Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X
Issue XI
Issue XII
Issue XIII
Issue XIV
Issue XV
Issue XVI
Issue XVII

click here to

Subscribe to our newsletter



To Unsubscribe click here

The role of 'worst practices' in agile risk management

In the ever-expanding universe of enterprise risk controls, management continuously has a dialog on best practices, which are either recommended by an expert, an organization or adapted from a best-in-class company. The attention to best practices results in risk management processes that are sterile, repetitive, and visible. This predictable development adds nothing new to the business, as you are walking in another person, company or organisations footsteps.



Another bold approach could be to focus on 'worst practices' where you want to survey areas, none have been before. Such focus can create insights where others have not treated the risk management issues and components. These unknowns can become relevant and applicable to the company's risk assessment and could perhaps provide an improvement or new thinking to traditional risk management.

Focus on 'worst practices' can provide interesting details on the what and the why something went wrong. There is an apparently endless number of screw-ups or scandals, due to stubborn stupidity characterized by management or corporate actions.

Management errors, categorized as 'worst practices' create major risk
One of the flaws in 'best practices' is that 'never make a mistake' is a requirement. Errors, on the other hand, are necessary to promote the required level of entrepreneurial spirit in risk management. Mistakes and errors if properly managed can promote innovation in risk management and contribute to better business development.

In any risk assessment meeting, there is always a participant that other members look up to for advice and guidance. The manager who has all the answers and can explain everything. These rising stars or risk gurus lay the tone-at-the-top and provide both engagement, influence, and advice. However, these gurus are not always right. Sometimes they are wrong. However, the child in you must stand up and say 'the guru has no clothes on' before their risk guidance leads the company down the path of dire consequences.

From Best practice to Worst Practice
The Tesco Accounting Scandal (2014) was a failure risk management when Tesco shocked the markets with an announcement that the profits for the previous six months were at least £250-million pounds lower.

In 2015, the board of Petrobras of Brazil replaced the entire management team to amend the lasting impact of a major corruption scandal. Th scandal created serious implications for both Petrobras' and Brazil's reputation. When details of "Operation Car Wash," came to come to light, more than two dozen executives from six large construction companies were arrested. They inflated bids for Petrobras contracts and paid bribes to members of parliament.

Therefore never allow strategic planning and risk management to be the vehicles and tools to avoid problematic corporate or management behavior.

Studying it instead of deferring or ignoring
Doing nothing about a risk management component is often the problem. Addressing the issue by referring the matter to the risk committee can mean that the issue may not have a timely resolution in sight.

Hackers to be tolerated
In this current environment of excessive regulation from oversight authorities, management often tends to criticize the efforts and requirements for disclosures or understanding the real risks by demeaning behavior that underestimates and sometimes even infuriates The Oversight Regulators

We forget that less than a decade ago the entire financial services division and many big corporations was on the verge of collapse. In a world where oversight has become a persistent regulator of risk management requires knowledge to oversee every facet of risk activity to avoid a full-blown disaster.

Still many directors and senior management view oversight and regulators as hackers who must be tolerated because the disclosures are institutionalized. They simply fill in the forms and check the box without cooperating, explaining, or compromising in dealing with the real risk issues that is on the board and management agenda.

Therefore investigate, document and avoid ignoring risk management components when they mean trouble as part of your 'worst practices' approach. At the hint of any impropriety, investigate and provide a full, prompt, and honest risk report together with the usual set of recommendations that must be followed-up.

A similar report was made for BP as part of an internal investigation. The paper warned senior BP managers that the company repeatedly disregarded safety and environmental rules and risked a serious accident if it did not change its decision process and safety management. The cost to BP for Deepwater Horizon oil spill was $13bn.

Therefore take a hard look at your company and the risk management challenges it faces today. Join Risk Day for further inspiration and guidance.
http://www.riskability.org/2015/riskday/