The role of 'worst practices' in agile risk management
In the ever-expanding universe of enterprise risk controls,
management continuously has a dialog on best practices, which are either
recommended by an expert, an organization or adapted from a best-in-class
company. The attention to best practices results in risk management processes
that are sterile, repetitive, and visible. This predictable development
adds nothing new to the business, as you are walking in another person,
company or organisations footsteps.
Another bold approach could be to focus
on 'worst practices' where you want to survey areas, none have been before.
Such focus can create insights where others have not treated the risk
management issues and components. These unknowns can become relevant and
applicable to the company's risk assessment and could perhaps provide
an improvement or new thinking to traditional risk management.
Focus on 'worst practices' can provide interesting details on the what
and the why something went wrong. There is an apparently endless number
of screw-ups or scandals, due to stubborn stupidity characterized by management
or corporate actions.
Management errors, categorized as 'worst practices' create major risk
One of the flaws in 'best practices' is that 'never make a mistake' is
a requirement. Errors, on the other hand, are necessary to promote the
required level of entrepreneurial spirit in risk management. Mistakes
and errors if properly managed can promote innovation in risk management
and contribute to better business development.
In any risk assessment meeting, there is always a participant that other
members look up to for advice and guidance. The manager who has all the
answers and can explain everything. These rising stars or risk gurus lay
the tone-at-the-top and provide both engagement, influence, and advice.
However, these gurus are not always right. Sometimes they are wrong. However,
the child in you must stand up and say 'the guru has no clothes on' before
their risk guidance leads the company down the path of dire consequences.
From Best practice to Worst Practice
The Tesco Accounting Scandal (2014) was a failure risk management when
Tesco shocked the markets with an announcement that the profits for the
previous six months were at least £250-million pounds lower.
In 2015, the board of Petrobras of Brazil replaced the entire management
team to amend the lasting impact of a major corruption scandal. Th scandal
created serious implications for both Petrobras' and Brazil's reputation.
When details of "Operation Car Wash," came to come to light, more than
two dozen executives from six large construction companies were arrested.
They inflated bids for Petrobras contracts and paid bribes to members
of parliament.
Therefore never allow strategic planning and risk management to be the
vehicles and tools to avoid problematic corporate or management behavior.
Studying it instead of deferring or ignoring
Doing nothing about a risk management component is often the problem.
Addressing the issue by referring the matter to the risk committee can
mean that the issue may not have a timely resolution in sight.
Hackers to be tolerated
In this current environment of excessive regulation from oversight authorities,
management often tends to criticize the efforts and requirements for disclosures
or understanding the real risks by demeaning behavior that underestimates
and sometimes even infuriates The Oversight Regulators
We forget that less than a decade ago the entire financial services division
and many big corporations was on the verge of collapse. In a world where
oversight has become a persistent regulator of risk management requires
knowledge to oversee every facet of risk activity to avoid a full-blown
disaster.
Still many directors and senior management view oversight and regulators
as hackers who must be tolerated because the disclosures are institutionalized.
They simply fill in the forms and check the box without cooperating, explaining,
or compromising in dealing with the real risk issues that is on the board
and management agenda.
Therefore investigate, document and avoid ignoring risk management components
when they mean trouble as part of your 'worst practices' approach. At
the hint of any impropriety, investigate and provide a full, prompt, and
honest risk report together with the usual set of recommendations that
must be followed-up.
A similar report was made for BP as part of an internal investigation.
The paper warned senior BP managers that the company repeatedly disregarded
safety and environmental rules and risked a serious accident if it did
not change its decision process and safety management. The cost to BP
for Deepwater Horizon oil spill was $13bn.
Therefore take a hard look at your company and the risk management challenges
it faces today. Join Risk Day for further inspiration and guidance.
http://www.riskability.org/2015/riskday/