GREP-BLOG

Wednesday 18 July 2018

A beginner's primer on effective risk management - the short version

An organisation exists to support the interests of its stakeholders. For example a commercial company exists to apply its owner's capital in such a way that maximises the return on that capital to the owners; or a community organisation may exist to provide community amenities. There are different stakeholders an organisation must support the interests of in order to survive. These include customers who provide their custom to organisations, regulators who provide licenses to operate in a regulated area and employees who provide labour to convert capital into something saleable.

An organisation cannot exist in a sustainable way unless it strikes the right balance between these competing stakeholder interests. This balance is struck through risk versus reward based decision making such as "we will apply 90% of our resources to support the customer value delivery chain processes that will ultimately drive profit and owner return on equity, and 10% in order to maintain sufficient control processes in order to give confidence to our stakeholders such as regulators that we are doing the right thing by our customers, employees and owners and thus keep our moral and legal operating license". A company's failure to support its customer's interests results in lower custom, reduced market share and ultimately lower profits and hence lower return on capital invested by owners ultimately not meeting the owners' interests. Likewise a company's failure to support the interests of its regulators will result in financial sanction or withdrawal of operating licenses, both of which hit the bottom line.

This risk / reward decision making is achieved through the principles and practices of risk management (whether it be market risk management,  credit risk management, operational risk management or reputation risk management). Risk management principles include risk appetite, understanding risks (through risk assessments for example) and responding to risks (e.g. controlling risks, accepting risks or insuring against the consequences of risks materialising). Failure to understand and apply these principles almost invariably leads to adverse outcomes for organisations that result in those organisations not being able to support the interests of their respective stakeholders any longer (some notable examples are Enron, Barings Bank and Lehman Brothers to name a few).

So having established that effective risk management is important to the very survival of an organisation, one of the key questions that arises is how do you implement effective risk management in an organisation?

A multitude of regulations, standards, courses, textbooks, guidelines, frameworks, processes and tools exist that seek to answer this question but it boils down to a few key actions:

  1. Adequately defining and effectively communicating the risk management objectives, principles and practices the organisation is to use in order to understand and manage its risks.
  2. Putting in place sufficient risk management professionals and systems to assist the organisation in applying these defined and communicated objectives, principles and practices.
  3. Monitoring how well the defined and communicated risk management objectives, principles and practices are applied in the organisation and course correcting if the risk management objectives are not being met

There are of course finer points, specialisms and subtleties but in the end, effective risk management revolves around these key actions. This is the short version.


PS: This is also published in the IT Risk Practitioner

Monday 16 July 2018

Using Technology for Good: Social Support Platform

Here’s an idea for a Social Support Platform. What if technology was harnessed to create a universal, easy, intuitive, responsive way to get support from and provide support to society at large. This creation we might call the Social Support Plarform and would be a single entry point worldwide to intuitively discover and access free social support in relation to advice, advocacy, education, online marketplaces and stores for commercial goods and services and commercial and charitable fundraising and financing among any number of socially beneficial services. The idea would be that if you need help and someone is willing to help, let’s get you and them connected. The platform would not be only information based but also provide infrastructure and logic that supports people in setting up and running their own businesses for free all the way to being able to setup and operate an online store within minutes. The platform would also support those who support the platform by rewarding socially valuable contributions, as determined by users, with social credits in the form of exchangeable crypto currency whose value in exchange for goods and services available on the platform markets must be assured. This could look like a discretionary donation for advice type approach where users can donate as much as they are able after receiving support to show appreciation. This platform would need to be governed to stop abuses and so a direct democracy approach tempered by constitutional principles could be employed to set rules and regulations around acceptable activity on the platform. The idea would be to set the principles very carefully and sufficiently broadly first and make the platform as extensible as possible within the principle framework. Another key feature would be security and privacy. The platform would need to be protected by abuses from various risks including those posed by state actors and would need to be truly globally accessible and privacy assured such as through anti-censorship, anonymisation and privacy protection technologies. These sort of platforms or precursors or components of such platforms may exist so maybe one or many of these could serve as a starting point but the technology is definitely there, all that’s needed is the people to support it.

This is just a rough idea but worth thinking about further. More to come as thoughts progress... 

Let me know any thoughts or if you are aware of similar projects out there.