Enterprise Risk Management: A Methodology for Achieving Strategic Objectives
()
About this ebook
Related to Enterprise Risk Management
Titles in the series (79)
Retail Analytics: The Secret Weapon Rating: 2 out of 5 stars2/5Marketing Automation: Practical Steps to More Effective Direct Marketing Rating: 0 out of 5 stars0 ratingsEnterprise Risk Management: A Methodology for Achieving Strategic Objectives Rating: 0 out of 5 stars0 ratingsCustomer Data Integration: Reaching a Single Version of the Truth Rating: 3 out of 5 stars3/5Case Studies in Performance Management: A Guide from the Experts Rating: 5 out of 5 stars5/5CIO Best Practices: Enabling Strategic Value With Information Technology Rating: 4 out of 5 stars4/5The Data Asset: How Smart Companies Govern Their Data for Business Success Rating: 0 out of 5 stars0 ratingsCIO Best Practices: Enabling Strategic Value with Information Technology Rating: 4 out of 5 stars4/5Performance Management: Integrating Strategy Execution, Methodologies, Risk, and Analytics Rating: 3 out of 5 stars3/5Demand-Driven Inventory Optimization and Replenishment: Creating a More Efficient Supply Chain Rating: 0 out of 5 stars0 ratingsBusiness Intelligence Competency Centers: A Team Approach to Maximizing Competitive Advantage Rating: 4 out of 5 stars4/5Fair Lending Compliance: Intelligence and Implications for Credit Risk Management Rating: 0 out of 5 stars0 ratingsCredit Risk Assessment: The New Lending System for Borrowers, Lenders, and Investors Rating: 0 out of 5 stars0 ratingsThe New Know: Innovation Powered by Analytics Rating: 0 out of 5 stars0 ratingsSocial Network Analysis in Telecommunications Rating: 1 out of 5 stars1/5Bank Fraud: Using Technology to Combat Losses Rating: 0 out of 5 stars0 ratingsThe Business Forecasting Deal: Exposing Myths, Eliminating Bad Practices, Providing Practical Solutions Rating: 0 out of 5 stars0 ratingsUnderstanding the Predictive Analytics Lifecycle Rating: 5 out of 5 stars5/5Mastering Organizational Knowledge Flow: How to Make Knowledge Sharing Work Rating: 4 out of 5 stars4/5Statistical Thinking: Improving Business Performance Rating: 4 out of 5 stars4/5Taming The Big Data Tidal Wave: Finding Opportunities in Huge Data Streams with Advanced Analytics Rating: 4 out of 5 stars4/5Delivering Business Analytics: Practical Guidelines for Best Practice Rating: 3 out of 5 stars3/5Bricks Matter: The Role of Supply Chains in Building Market-Driven Differentiation Rating: 0 out of 5 stars0 ratingsBranded!: How Retailers Engage Consumers with Social Media and Mobility Rating: 0 out of 5 stars0 ratingsPredictive Business Analytics: Forward Looking Capabilities to Improve Business Performance Rating: 0 out of 5 stars0 ratingsHeuristics in Analytics: A Practical Perspective of What Influences Our Analytical World Rating: 0 out of 5 stars0 ratingsThe Executive's Guide to Enterprise Social Media Strategy: How Social Networks Are Radically Transforming Your Business Rating: 0 out of 5 stars0 ratingsHealth Analytics: Gaining the Insights to Transform Health Care Rating: 0 out of 5 stars0 ratingsHarness Oil and Gas Big Data with Analytics: Optimize Exploration and Production with Data-Driven Models Rating: 0 out of 5 stars0 ratingsAnalytics in a Big Data World: The Essential Guide to Data Science and its Applications Rating: 0 out of 5 stars0 ratings
Related ebooks
The Risk of Trading: Mastering the Most Important Element in Financial Speculation Rating: 0 out of 5 stars0 ratingsThe Value of Business Analytics: Identifying the Path to Profitability Rating: 0 out of 5 stars0 ratingsThe Business Forecasting Deal: Exposing Myths, Eliminating Bad Practices, Providing Practical Solutions Rating: 0 out of 5 stars0 ratingsCorporate Value of Enterprise Risk Management: The Next Step in Business Management Rating: 3 out of 5 stars3/5The Mental Strategies of Top Traders: The Psychological Determinants of Trading Success Rating: 0 out of 5 stars0 ratingsThe Efficient Practice: Transform and Optimize Your Financial Advisory Practice for Greater Profits Rating: 0 out of 5 stars0 ratingsGrowth Hacking For Dummies Rating: 0 out of 5 stars0 ratingsBalanced Scorecard Step-by-Step: Maximizing Performance and Maintaining Results Rating: 0 out of 5 stars0 ratingsEnterprise Risk Management Best Practices: From Assessment to Ongoing Compliance Rating: 0 out of 5 stars0 ratingsKnowledge Automation: How to Implement Decision Management in Business Processes Rating: 5 out of 5 stars5/5Business Strategy Essentials You Always Wanted To Know (Second Edition) Rating: 0 out of 5 stars0 ratingsMastering Organizational Knowledge Flow: How to Make Knowledge Sharing Work Rating: 4 out of 5 stars4/5Protect Your Assets: Strategically Oriented, Metrics-Centered Credit Management Rating: 0 out of 5 stars0 ratingsWhat You Need to Know about Strategy Rating: 0 out of 5 stars0 ratingsMastering Corporate Finance Essentials: The Critical Quantitative Methods and Tools in Finance Rating: 0 out of 5 stars0 ratingsDue Diligence: An M&A Value Creation Approach Rating: 0 out of 5 stars0 ratingsCompete Smarter, Not Harder: A Process for Developing the Right Priorities Through Strategic Thinking Rating: 0 out of 5 stars0 ratingsInvestment Risk and Uncertainty: Advanced Risk Awareness Techniques for the Intelligent Investor Rating: 0 out of 5 stars0 ratingsAnticipate: Knowing What Customers Need Before They Do Rating: 0 out of 5 stars0 ratingsRisk-Based Internal Audit Rating: 5 out of 5 stars5/5A Modern Day Blueprint for Business Growth and Expansion Rating: 0 out of 5 stars0 ratingsStrategic Collaboration Workbook for Entrepreneurs Rating: 0 out of 5 stars0 ratingsBalanced Scorecard: Step-by-Step for Government and Nonprofit Agencies Rating: 4 out of 5 stars4/5Win / Loss Reviews: A New Knowledge Model for Competitive Intelligence Rating: 0 out of 5 stars0 ratingsTrading Psychology 2.0: From Best Practices to Best Processes Rating: 4 out of 5 stars4/5The Investment Checklist: The Art of In-Depth Research Rating: 4 out of 5 stars4/5Fundraising the SMART Way: Predictable, Consistent Income Growth for Your Charity Rating: 0 out of 5 stars0 ratingsRisk Finance A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsDriving Sustainability to Business Success: The DS Factor -- Management System Integration and Automation Rating: 0 out of 5 stars0 ratingsScorecard Best Practices: Design, Implementation, and Evaluation Rating: 0 out of 5 stars0 ratings
Business For You
Robert's Rules Of Order Rating: 5 out of 5 stars5/5Crucial Conversations Tools for Talking When Stakes Are High, Second Edition Rating: 4 out of 5 stars4/5Becoming Bulletproof: Protect Yourself, Read People, Influence Situations, and Live Fearlessly Rating: 4 out of 5 stars4/5Crucial Conversations: Tools for Talking When Stakes are High, Third Edition Rating: 4 out of 5 stars4/5Nickel and Dimed: On (Not) Getting By in America Rating: 4 out of 5 stars4/5Summary of J.L. Collins's The Simple Path to Wealth Rating: 5 out of 5 stars5/5Law of Connection: Lesson 10 from The 21 Irrefutable Laws of Leadership Rating: 4 out of 5 stars4/5Collaborating with the Enemy: How to Work with People You Don’t Agree with or Like or Trust Rating: 4 out of 5 stars4/5High Conflict: Why We Get Trapped and How We Get Out Rating: 4 out of 5 stars4/5Set for Life: An All-Out Approach to Early Financial Freedom Rating: 4 out of 5 stars4/5The Richest Man in Babylon: The most inspiring book on wealth ever written Rating: 5 out of 5 stars5/5Leadership and Self-Deception: Getting out of the Box Rating: 4 out of 5 stars4/5Capitalism and Freedom Rating: 4 out of 5 stars4/5The Catalyst: How to Change Anyone's Mind Rating: 4 out of 5 stars4/5Lying Rating: 4 out of 5 stars4/5Emotional Intelligence: Exploring the Most Powerful Intelligence Ever Discovered Rating: 5 out of 5 stars5/5The Five Dysfunctions of a Team: A Leadership Fable, 20th Anniversary Edition Rating: 4 out of 5 stars4/5Red Notice: A True Story of High Finance, Murder, and One Man's Fight for Justice Rating: 4 out of 5 stars4/5Buy, Rehab, Rent, Refinance, Repeat: The BRRRR Rental Property Investment Strategy Made Simple Rating: 5 out of 5 stars5/5The Intelligent Investor, Rev. Ed: The Definitive Book on Value Investing Rating: 4 out of 5 stars4/5Just Listen: Discover the Secret to Getting Through to Absolutely Anyone Rating: 4 out of 5 stars4/5Your Next Five Moves: Master the Art of Business Strategy Rating: 5 out of 5 stars5/5Tools Of Titans: The Tactics, Routines, and Habits of Billionaires, Icons, and World-Class Performers Rating: 4 out of 5 stars4/5How to Get Ideas Rating: 5 out of 5 stars5/5
Reviews for Enterprise Risk Management
0 ratings0 reviews
Book preview
Enterprise Risk Management - Gregory Monahan
Introduction
This book introduces a methodology for the management of risks faced by organizations: strategic objectives at risk (SOAR). It employs a process with SOAR
as its acronym. I differentiate between a methodology and a process in this way: A process is a series of predefined steps that, when executed, results in some outcome(s). A methodology is a framework that encompasses a number of elements, including, in particular, people and processes. This book focuses on the application of the SOAR process to risks associated with strategic objectives. I believe risk management has been inadequately applied to this field to date, largely because no one has been able to define a widely acceptable methodology. The SOAR methodology is not restricted to this application; in fact, it can be applied to managing any desired (and uncertain) outcome.
One of the titles I considered for this book was A Recipe for Enterprise Risk Management.
If you think of a recipe as a formula or procedure for doing or attaining something,
as it is described in Webster’s dictionary, then this is precisely what this book provides. This definition implies that if you want to get the result, you have to actually do something. This book simply tells you what it is you need to do. Another familiar definition of recipe
is a set of instructions for making something from various ingredients.
The first part of this definition is practically the same as that given in Webster’s dictionary, but the second part adds something new: the concept of ingredients. This book identifies the ingredients required to conduct effective enterprise risk management.
Enterprise risk management should not be confused with other similar concepts, such as enterprise-wide risk management. Within this book I prescribe a methodology for managing risks associated with strategic objectives. Literature abounds on how to manage other risk types, such as market risk, reputational risk, operational risk, project risk, or credit risk. Enterprise-wide risk management is (usually) about ensuring that the organization has in place risk management frameworks for each of these different risk types and does not attempt to address risk management in terms of the overall health of the organization as it strives to achieve its stated objectives. Enterprise-wide risk management (usually) relates to the notion of providing senior managers a one-stop shop (often represented by the popularly named dashboard
) where they can check that each of the business units is managing the risks it faces. The process usually involves the collection of megabytes of data from every nook and cranny of every office around the globe, the collation of data and storage in an enterprise data warehouse,
and the production of many (usually too many) reports, including OLAP (online analytical processing). You have got to have OLAP reports, right? I am a firm believer in the notion that data is king, but I believe there are two different types of data: useful data and rubbish. The SOAR methodology relies on data. The timely collection, collation, analysis, and dissemination of data is critical to successful execution of the SOAR process. Nonetheless, the volume of data required under the SOAR process is likely to be tiny. The two most important characteristics of data employed within the SOAR process are that it be accurate and timely; quality is certainly more important than quantity.
I advocate that the enterprise risk management framework be managed by an independent enterprise risk management office, that is, a dedicated group of resources who are completely independent of any of the operational units within the organization. I believe that the enterprise risk management office has the greatest chance of success if it is operationally independent of the organization, subject to appropriate transparency of the organization. I object to ownership of the enterprise risk management program by the chief financial officer or internal audit for a number of reasons, discussed in detail later. I will say just a few words now. The SOAR methodology is not an audit process; it is a management process. I advocate that the process be controlled by a dedicated enterprise risk management office for a few reasons. The first one is to make enterprise risk management seem important. Because of the long-term nature of strategic objectives and because the activities associated with strategic plans often are quite removed from daily operations, you can imagine that a process around managing risks associated with strategic objectives might be considered unnecessary. Skeptics might argue that organizations have been achieving strategic objectives so far and suggest that a disciplined approach to the management of risk is not required. As mentioned earlier, I am not going to sell the concept of enterprise risk management. The results of enterprise risk management under the SOAR methodology will speak for themselves in time. I am certain that organizations managing their strategic plans under the SOAR methodology will be more successful than those that manage their strategic objectives by any other method, including no method. Until then, I believe it is a good idea to help people believe in both the concept and the methodology by making it seem important through the dedication of expert resources. The second reason for an independent enterprise risk management function is to test the importance of your strategic objective. If it is not important enough to warrant investment in dedicated resources, why are you doing it? The third reason for recommending that the SOAR methodology be owned and managed by a dedicated enterprise risk management office is to ensure it is applied correctly. In time, senior managers responsible for the management of strategic objectives may be qualified in the SOAR methodology, just as some people are Six Sigma black belts. At that time, a dedicated enterprise risk management office may not be essential, and responsibility for management of the SOAR methodology can be given to the owner of the objective.
I need to note a couple of things on the example (strategic) objectives I use throughout this book. In stating the example objectives, I have been lazy. I might, for example, say something like The objective is to increase profit.
I know that this is a poorly defined objective; a better expression of that objective might be something like The objective is to increase group net profit by 10% per annum over the next three years.
I am a big fan of SMART (specific, measurable, actionable, realistic, time-bound) objectives, but I am also an advocate of focus. The focus of this book is not on defining (strategic) objectives, so I have deliberately belittled the objective through lazy expression of it. This book demands that you consider strategic objectives as desired outcomes for which you are striving and that you recognize that the desired outcome is one of many possible outcomes. Just think of playing Frisbee with someone. Ordinarily, you attempt to throw the Frisbee so the person can (run a bit and) catch it. If the person misses it and it hits them in the eye, blinding him or her permanently, you have failed to achieve your objective despite correctly executing your plan. The point is that execution of almost any plan has multiple possible outcomes (usually of varying probabilities), some of which are more desirable than others. If you think of a plan that has only one certain outcome, good for you. That sort of outcome (and its associated plan) does not need management of the type prescribed here.
A fundamental prerequisite for applying the SOAR methodology is that a number of outcomes are possible and that they are not all equally desirable. If all of the possible outcomes are equally satisfactory (in relation to achieving your objective), then risk management is not required. Furthermore, you should apply (risk) management only if you have the ability to influence the outcome. Let us say you hold a traditional six-sided die and you want to roll a 1; that is, rolling a 1 is your (most highly) desired outcome. You know you have a 1 in 6 chance, right? Unless you have the ability to manipulate the die itself, by, say, replacing the 2 with a 1, or weighting the 6, you should just throw it and cross your fingers for luck.
I would like to examine one of the prerequisite conditions—that the outcomes are not equally desirable—in a little more detail. I will do so without going too deeply into a fascinating and equally frustrating field that I am determined to avoid: human behavior. Not highlighting the fact that human behavior undermines the robustness of the SOAR methodology (and any other methodology that requires human intervention) could be considered negligent. Or I could excuse my failure to mention it on the basis that I assumed everyone knows that humans are irrational and there is no reason for this to change simply because the SOAR methodology is applied. Here I will talk about human behavior as it relates to desire. I will talk about one other area of human behavior—risk aversion or risk appetite—a little later as part of our discussion on managing human behavior, one of the elements of the react
step of the SOAR process.
In the 1700s, Daniel Bernoulli posed the notions of expected utility and diminishing marginal utility. Expressed very simply, Bernoulli suggested that the same outcome does not produce the same effect on different people. An example might be the value
person A derives from winning $100 versus the value
person B gets from winning $100. Bernoulli suggests that if person A is wealthier than person B, person A will derive less value
from the prize. Sounds reasonable to me. I have written value
in quotation marks as it is a somewhat tricky term to define. Alternatives might be joy, pleasure, satisfaction, or even utility (to name a few). Whether you accept the detail of the theory (you may find it interesting to read) or not, Bernoulli’s theory has implications for the application of the SOAR methodology. Furthermore, Bernoulli suggested that the same outcome may not always be judged to provide the same value by the same person under different circumstances. An example of this might be a person’s decision to travel X miles to save $5 off a $10 item but decide not to travel the same distance to save the same amount off a $1,000 item.
The SOAR methodology aims to steer the organization toward attaining its strategic objectives. As soon as you recognize a strategic objective as a desired outcome,
the implication of Bernoulli’s theory slaps you in the face; desire
(differing from pleasure only in time) is a personal thing and tricky to measure. So how can the desirability of different outcomes be measured accurately? Even when the possible outcomes are unambiguously measurable, their desirability is not. The example just given is a great example; a saving of $5 is worth exactly $5, regardless of the original value of an item, but Bernoulli’s theory suggests that the value
to the saver is not consistent. Take the case where an organization wishes to achieve sales of $100 million over the next 12 months. Will achieving sales of $95 million be completely unacceptable, or is it almost as good (say 95% as good) as hitting the target? What if the organization achieves sales of $105 million; is that better, worse, or the same as achieving the desired level? When money is involved, it is usually pretty reasonable to take the monetary value as a proxy for value
(or the measure of desire), but more is not always better, as the excess can be used as evidence of a lack of control over outcomes. One example of this is where an organization reports greater than forecast profit and its stock price falls!
This book prescribes a methodology that enables you to increase the chances of attaining your organizational objectives. The methodology includes rules for determining metrics to measure outcomes. Acknowledging the merit in Bernoulli’s utility theory, the method requires that metrics incorporate desirability. A quick example might be in relation to a financial objective: to achieve sales of 100 million units over the next year. We could set the metric as number of units sold
and we could set the target value equal to 100. Or we could get a little more sophisticated and do something like set the metric equal to sales objective metric
(something that we just made up) and set the target value equal to 3. If the number of units sold is between 95 and 110, then sales objective metric equals 3. If the number of units sold is between 90 and 95, then the metric value equals 2; and for sales less than 90, the metric equals 1. If the number of units sold is anything above 110, the metric value is 2. The reasons for taking this approach include our need to include the notion of desirability
in the measurement of the outcome. If sales of 100 million units and 101 million units are equally desirable, we may as well treat those two possible outcomes as equally desirable. You do not have to do it this way. We will discuss the process for setting metric values in detail later as part of the set step of the SOAR process. For now, just keep in mind that we have discussed the notion of desirability
and I have suggested that our measurement should include this concept.
CHAPTER 1
Defining Enterprise Risk Management
Atrusted colleague and friend advised me that I should not begin with a definition of the term enterprise risk management.
After much deliberation, I have decided to include my definition, because I feel it is imperative that you and I share a common understanding of what I am writing about in this book. If you accept my definition, then you can consider everything else I espouse within the context of this definition. If you prefer some other definition, you probably should consider whether the other things I say need to be adjusted for your preferred definition. That said, and with respect and thanks to my friend for his advice, I begin with definitions gleaned from Merriam-Webster’s Eleventh Collegiate Dictionary of each of the words in the phrase:
Enterprise A unit of economic organization or activity; especially: a business organization
Let us proceed on the basis that an enterprise is a group of legal vehicles, divisions, business units, and so forth that make up an organization. I like the term organization,
because it seems to carry less connotation about the nature of the organization than, say, company
or business.
In my view, organization
carries no connotation of size, operation, or objective; it could just as easily be a local symphony orchestra as it could be the U.S. Federal Reserve or Barclays PLC. So an enterprise
is an