this scenario, the business operation team members discuss the issues which concern them. There is no control from a senior manager regarding the topics to be discussed, and no permission is required for the same. The flow of information regarding risk management is through multiple channels- team members, business managers, RMs and CXO’s. The information which an employee has is extensive and he/she is well informed regarding the subject. The perceptions and awareness is built through multiple sources of information.

The problem with the collective intelligence approach can be that employees have extensive information and on what basis will they decide the relevance and applicability of the information. How will the risk management function operate? The adjacent diagram depicts the steps for using collective intelligence in risk management activities.

The main advantages of this approach are:

1) Risk management department generally faces the challenge of adoption of risk management practices by the business operation team. There are enough people who commence the process, but for implementation a significantly higher number need to be knowledgeable about the issue. This requires focused efforts of building awareness and training. The cost of training and implementation is subsequently quite high. With collective intelligence approach a significant mass of people are already aware and knowledgeable about the issue. Hence, cost and time of implementation is lower.

2) Whistle blowing is the only option which is allowed to employees to bring a critical issue to light. This has a lot of negative repercussions on the employee, management and organization. With open communication, the employees will be able to discuss the smallest issue of corruption, illegality and unethical behavior without hesitation. Risk of exposure will also inhibit employees from indulging in such practices.

3) The other aspect is that this approach fulfills the psychological needs of the employees. The approach provides a sense of ownership to the business operation team and this motivates them to implement risk solutions. The RM are adopting feed-forward system by guiding the business operation team into doing what is right in the future. Rather than focusing on providing a critique on what has been done wrong in the past.

4) This approach encourages innovation and adoption of new ideas. Employees are encouraged to do their own research and revert back with their feedback. They are not told on what they should research on. The diversity in thinking works effectively in providing better solutions.

5) Last but not the least, a sense of collaboration and cooperation exists between all the departments. It breaks down the walls which managers construct to work in silos.

Do you think this approach is worth adopting for risk management function? Presently, most organizations are adopting the Red and Blue society approaches to risk management. What according to you would be the inhibiting factors for applying collective intelligence for risk management of Green society?

Another point not to be missed is which I think might be the unconscious agenda when I started exploring this concept. It significantly reduces the work and responsibility of RMs. They can chill!

Sonia Jaspal is a risk management and corporate governance professional with +15 years of work experience. She is a Chartered Accountant from India, a Certified Internal Auditor from USA and has also cleared Certified Public Accountants examinations from Delaware state (USA)

Risk Management and Obesity

If you work in the medical field you are probably familiar with the phrase Risk Management. Outside of caring for the patients, risk management is perhaps the most important issue facing a medical practice today. In recent years, American’s of all ages have gotten heavier and health care professionals around the country seem to be struggling with obesity related risks. Managing these risks properly may prove to be the key in keeping a successful practice free of lawsuits.

Obesity can affect a medical practice in a number of ways. In order to protect itself from potential litigation, a medical practice needs to focus risk management efforts on creating a safe environment for patients of all sizes. The first step is creating awareness in the office. Talking to employees about the obesity epidemic is a good start. Statistics show that two out of three patients are obese and that number is expected to rise in the future. Encourage everyone working at the office to lead by example and cut down on their own unhealthy habits. Making sure the staff is trained in the correct methods for moving obese patients in the case of an emergency is also important.

Ask members of the staff to check for a maximum weight rating on all of the exam tables and waiting room furniture. Obese patients sometimes have limited mobility and may walk with the assistance of canes or walkers so thoroughly examine carpeting and other flooring in the office for signs of wear. Make sure that any loose wires or electrical cables are safely covered so as not to become a tripping hazard. If wheelchairs are present in the office, make sure that they are in proper working order and check for a maximum weight rating. Taking these steps will dramatically reduce risks in the office. Helping obese patients lose weight quickly and safely should also be a focus for risk management. The longer a patient is obese, the more at risk they are for developing other illnesses. Obesity has already been linked to osteoarthritis, type II diabetes, sleep apnea, certain types of cancer and a variety of other ailments.

Doctors everywhere know that do-it-yourself dieting and fad products do not work for the vast majority of their obese patients. Impressive new methods have been developed within the medical community to address the needs of millions of overweight American’s. Physicians are communicating with their obese patients about the scientific options for weight loss. The sheer number of options can be overwhelming and each has pros and cons associated with it. They range from meal planning with a dietitian and a customized exercise regimen with a personal trainer to prescription appetite suppressants or bariatric surgery. One of the more appealing options has come in the form of a comprehensive program offered by Smart for Life Weight Management Centers.

The Smart for Life Weight Management Program was developed and is administered by physicians. It has proven successful for thousands of patients because it focuses on helping them to change their eating habits for life. Instead of focusing only on weight loss, Smart for Life has added a weight maintenance portion for patients who reach their goal weight. By addressing the downfalls of other weight loss approaches, the Smart for Life team feels they have come up with a winning combination that will appeal to the masses.

Smart for Life has discovered the six most common reasons a person will fail on a diet. Many weight loss systems over the years have addressed one or more of these issues but Smart for Life is the first to have developed a system that addresses them all. A person might fail due to the following reasons:

1.) They are not losing weight fast enough to stay motivated

2.) They are too hungry to stay compliant with their nutrition plan

3.) They are not monitored on a regular basis and therefore do not feel accountable for their progress

4.) The nutrition plan they have been given is not convenient

5.) Their individual risk factors are not continually monitored by a medical professional.

6.) They are not including long term lifestyle change as a priority.

The Smart for Life Weight Management Program was designed to deal specifically with each of these items. Patients on the program see an average weight loss of twelve to fifteen pounds per month which helps them to stay motivated. To control hunger through the day, a patient will eat six specially formulated organic cookies. Each cookie is full of nutrients, amino acids and, fiber to naturally suppress hunger while supplying the body with the protein and healthy fats it needs to maintain energy. Going with an organic formula means that the cookies have a higher nutrient content, more protein and, no pesticides or chemicals. The dinner meal consists of six to eight ounces of healthy protein (some patients will consume additional protein during the day depending on their gender and unique nutritional needs) and two cups of vegetables.

Another aspect that is crucial to the program’s success is accountability. Each patient receives a one-on-one consultation with a physician, nurse practitioner or physicians assistant before starting. The consultation includes analysis of blood work BMI and an EKG. Appropriate long term and short term goals are also discussed. Most patients will also be put on vitamin and mineral supplements to ensure proper nutrition.

Accountability does not end there. Each week the patient comes in to have their weight, pulse and, blood pressure monitored. Every fourth week, the patient meets with one of the providers to discuss their progress. This cycle continues until the patient gets close to a healthy BMI. At that point, their caloric intake is increased and their exercise routine enhanced. Patients are weened off of the organic cookies and encouraged to continue eating six small healthy meals during the day. As part of weight maintenance, patients still come in to have their vital signs checked on a regular basis.

The cookies are a convenient meal form because they require little to no planning. A single package contains all six cookies needed for the day. Offered in a growing variety of flavors these cookies provide a safe and healthy alternative to prescription based appetite suppressants. With an average weight loss of twelve to fifteen pounds per month the Smart for Life Weight Management Program is comparable to bariatric surgeries without the associated health risks and co-morbidity rates.

From a risk management point of view, it makes sense for doctors, nurses and physicians assistants to refer their patients to programs like Smart for Life. Practitioners also need to make sure that they are adequately documenting their recommendations in these situations. There have been cases recently where doctors have been found at fault for not helping their obese patients to lose weight. In the case of Lawrence Smith’s family vs Doctor Franklin Price, a Cleveland internist, a jury leveled a $3.5 million judgment against Dr. Price for not doing enough to keep Lawrence Smith from developing coronary heart disease which led to a fatal heart attack. Through documenting appropriately medical professionals can avoid future accusations of “not doing enough to help” their obese patients.

Programs like Smart for Life can further lower the risk to primary care physicians, family practice physicians and OB/GYN practices by helping patients to lose weight before they develop weight related illnesses. More importantly, a program like Smart for Life helps patients keep excess weight from coming back which lowers longer term risks.

Risk management systems

Risk management systems are an integral part of running any business that identify and handle any risks that a company may face in the course of its growth. There are strategies to tackle risks and avoid failures and it is possible to prophesize what the threats are that may surface in the future. The idea is to detect the problems before they erupt and in doing so, many tools and methods come into play in the whole process of risk management.

Risk management gives companies the much needed time to rectify any errors and take precautionary steps before disaster strikes. There are many steps involved in achieving this ultimate goal like: identifying risks, analyzing them, reviewing the degree to which they may occur, understanding risks and how to react to them, and using methods to stop the risk from surfacing. The information technology revolution has completely revolutionized the way companies work, how governments operate and the manner in which national defense is conducted. These systems need to be protected at all costs from threats by hackers, corporate raiders, spies, and criminals, each with a vested motive and interest in challenging the technology for political and monetary gains.

Security risk management studies suggest that risk is a fundamental metric in security management. Nothing is ever certain business and how much the risk is likely to be is based on the possibility that an unwanted event will happen which will have a certain impact on the business. Thus appropriate controls need to be put at the right places to help contain this impact and protect the business. Trying to do away with all business-related risks is never a sound business decision when analyzed from the point of view of costs. Security risk management is in sync with the way business executives take decisions because it allows security managers to communicate in a way that makes sense to decision makers. Using risk management tools also helps security personnel to stay in touch with business goals instead of simply concentrating on destroying any threat as soon as it raises its ugly head.

On the other hand however, decision makers may get too used to accepting threats and might even try to make a business case justifying their need to protect against some development that might not have happened yet. Security risk reduction is basically guesswork and can never be measured accurately since the impact of what will happen in the future depends on certain variables that are themselves dependent on unknown motives and resources operating from not known locations at unknown times. Assessing a risk is not only difficult but also not too effective since the quantitative costs pertaining to an incident cannot be accurately determined. Moreover, a risk assessment that had been made on a previous day may produce quite different results when performed the following day because risks are known to evolve over a period of time.

Risk Management for Management Risk

Basic Project Management (PM) disciplines involve detailed planning, execution and control of a project until objectives have been satisfied. In the course of doing business though, unknown unknowns and potential known risks can affect project outcomes. Early identification of these risks helps reduce mitigation costs downstream.

The responsibility shouldered by the manager for the successful execution of the project is often times both exhilarating and sometimes daunting. The manager has to depend on his/her team to identify, assess and prioritize risks to determine mitigating actions to take, if any. In a perfect world, all team members understand the mission and are proactively working to execute the project demands and identify potential risks.

Usually, good project management involves embedding some schedule margin into the plan to tackle unforeseen events without jeopardizing the end commitment date given to a customer AND also allocating a percentage of the total budget, called Management Reserve (MR), to handle these situations. This is a standard Project Management 101 principle. Practicing these tenets in the planning stages should yield optimum, effective and efficient processes.

Process executions however, involve people. How motivated and cohesive is the team? Is management using capital assets efficiently? Is the PM tapping into ALL available human capital to reap the most efficiency? Are team members motivated to perform their very best or are they literally “punching the clock” to ensure a paycheck?

Many surveys indicate that the majority of the workforce (>50%) would change jobs if they could. WOW! Other surveys indicate that billions of dollars are squandered in the workplace by lack of productivity with such tactics as Parkinson’s Law (work expands to fill the time available for its completion), lack of engagement or a litany of other reasons.

If the economy were better the biggest management risk would in fact be management itself. The standard view of management risk being process, environmental or technology related no longer has the same level of importance; it is management itself that is the risk.

This management risk is the source of ineffective, destructive and underperforming management. Do the leaders of today have the culture, emotional intelligence, tact, knowledge, humility and self-confidence to lead the projects and organizations of tomorrow? Who is addressing this management risk? I have witnessed many who would never want a job, or promotion, because of superiors that were insecure, disrespectful, egotistical and rude. These “higher ups” personal insecurities were masked by overbearing “down your throat”, “throw you under the bus” type of approach that was enabled by their ability to command authority and assert their “positional” power. This is an extreme example that involves negative aspects of an “active” management risk. On the other extreme, passive management risk is just as damaging where a lack of involvement, uncaring attitudes, uncommitted behaviors and lackadaisical leadership styles undermine the organizations’ full potential. In reality, there are gradients to these examples that will directly relate to the total management risk equation.

Is management squelching initiative, innovation, performance and loyalty? Yes, it is happening. Employees are withholding ideas and energy!

Training and sincere “walk-the-talk” leadership that models the perceived “talk-the-talk” rhetoric begins to tap into the psyche of human capital’s full potential, the intellect and desire.

In better economic times you want your organization poised and ready to reap the rewards. Managers who have a reluctant team today may find themselves dealing with high turnover rates in the future. Managers who have positional power but have not earned “referent power (power of an individual over a team based on a high level of respect, admiration, identification and desire to follow)” may be shortchanging efficiency gains today and could just be your greatest management risk tomorrow.

Can Risk Be Positive Or Should it Be Left to Chance?

Companies of every size and shape face a range of risks affecting the achievement of their objectives. With the globalisation of supply chains, in particular in the pharmaceuticals, electronics and food industries, there are a plethora of examples of where inadequate risk procedures have led to unfortunate outcomes. While “risk” is commonly regarded as negative (versus “chance” which has positive connotations), Risk Management should be as much about exploiting potential opportunities as preventing potential problems. BS 31100 is a relatively new framework to help companies to understand, develop, implement and maintain effective Risk Management in order to enhance an organisation’s likelihood of successfully achieving its objectives. My message to the senior managers in businesses considering whether to go down the BS 31100 code of practice route, or approach Risk Management through chance, is to encourage them to embrace this discipline in a personal way and involve it as part of everyday thinking. Put simply, Risk Management is an essential part of good management, not something to be left to chance.

Process risks

If we are considering an evaluation of process risks, a basic logic might tell us that if all the inputs are controlled and the process is fixed then surely the outputs should follow as expected. Here elimination of risk is about process control. However, there’s a danger of looking at elements of a business individually, applying targets to isolated areas and addressing them piecemeal so that the best that might happen is a box ticked in one area, and the worst is a stultifying of services, function (and, naturally, profit) in other areas. A major headline in 2008 exemplifying this was “A&E patients left in ambulances so trusts can meet government targets”. People were kept in ambulances outside hospitals for hours and not allowed in until they could be treated in A&E within four hours in line with a Labour pledge. The hold-ups meant that ambulances were not available to answer fresh 999 calls. Putting boxes around the separate areas of the customers’ experiences overlooks the vital interconnections that are needed to help the organisation thrive. In contrast we can look at Process Capability: how the process will make the situation better with an enhanced customer experience; how negative risk can be minimised and not become mired down in ever deepening levels of disciplines. In summary – avoid targets!!

I’d draw a parallel with the natural world. In Nature it is well understood that systems are a sum of interdependent parts and influences, and that to alter one of them in (so-called) isolation is in fact to create an imbalance which could have catastrophic effects.

People risks

Risk Management also concerns itself with people risks. It might seem rational to set the workforce fiscal targets to achieve. However, providing clear targets, goals, timetables and reward systems in the banking system has brought about the most serious recession in living memory. This is because processes rely on people relationships: people buy from people: profit comes from people: we need people’s co-operation for a business to thrive. Even with such clear pointers, companies big and small alike make the mistake of paying too close attention to financial targets at the expense of relationships all along the supply chain. This is an even more grave error in times of recession when relationships need to be nurtured as customers all through the Value Chain continue to make emotion based decisions.

One such major company is Toyota, about which Professor H Thomas Johnson of Portland State University commented “The reversal of Toyota’s fortunes in the past decade suggests that many of its top managers lost the habit of thought that caused the company to act like a living system”. Instead of nurturing relationships, a policy of driving people to meet financial targets was followed. The result? After 50 years of profits, Toyota has recorded annual losses in the last 2 years.

I have had recent experiences of companies using various Lean or Process techniques to reduce costs, with reduction of employee costs the highest focus. Not surprisingly motivation was nowhere to be seen and targets and goals were everywhere. For me, at the heart of risk management are Process Capability and People Motivation as two sides of the same coin. Our business chains are a living system not a grouping of individual activities. Process Capability and People Motivation must be first focussed to Customer Benefit, not short term unrelated financial targets. I hope I have demonstrated that Risk Management should be a key part of a Chief Executive’s life. I’ll happily repeat that risk management is an essential part of good management. At MA Consulting International we can support businesses through auditing, coaching and mentoring in the field of Risk Management and have on board a team of knowledgeable practitioners.

A Career In Health And Safety Management


It is the responsibility of the Health and Safety Manager to ensure the safety of everyone who enters the company’s premises. They are solely responsible for the implementation and ensuring that all the safety regulations are followed. For example, if a plant manufactures a hazardous material, then as a health and safety manager, they are responsible to ensure the safety of the workers by asking them to wear facemasks, goggles and protective clothing. If it is an office, then they are required to maintain safety by assuring that all desk drawers and file cabinets are closed, spills cleaned up and signs posted.

One of the major roles of the Health and Safety Manager is to schedule routine fire drills and also assure that each department designates a person to act as a monitor. They may also have to walk the floor regularly, to check for any violations and also to rectify any problems. The Health and Safety Manager is designated to handle the issues related to illness that may result due to unsafe working conditions. They are basically responsible for the implementation, application and maintenance of value, decision and risk management tools, procedures and techniques.


To undertake the role of a Health and Safety Manager, you have to acquire a college or university degree and gain several years of experience. Education is an ongoing process and must be upgraded, as new safety products enter the market regularly.

A Health and Safety professional’s responsibility is to ensure that all the fire extinguishers are in safe and working condition and that everyone knows how to find and use them. In many companies, the manager recruits new employees and also guides them with the instructions on conduct and about existing safety measures.

Job Prospects

You can also work as an Environmental Health and Safety manager in a manufacturing unit, where selection is based on education or internal promotion. The candidate would ideally need to have a degree in Industrial technology or a Business degree. But nowadays, as Environmental Degree programs have increased, candidates can find a job immediately after they complete their college education.

Protecting people, equipment and the environment is the primary motive of an Occupational Health and Safety Specialist. They are called Ergonomists, Occupational Health and Safety Inspectors, Industrial Hygienists and Environmental Protection Officers. They assist the company in creating safer and unpolluted processes. These Health and Safety Specialists scrutinize the data collected by the technicians and then improve them to protect the workers and the equipment.

The primary duty of the Health and Safety professional is to safeguard the workers and the company against the common workplace hazards. Such as:

o Injury caused from biological and chemical agents

o Protection from accidents caused by heavy metals

o Electricity hazards