Let's talk risk

Risk management is all about conversations, conversations in risk. At AndersonRisk it is one of our objectives to be active in lots of risk conversations, whether it is at conferences, ad hoc meetings or deep client assignments. Our passion is to bring you the latest in risk management thinking, and to engage in discussion with you. Feel free to take part in the discussion.   All contributions welcome! [Blog posts]
  • Dec
    09

    Fish Rot from the Head – moving to risk culture

    Below is the text of a speech I recently gave at a private dinner, where I was exploring the future of risk management – as you might guess, I am focussing on risk culture. If you would like to join me on this exploration, do let me know! Fish rot from the head – the establishment view of corporate governance Ladies and Gentlemen, I am delighted to have this opportunity to talk to you this evening. I know that you have been talking [...]
  • Jul
    20

    ALERT: FRC publishes long awaited guidance on culture – missed opportunity

    The Financial Reporting Council (“FRC”) has published its report on culture: Corporate Culture and the Role of the Board – Report of Observations For a very long time I have argued that culture is at the heart of governance and in particular risk management. So nobody could be more delighted than me that the FRC has picked up the challenge of culture in our economy. The references to culture in the Guidance for Directors on internal control and risk management was one of the [...]
  • Mar
    16

    “Fear is key to winning Brexit votes”

    Such was the headline in The Times on 15 March 2016. Apparently Sir Lynton Crosby appeared to be urging both sides to rely on the messages of fear. But for ages now the headlines have told us the the “outers” are “livid” about the so-called “scare stories” being put out by the “inners”. This is little more than a big game of risk management chicken… However, anyone with just a smidgen of risk training would know about the three types of risk articulated by John [...]
  • Feb
    24

    Risk Culture: the elusive barrier to future success

      A great organisational culture is the product of past successes, but is no guarantee of future glories in a changing world. The risk culture is the elusive barrier to future success. Balancing the two is fundamental to long term survival and building resilient value for stakeholders. Organisations are being told to “manage” their risk culture. This sounds fine in theory, but when it comes to taking action, very few organisations are even able to make a start, let alone manage their risk [...]
  • Jan
    25

    Perfect place arrogance

    People often ask me what I think is the single most important outcome of risk management. At the end of the day is has to be the ability of risk managers (which can include plenty of people who are not formally risk managers) to be the disruptive intelligence that pierces perfect place arrogance. In other words, can you speak truth to management? Could you be the little boy in the story of the emperor’s new clothes? Could you burst the bubble – not gratuitously, [...]
  • Jan
    19

    Strategic risk is rising to the top of the agenda

    Risk management is finally coming of age as boards focus increasingly on strategic risk. In part driven by the FRC’s guidance for directors, and in part driven by sheer common sense, directors are looking more at their strategic risks and less at some of the operational risks. This is not to say that OpRisk is not important: it is. But long term sustainability is more likely to be driven by managing the strategic risks that are the basis of creating and protecting long term value. [...]
  • Dec
    01

    Risk management is really simple… Really?

    There is a school of thought that says that risk management is really simple. I happen to disagree. I think risk management is really complicated, but we need to find simple ways of conveying the messages. Sometimes I think that we over simplify it with three by three matrices that really mean nothing at all. We are going to have to find and develop much better presentational methods to enable better discussion of risk in organisations. In the meantime, let’s not think that risk management [...]
  • Nov
    16

    Talking about risk culture

    I have blogged a lot about organisational and risk culture recently, and I have also made available a downloadable version of my recent bolgs on the subject (see here where you will find a couple of documents as free downloads). Anyway, I know not everyone has time to read all of that material, so I thought you might be interested to see a very short video of me talking about [...]
  • Nov
    11

    A risk manifesto

    Ask not what you can do for the board, but rather ask what the board can do for you… We are all attuned to the requests that the board makes of risk professionals, but I was asked recently, what should we be asking for from the board. My response was as follows: In the context that risk management can make a significant difference to the creation of a  sustainable organisation over the long term, I developed a risk manifesto setting out what I [...]
  • Nov
    10

    Two styles of risk management

    On the one hand we see a bunch of organisations who are pursuing risk management because they have to: those that are quoted and are subject to regulation and guidance put out by the FRC and similar organisations around the world. The regulation is getting better and better, and in the case of the FRC is really pretty much world class in my mind. But on the other hand there is an even more interesting bucnh of companies who are typically not subject [...]
  • Nov
    01

    Regulators talk culture

    “Culture is something I last heard about in a petri dish when I was studying O-level biology” I was once talking to the managing director of an insurance broking firm in London: “Culture” he said, “culture [and he really did repeat the word for emphasis] is something I last heard about in a petri dish when I was studying O-level biology.” Well I guess he has heard a lot, lot more about it since then. The Financial Conduct Authority (the “FCA”) “bang on” [...]
  • Oct
    22

    Risk Reimagined agenda – downloadable pdf

    We are pleased to make the agenda for Risk Reimagined! available as a downloadable pdf. Click on the link to download a copy. RiskReimaginedAgenda Any questions to either Richard or Norman here.
  • Oct
    21

    Risk Directors

    My motto: risk management should be the disruptive intelligence that pierces perfect-place arrogance The proliferation of non executive directors and the quantities of them has probably been one of the great advances in the way our companies operate over the last thirty years. It is now common for boards to appoint people with a wide range of professional disciplines as non-executive directors: accountants, marketeers, HR professionals. All of these are pretty much two-a-penny at non-executive level and can be found widely represented on the [...]
  • Oct
    19

    Part 5: Conclusions

    In this series of five articles, we have explored the importance of risk culture, distinguished the risk culture from the organisational culture, looked at the drivers for good and bad cultures, discussed the measurement of culture, looked at the symptoms of a sickly risk culture and now we are drawing some conclusions. Links to the other articles in the series can be found at the foot of this page. In this series of articles, I have looked at the background of 300 years of failure, the [...]
  • Oct
    19

    Part 4: Signs of problems

    In this series of five articles, we are exploring the importance of risk culture, distinguishing the risk culture from the organisational culture, looking at the drivers for good and bad cultures, discussing the measurement of culture, looking at the symptoms of a sickly risk culture and drawing some conclusions. Links to the other articles in the series can be found at the foot of this page. In part three of this series I looked at some of the issues associated with measuring your culture. In this [...]
  • Oct
    19

    Part 3: Measuring your culture

    In this series of five articles, we are exploring the importance of risk culture, distinguishing the risk culture from the organisational culture, looking at the drivers for good and bad cultures, discussing the measurement of culture, looking at the symptoms of a sickly risk culture and drawing some conclusions. Links to the other articles in the series can be found at the foot of this page. In Long Term versus Short Term I suggested that there were major drivers pushing organisations towards a short-termist view but [...]
  • Oct
    19

    Part 2: Long term versus short term

    In this series of five articles, we are exploring the importance of risk culture, distinguishing the risk culture from the organisational culture, looking at the drivers for good and bad cultures, discussing the measurement of culture, looking at the symptoms of a sickly risk culture and drawing some conclusions. Links to the other articles in the series can be found at the foot of this page. In 300 years of failure: organisational and risk cultures, I expressed the hope that risk culture (as distinct from organisational [...]
  • Oct
    19

    Part 1: 300 Years of Failure: Organisational and Risk Cultures

    In this series of five articles, we will explore the importance of risk culture, distinguish the risk culture from the organisational culture, look at the drivers for good and bad cultures, discuss the measurement of culture, look at the symptoms of a sickly risk culture and draw some conclusions. Links to the other articles in the series can be found at the foot of this page. Name a corporate crisis, any corporate crisis, any from that massive wall of shame that starts in the dim and [...]
  • Oct
    15

    Banking on a Risk Culture

    “For all the tin you have bought, for all the tricks of the trade, for all the steps you have taken, if you have “done” Cyber Risk without fixing the culture AND the risk culture, then you have not “done” Cyber Risk… Likewise Conduct Risk, or Credit Risk, or any other Risk… Get the culture AND the risk culture right, and only then can the rest come good.” Take a regulator – any regulator – and they will tell you precisely what interests [...]
  • Oct
    08

    LAUNCHED: Risk Reimagined!

    SAVE THE DATE: November 10, 2015 in Chicago     As trailed before on AndersonRisk, on November 10, Richard Anderson, the former Chairman of the Institute of Risk Management, and Norman Marks, the well-known risk management evangelist and author, are launching their series of Conversations in Risk under the banner of Risk Reimagined! These full day conversations will be an opportunity to listen to Richard and Norman: two of the most exciting innovators in risk management today sharing their thinking, their experiences and what they have learned [...]
  • Sep
    28

    Volkswagen – talking risk at the water cooler

    The failure at VW to consider today the impact of today’s decisions on tomorrow was available for all to see, if only they knew where and how I have written elsewhere about what I think might have gone wrong at Volkswagen. In particular I wrote about risk appetite and risk culture. So let me just tell you what I would have done about the risk culture, if I had been asked… Indeed, what I would do today, were Mr Müller to ask [...]
  • Sep
    28

    Volkswagen – whistling in the wind?

    Trust will only be re-established when VW reconnects to its espoused values and shows that it means what it says. Until then, efforts to rebuild trust will be little more than whistling in the wind. When I bought a new car earlier this year (Ford, before you ask, but manufactured in Germany), the sales rep told me to ignore the fuel consumption figures, because everyone knows they have no relationship with driving in real life. This is a game that has been played [...]
  • Aug
    31

    Risk Reimagined! Hold the Date

    I have written before about my world lecture tour. I am delighted to say that I am making some great progress. The name has morphed from “Innovations in Risk” to “Risk Reimagined!” because that is what people will have to do if they truly want to make risk management work for their organisations. First of all I am delighted to announce that Norman Marks will be joining me in hosting the conversations. I could not be more pleased! Anyone who knows Norman knows that he [...]
  • Jun
    16

    UPDATE: Innovation in Risk

    By definition the contents of my Innovation in Risk tour around the world’s business centres will vary each time, because I will continue learning and sharing as I go. However, topics will include: Why do we engage with risk? What is it that makes us humans interested in risk, and why do so many of us take different views of exactly the same risks? How do we balance off our inherent risk aversion with our inherent need to take risks? And what about the incentives [...]
  • Jun
    14

    Innovation in Risk

    I am really excited to announce my latest initiative. One of the things that has inspired me over the last few years has been speaking at events around the world. In the last 24 months or so I have worked with clients and spoken about risk in Denver, Dublin, Dammam, Jeddah, Athens, Dubai, Malta, Scottsdale, Bogota, Birmingham, London (many times) and Center Parcs, Milton Keynes. I have learned a lot from working with clients and talking with attendees at conferences around the world. Finding out [...]
  • May
    14

    Risk Conversations in Practice

    Who hasn’t heard the expression: red sky at night, shepherd’s delight; red sky in the morning, shepherd’s warning? Perhaps that was the first Risk Conversation. But today we have moved on from superstition and heuristics to a more fundamental need to understand and manage our existence into the future. This is why anyone who has heard me speaking in public recently will have heard me talk about an approach to understanding risk culture that I am calling Risk Conversations. I have been really excited [...]
  • Mar
    14

    Second Line reviews

    I find myself being asked more and more to undertake reviews of risk processes. What some (who don’t know my views on the Three Lines of Defence) might call “second line reviews”. I always enjoy these reviews because they almost always get to the heart of three of my favourite subjects: The interaction between governance and risk (in other words board composition, board interest in risk and the board’s ability to engage with risk); Risk appetite (in my terms creating a “fight or flight” response [...]
  • Sep
    17

    New “Guidance on Risk Management, Internal Control and Related Financial and Business Reporting” from the Financial Reporting Council

    New “Guidance on Risk Management, Internal Control and Related Financial and Business Reporting” from the Financial Reporting Council After much turmoil in our economy, and many, many months, if not years of consultation, the long awaited guidance on risk management (and all the rest of the things included in its snappy title) from the FRC was published last night (16/17 September 2014). And – I never thought that I would write this – it was well worth the wait. This document is miles ahead of the [...]
  • Aug
    05

    Hidden Consequences of Failure

    Company failure is more than the end of a business. The more established a business and the more people that are involved, the more consequences there may be. There may be an instinct to push through if a company is doing badly but this can be riskier than leaders realise. When something goes wrong there is a tendency lay blame. The finger may be pointed at anyone involved in advising the company as well as those within it. Company Directors are particularly liable. It is [...]
  • Aug
    02

    Risk immaturity

    At the recent IIA International Conference I gave a talk about complexity in 21st Century Organisations. In the course of my presentation I asked two questions: Do you have a risk appetite framework? And Have you done anything to review your risk culture? I was extremely disappointed with the response. a mere handful of people put their hands up in response to either question. Even taking into account that many people came from cultures where audience participation is anathema, and even given the natural risk [...]
  • Aug
    01

    Directors’ remuneration – Justification and transparency

    Director remuneration has been scrutinised in recent times. Large pay packets can seem very out of place in a tight economy. This feature looks at the need for transparency and justification around how directors are being paid. It is important to be clear who deserves what and why. The main parties watching the remuneration figures are the media, the public, and company shareholders. Our experts discuss the issue of accountability and look at changes in reporting systems. They give their opinions on the way remuneration [...]
  • Jul
    24

    Leapfrogging through risk management

    Travelling through Heathrow’s brand new Terminal 2 reminded me of a client who said that the second time his warehouse burned down, they managed the disaster very well. Except of course that BAA have not had a second disaster with the new terminal. They learned their lessons at T5 and had I not been flying with Avianca or with one or two other airlines with a comparatively small presence in London, I would not have been going through T2. The experience was a positive pleasure, [...]
  • Jul
    24

    Risk management: boards guided by naïfs?

    A short while ago, I attended the very successful international conference of the Institute of Internal Auditors (“IIA”). They had a great range of speakers from Alastair Campbell, talking about dealing with disasters in government (of which he says there were five in the Blair years), Michael Woodford talking about Olympus and Professor Mervyn King talking about Integrated Reporting. There was also an introduction to the idea of Integrated Reporting and sustainability from HRH Prince Charles. It seems to me that there are some [...]
  • Jul
    24

    A time to mourn

    Like everyone else, I have watched the shooting down of the Malaysian Airlines airplane over Eastern Ukraine with incredible sadness. Sadness compounded by the ensuing name calling and evidently flimsy excuses out of Russia and the more than pathetic name calling between European capitals. I was also shocked to read a LinkedIn article penned by some consultant bemoaning the risk management failures.There is a time for lessons. Right now is the time for mourning. My heart aches for parents, families, friends and neighbours whose lives [...]
  • Jul
    20

    Race Against the Machine Intelligence – the rise of cognitive computers & AI

    According to experts from MIT we are now seeing the rise of cognitive computers & artificial intelligence that can ‘think’ like a person. This briefing looks at what machine intelligence means for society. Humans and machines have different things to offer the world but how easy is this to distinguish? It would seem that long as we stay a step ahead and recognise where problems may arise then there are many reasons to be excited about the future. From a risk perspective, business leaders and [...]
  • Jul
    15

    The Connected Economy is a connection revolution

    The Connected Economy has come about because of incredible developments in computer technology. These innovations are drastically changing the business world. There is a new emphasis on connecting with each other and building relationships. Our experts explain the Connected Economy and give their views on the changing paradigms for success. As you watch these videos, it would be worth thinking about the risk implications of the massive disruption which is heading our way – and probably specifically your way – as experts predict that every industry [...]