If Risk Management is to survive-thrive as a formal management discipline in 2017 and onwards, then

If Risk Management is to survive-thrive as a formal management discipline in 2017 and onwards, then

 

 

Happy New Year All! As is traditional at this time of year I have found myself reflecting on both my personal growth as a Complex-Risk Specialist as well as the state of my working world in order to assess what needs improvement in 2017.  In so doing, I couldn’t help but notice that the last three or so years have been particularly trying for those of us invested in the art of Risk Management, especially within the heavy industries; natural resources, engineering, construction, energy, infrastructure and such. As a result, I find myself wondering whether Risk Management is battling to survive/thrive as a formal management discipline in the modern era and what we (the invested Risk Community) should be doing to improve our discipline.  

There is no doubt, that our working world has evolved exponentially over the last decade and I fear that during this evolution many of the traditionally accepted Risk Management methodologies have failed to keep up with the demands of a world that is now significantly more complex, dynamic, interconnected, informed and disruptive than any other era in history.  This in turn got me thinking, if I could make a set of New Year’s Resolutions that would help me to improve the way we (the invested Risk Community) view and practice Risk Management in 2017 and onwards, what would it be?

Download Also:

• Planning and Schedule Free Templates
• Over 500 Contract Templates Free Download 

Some context as to the current reality

Since early 2014, the global natural resources' industry has suffered perhaps the largest economic depression in this generation as oil, gas, coal, iron ore and most base metal prices have tumbled to record lows and then stayed there for almost 3 years. Those invested in these industries have seen their discretionary spend came to an abrupt halt and many organisations have since gone into severe cost cutting mode in an effort to "right size". As one major player stated in a recent investor report; "in 2014 it was all about right sizing, then in 2015 it was all about cost cutting but by 2016 it became just about surviving".

As a result of this industry upheaval I have seen many organisations radically downsize their Risk capability in an apparent attempt to eliminate "non-critical" overheads. At least two separate multi-billion dollar organisations practically dissolved their Risk Management functions and absorbed their limited Risk efforts into other organisational disciplines. Many of my peers and colleagues working within the world of Risk have either lost their jobs outright or become increasingly nervous as to the sustainability of their employment. Those that have been fortunate to keep working now face significant heat within their retrospective organisations whereby they have to justify their existence on an almost daily basis.

Also, I have seen many of the professional service firms that provide Risk Services and Consulting expertise to these industries go through tremendous turbulence. Most appear to have now morphed into providing low margin compliance and audit services rather than high end Strategic Risk Services as these appear to be the only high volume Risk Services in demand right now. I notice that many people who sold themselves as Risk Specialists during the boom years have diversified their resumes in an attempt to market themselves in other areas due to the lower demand for their support.

Risk in crisis?

I fear that Enterprise-wide Risk Management has lost its shine since the years immediately preceding the 2001 Enron Scandal and the 2008 Financial Crisis. In many ways these where the glory years for Risk Managers as our art become more mainstream and front of mind. Organisations took Risk Management more seriously and the investment into the discipline was positive and growing.  

But by late 2016 many historically strong organisations were now struggling and in turn; questioning why their noticeable investment in Enterprise Risk Management during the Boom years had not helped them proactively mitigate against the negative impacts of the upcoming Depressive years. A fair question, after all hadn't Enterprise Risk Management advertised itself for all those years before as being critical to organisational success by helping to proactively mitigate against the harmful affects of uncertainty on objectives?

Historically, Risk has always been the "poor cousin" to strategy and operations and has rarely been given the same respect and resources as other management disciplines such as finance, operations, procurement and the like. However, the noticeable reduction in investment in the discipline over the past 3 years across many leading organisations and industries suggests that the discipline may actually currently be in crisis?

Case in Point - consider the following industry indicators as to the current state of Enterprise-wide Risk Management;     

•  In mid-2014 a $35 billion, global gas organisation based in Europe "right sized" their entire in house Enterprise Risk Management capability down to only two internal auditors. Although this particular reduction was extreme it was not an isolated incident within the sector. An informal survey of Risk Management role reductions during the 2014-2016 period saw full time equivalent resources (FTE's) reduce by between 30% and 90% across nine leading organisations in the broader natural resources sector. This FTE reduction rate was grossly disproportional to the reductions experienced in other management disciplines during the same period. If Risk Management is indeed so critical to organisational success why do organisations feel comfortable reducing their Risk capability in times of trouble?     
• During 2015/16 a number of the World's Mega-projects worth in excess of $20 billion were observed as operating without a specifically dedicated (and suitably qualified) Project Risk Function? If Risk Management is indeed so critical to project delivery success, then why do so many Mega-project investors feel comfortable proceeding without a Project Risk capability that reflects the degree of investment at risk?     
• In mid-late 2015 a major infrastructure PMO in the Australian public sector advertised for Industry Risk Specialists who could provide deep expertise across a broad portfolio of major projects within a vendor panel arrangement. Of the 280 individual "Specialist Risk” resumes received during the tender period, only five applicants had earned themselves tertiary qualifications in Risk Management (Diploma, Bachelor’s Degree, Masters, PHD etc.). I find this ratio alarming as it implies that only 1 in 50 people operating as a Risk Specialist is academically qualified in the Science of Risk Management. If Risk Management is indeed such a critical specialist discipline, then why are there so few practising Risk Professionals who have actually studied Risk at an advanced level? Such a low rate of study surely devalues the currency of Risk by implying that the discipline is not sophisticated enough to require formal study. It also suggests that a low grade of empirical rigour underpins the practices accepted within the field and questions the quality of the knowledge base which defines the discipline.

From the above it is clear there are some significant challenges in the manner in which Risk is perceived and practised within industry. My personal experience over the past three years has been that organisations are now more likely to be questioning the value and return of their investment in Risk Management than embracing it as a crucial enabler of success. Again, you can argue it any way you want but the number of Risk based FTE job losses and lower employment opportunities are formidable indicators supporting this point!

 

Who is to blame?

Now it would be easy to blame these organisations divesting from Risk and call them immature or state that they simply don't get the value of Risk Management but I don't believe such stock standard criticism is good enough anymore. Organisations have never had a problem in investing in things that offer tangible returns and if they are indeed divesting from the Risk Management discipline then clearly they feel they are not getting their money's worth - simple as! 

How much confidence can we seriously expect industry to put in Risk Management when only 1 in 50 of its practising officers have actually completed formal studies in the Science of Risk? Consider how little confidence we would have in the Medical Industry if only 1 in 50 of its practising Doctors had completed their studies in medicine or the aviation industry if only 1 in 50 Pilots had actually studied the laws of aerodynamics?

There comes a point when those of us who are appointed to promote the art of Risk Management within these organisations need to start taking responsibility for our role in allowing this apparent divestment to happen. If organisations are struggling to see the value in Risk Management then whose fault is that - those who buy the services (them) or those who sell the services (us)?

To this end, I have lost faith in many of the traditional Risk Management methods as I feel they have been ineffective in addressing the complex challenges which global business are currently experiencing nor have these methodologies done much to secure the employment of those who have studied and endorsed them. I believe that many of the industry accepted, “Brand Name” Risk Management methodologies have failed to keep up with the evolution of the Modern, Global Risk Context and many are teaching risk control principles which are rapidly becoming obsolete in a world that is highly dynamic, complex and unpredictable.

I now more than ever believe that radical, possibly even disruptive, changes are required in the way organisations embrace and enable Enterprise-wide Risk Management if Risk is to survive/thrive as a formal management discipline in future years. Advanced Risk situations require advanced Risk thinking!

More to the point, I believe that if the art of Risk Management is to survive as a formal management discipline in 2017 and onwards, then   

• Appointed Risk Officers need to start demonstrating themselves to be "Risk Leaders" rather than just mere "Risk Administrators". In my opinion far too many appointed Risk Managers have allowed themselves to become Risk Administrators rather than actual Risk Leaders. As result they are more likely to be the appointed keepers of the organisation's Risk Register, Risk Software and/or the organisational Audit check lists - a far cry from being an actual Risk Adviser trusted by the organisational leadership. This I believe is half the problem because if those appointed to oversee the management of Risks cannot even elevate themselves to where they have secured the confidence of the executive leadership, then what hope has the art of Risk Management have of being a trusted organisational management discipline. If Risk Management is to truly add value in the new age then the world needs more Risk Leaders, not more Risk Administrators.     
• Risk Management needs to start demonstrating tangible value in addressing the specific challenges of the modern context. We are now living in one of the most complex, dynamic and disruptive eras in history and unfortunately its only going to get more turbulent and more extreme. The days of "Risk Management by checklist" are no longer suited to today’s complex challenges. The invested Risk community needs to become better at understanding and addressing the specific behaviours and characteristics associated with complexity, as complexity is the biggest driver of Risk in the modern era of global inter-connectivity, rapid disruption, perpetual dynamism and severe unpredictability. Until Risk Managers become invested students in the science of complexity (complex systems theory, complex risk theory, chaos theory and the like) they simply will not have the mental toolkit necessary to address today's complex challenges. You can quote me on that!     
• Risk Managers need to start demonstrating genuine innovation in their Risk Management efforts. Seriously, the working world has evolved exponentially over the past decade yet Risk Management practices have stayed largely static in this time. When last did someone actually introduce something truly new or innovative into the Enterprise Risk Management discipline? If Risk Managers wish for the world to change then they need to become the change they desire for the world (Gandhi?). The new generation of Risk Leaders needs to start challenging and disrupting the conventional Risk wisdom. If you do the same things you always done, then you gonna get the same results you always got (Einstein?). If Risk Management is indeed in crises then it is necessary to be innovative and where possible; disruptive. Risk Managers need to bring new thinking to the table, because the old thinking is tired, stale and no longer working in the current era of advanced complexity and severe unpredictability

So there it is, my New Year's Risk Management Resolve for 2017... in return I would love to hear of your respective Risk Management resolutions and wishes.  Now allow me to put the same question to you;  If Risk is to survive/thrive as a formal management discipline in 2017 and onwards, what do you feel is critical to its' sustainable success?   What needs to change? What needs to be done better? What needs to be scrapped?  Post your comments below and I will be sure to read them... oh yes, and again; Happy New Year, I hope you all have a cracker! 

Related Topics:

• ENTERPRISE SECURITY RISK MANAGEMENT-A HOLISTIC APPROACH TO SECURITY
• Business Continuity planning BCM and risk management and ISO31000. 
• Incorporating Information Security Risk Assessments into the Third-Party Risk Management (TPRM) Process

The Author: Warren Black

 

                                        

About:  

I am an Engineer, Risk Professional and Complex Systems’ Thinker who has particular interest in understanding how the complexity sciences may offer a better means to controlling emergent risks within highly complex, operating environments.  I currently consult on how to improve organisational Governance, Risk & Assurance practices so that they may reflect not only the degree of investment at risk, but also the specific environmental complexities in play. 

I believe that over the past decade in particular, I have accrued deep expertise in my chosen subject matter as evidenced by the fact that I was the head of Program-wide Risk for BG QCLNG and have held Senior Project Risk & Business Advisory roles at both Deloitte and Marsh & McLennan Risk Advisory Practices.

 

 I am also arguably one of only a handful a Risk Professionals who has built a full end-to-end risk management & reporting framework for an organisation of over $25 billion (BG QCLNG). At its peak this was the 8th largest project in the world and is hence a significant indicator of my capability.  As a practising complexity & risk specialist, I have worked within two of the world’s largest mining project hubs (BHPB and Rio Tinto), three of the Queensland mega LNG projects (GLNG, APLNG, QCLNG), Australia's largest construction company (Leighton’s/CIMIC), The State of NSW's largest Infrastructure PMO (I&P PMO), 

 

Victoria's Largest Rail PMO (VicTrack), Brisbane's largest city Rail Project (Cross River Rail) and the largest publicly funded civil & infrastructure PMO in Queensland (Brisbane City Infrastructure).  Also, as a demonstration of my commitment to my art; I am currently engaged in a PHD by Research whereby I am "Investigating a Complex Systems Approach to Complex Project Risk Management". I believe that the complexity sciences provide a new generation lens upon which to help risk management transition into a future world of complex working relationships and perpetual disruption.