Bryan Whitefield

Bryan Whitefield focuses on building risk leaders in organisations and on demystifying enterprise risk management, risk financing and business continuity planning for non-risk professionals.

Posted by on in Risk Management

Food for Thought: The Napster, Amazon and Apple Missiles

This month's whitepaper is from the December Harvard Business Review by Maxwell Wessel and Clayton M. Christensen and is titled "Surviving Disruption". (My thanks to a colleague for highlighting it for me - thanks David!) You can access the article by registering for free on the Harvard Business Review website here.

Wessel and Christensen use a modern variation on the runaway train: "Disruptive innovations are like missilies launched at your business". The paper highlights the missiles that were Napster, Amazon and the Apple Store aimed straight at record companies and the digital camera makers aimed squarely at Kodak. These are great examples of missiles that hit their targets relatively quickly, before missile defence systems could be raised or the missile dodged. Wessel and Christensen maintain that once a missile is fired, there is often time to raise our defences or dodge, duck and cover. Their examples include cinemas which have survived despite public access to movies in our lounge room soon after their release and ships traversing the globe despite the development of supersized aircraft.

Their tip for assessing how technologically advanced the missile is coming your way:

  • "Identify the strengths of your disrupter's business model;
  • Identify your own relative advantages;
  • Evaluate the conditions that would help or hinder the disrupter from co-opting your current advantages in the future."

In their article they go on to describe different ways of thinking about these issues including a modern spin on the old "barriers to entry" to an industry. They refer to an "ecosystem barrier" to describe a steady-state business environment where consumers and suppliers are operating comfortably with no real need to change.

Wessel and Christensen finish with a case study on the grocery industry stating: "The theory of disruption tells us that these entrants will speed their delivery times, increase their product selection, and add features we can hardly imagine today in pursuit of new customers and higher profit margins."

For you non-risk professionals out there, I hope this concept of disruptive innovation has got you thinking. I hope the same for you risk professionals and I also hope you are thinking about how this might apply for your next strategic risk workshop. I know I am. My client's industry is being "disrupted" by government policy changes and assessing and adapting to the disruption will be the name of the game.

Call me on (02) 9400 9702 or email This email address is being protected from spambots. You need JavaScript enabled to view it. now to talk about how I can help with your current challenges in risk.


Continue reading
Hits: 7 0 Comments

Posted by on in Risk Management

Food for Thought: Mastering Inbox Fatigue

This whitepaper is a double edged sword for me. It covers a major cause of staff non-productivity - too many emails to get the real work done - which I am guilty of contributing to right now! The paper is by IDC and it is titled "The Future of Email is Social". In a nutshell it covers:

  • The foundations of email which continue to be its strength today
  • A comprehensive description of the growing email challenge which includes its impact on staff productivity and its inefficiency in knowledge sharing and transfer when compared to social media
  • How vendors of email software are increasingly bringing the core benefits of social media software into their email program offerings
  • The outstanding challenge for enterprise systems providers to include "context" into the functionality. That is auto filtering out or auto adding in information to a conversation by email, instant messaging or while collaborating online, through one's location, job role, project responsibilities, personal development needs, interests and of course expertise

For me the paper highlights the need for risk professionals to be cognisant of the impact of email


Continue reading
Hits: 5 0 Comments

Posted by on in Risk Management

Risk Leadership: Driving Cultural Change through Engagement

So many people that  I meet for the first time from outside the risk profession have a very poor perception of risk management as a discipline.  They see it as a compliance activity at best and most see it as a handbrake on business.  Recently my wife described me to a new acquaintance as one of the fathers of modern risk management and the person turned to me and said, “So you are to blame!”

You and I know the value of risk management.  You also know that in your organisation there are still swathes of key influencers who see risk as a compliance activity.

Adding to this, you are in a situation that because risk is still seen as compliance and a cost to business, the resources you have available to you are more than just limited, they are pretty scarce. 

If you are in agreement with me so far, then ask yourself this: “What do I need to do differently?”

I’ll give you three tips:

  1. Ask yourself (better still, ask others) “How engaging am I?” and rate yourself on a scale from 0 (that politician that was leader of the opposition for a while a few years back) to 10 (Richard Branson, Virgin).  If you don’t score at least an 8 out of 10 the truth is you will struggle to get your message across as there are so many barriers.  Check out my paper entitled “Risk Leaderhip: How to be Heard” for some tips on self-improvement.  

  2. Target the senior executive – If they have not listened to you so far and you figure your self-improvement plan will take some time, ask yourself, who will they listen to now?

  3. Create a team of Risk Champions – see my previous writings on this challenge in Risk e-Views Volume 11, here.


Continue reading
Recent Comments - Show all comments
  • Bryan says #
    Thanks Paula for your comments Yes, I fully agree with getting out there and engaging. Just like they say to a salesperson, "you
  • Paula V. Smith says #
    I agree that the risk manager will not be effective working in isolation and yielding to the common, negative perception that a ri
Hits: 67 2 Comments

Posted by on in Risk Management

Since Darwin’s Origin of the Species we have recognised how nature adapts to survive.  Modern humankind continues to adapt to survive while following these two innate risk management principles:

•    If it hurts us we learn and take action in proportion to the degree of pain.

•    The next time we face the same pain we are better prepared and we go back for more and either avoid the pain or at least find a way of working to a new pain threshold.

Why history keeps repeating itself is simple really.  It is the passage of time.  The more frequent the pain, the faster we learn. The less frequent the pain, the slower we learn.  In corporate life the pain that lives strongest in the corporate memory is the pain we work hard to avoid.  Take the process Disney follows to avoid being sued for breach of Intellectual Property.

A colleague told me he wrote a book and sent it to Disney indicating it could be a great movie.  They sent it back unopened with a letter saying they did not open it and won’t read it – full stop.  Early on, Disney was sued for breach of copyright and this one sticks very strongly in the corporate memory.

The point is, history does repeat itself because the really big lessons have very long periods of time between events and we forget. 

A really great Enterprise Risk Management program recognises all risks need to be managed all of the time in proportion to the risk they pose to the organisation. 

Does yours?

Take the RMP Online Healthcheck here and your score will give you an idea of how well you have progressed. (At least in my opinion!)

Continue reading
Tagged in: Healthcheck
Hits: 103 0 Comments

Posted by on in Risk Management

I have long agreed with those in the investment community that argue analysts drive short-term thinking by managers of many publicly listed companies, which in the end destroys value. While reading this article by McKinsey entitled “Building the healthy corporation” I realised that many organisations are now fighting back.  McKinsey report that a number of firms have brought “Performance and health” into the corporate lexicon.  They explain further with:

“Just as people may seem reasonably well today but may not have the physical condition for the rigors of a long and active life, so too companies that are profitable in the short term may not have what it takes to perform well year after year.”

A good point they make is that most investors do highly value health as well as performance and that it appears the noisy few investment analysts are the ones that are often heard and reacted to.

The McKinsey list for a healthy corporate body:

•    Strategy
•    Metrics
•    Communication
•    Leadership
•    Governance

While you can argue a list like this until you are blue in the face, it is a sound list.  In my experience, the one management has pushed the least in the modern organisation is “Metrics”.  So many facets of an organisation are challenging to measure, however, if something is important it should be measured otherwise your subjective assessment of your performance will more likely be a long way off the mark. 

Metrics using hard data and proxies for hard data can and should be developed.  In my experience, once you get going with metrics, you will find the process somewhat intriguing and highly rewarding.

Continue reading
Hits: 127 0 Comments

Posted by on in Risk Management

Risk Leadership: Reputation’s not a risk

It is always interesting to me when I read yet another risk survey which identifies “Reputation Risk” as the number one or at least one of the top risks of concern for leading executives.  Reputation is not a risk.  It is an intangible asset and its value to you is enhanced or damaged by something that you or your organisation does or does not do.  Any failure to adequately manage finances, personnel, IT security (and the list is infinite) may result in damage to reputation.

Therefore, what is an executive implying when they indicate “reputation” as one of their top risks?  Are they saying they are concerned their reputation may be damaged because they have trouble managing their reputation or are they saying they are concerned that risk events may occur that will damage their reputation? In reality the answers are one and the same.  One needs to manage risk to manage one’s reputation and one needs to be thinking about reputation when making decisions.

The bigger question that comes from a discussion about reputation and risk is how to obtain an effective measure of the potential or actual impact of a risk on reputation and therefore on your overall ability to achieve your goals.  In my experience a highly effective method is to first develop different descriptions of impact on reputation and equate them with various financial and other risk criteria in a risk consequence table.  Next develop clear metrics that can be used to track changes in reputation.  Ongoing monitoring will provide improved insight as to how risk events affect reputation and whether your descriptors in your consequence table adequately reflect the consequences of a risk event from a reputation viewpoint.

Continue reading
Recent Comments - Show all comments
  • Paula V. Smith says #
    Thanks for this clarifying message, Bryan. I like to think of reputation management as "mending the gaps" between what your key st
  • Bryan says #
    Thanks Paula - a great way of looking at it. All the best with your quest - education is so essential for the future of this plan
  • Mark Heinrich says #
    A comment previously submitted by email: I enjoyed your observations on reputation risk, Bryan. To me, a risk to reputation is o
Hits: 260 6 Comments

Posted by on in Risk Management

Risk Leadership: Risk - What It All Boils Down To

Earlier this year I read Administrative Behaviour by Herbert A. Simon which was first published in 1946.  I highly recommend Simon’s book for risk professionals because it only mentions risk a few times, yet it describes so clearly the challenges of organisational success. 

When you consider the challenges Simon sets out, it helps clarify how risk professionals should aim to assist organisations through the application of risk management principles and processes.

In a nutshell, Simon describes the basis of an organisation as:

•    A well-defined purpose communicated to staff and other stakeholders.

•    A series of decisions that affect actions.
•    Policies, processes and systems to influence the decisions.

In another nutshell, Simon describes the challenge of organisational success as:

•    The larger the organisation, the more open to interpretation and errors in communication of policies, processes and systems.
•    “The problem of choice (making a decision) is one of describing consequences, evaluating them, and connecting them with behaviour
•    Decisions are affected by emotions.
•    “… all decision is a matter of compromise.”
•    The actual outcome of a series of decisions in any sized organisation is impossible to predict.

So what is a risk professional trying to achieve?  He or she is trying to assist staff with decision-making under uncertainty and to enhance the communication of decisions AND the uncertainty around them to those in the organisation that need to understand them IN TIME for them to be able to act if required.

So when you talk about the maturity of a risk management program for your organisation, you need to ask yourself: Are you delivering for management a risk intelligent workforce with sound communication channels or are you simply delivering some processes that people feel compelled to follow to meet their personal KPIs?

Continue reading
Hits: 151 0 Comments

Posted by on in Risk Management

Like most skills in life, workshop facilitation can be learned.  If you would like to spend a half an hour discussing some of the finer points of workshop facilitation, please join me at my next webinar on Tuesday, 10th  December from 1 to 1.30pm AEDT.  

Novices to seasoned veterans will benefit from this free 30-minute webinar as, in my experience, there is always something to learn about facilitation.

You can register by clicking here:

Continue reading
Hits: 142 0 Comments

Posted by on in Risk Management

Risk Leadership: Beyond Resilience

I have long described the aim of Enterprise Risk Management to be to develop an Adaptive and Resilient organisation (check out my RMP Healthcheck).  In recent times the concept of Organisational Resilience has become popular, in particular for those in government and the owners and operators of critical infrastructure.  Both concepts, in my opinion, have similar aims, drivers, benefits and barriers and are about nurturing a successful organisation for decades and even centuries to come.

Below I show a continuum on which organisations can operate in face of uncertainty using both Enterprise Risk (my terms) and Organisational Resilience language published in Organisational Resilience: Position Paper for Critical Infrastructure, Resilience Expert Advisory Group, Australian Government (2011):-

Enterprise Risk


Vulnerable                                    Transitioning                                  Adaptive                                                                                 Resilient


Decline                                           Survive                                           Bounce Back                                                                         Bounce Forward

What I would like to do is expand on the concept of resilience and suggest to you there is a place “beyond resilience” that we as risk professionals should be driving our organisations towards.

Soon after 2012, the Australian Government released a research paper entitled CEO Perspectives on Organisational Resilience.  It refers to organisations as being “effective at business as usual” or, if more advanced, having the “ability to change and adapt” and if they are great they “shape the environment” in which they operate.   Bring in some other recent business concepts around Disruptive Innovation (Maxwell Wessel and Clayton M. Christensen, Harvard Business Review) and Antifragile: Things That Gain From Disorder, the latest book by Nassim Taleb, (author of The Black Swan) and you get more than a little feeling that true Risk Leadership is about helping to drive our organisations beyond resilience. 
True Risk Leadership is about developing risk maturity to the extent that higher and higher risk is seen as an opportunity to take competitive advantage through the management of risk.  In “C-Suite Speak” it is the ability to embrace uncertainty to drive market-forming change. 

Continue reading
Hits: 227 0 Comments

Posted by on in Risk Management

I have been running a survey and with more than 100 completed I am getting an interesting picture of the challenges my readership is facing. Here are the results and my interpretation of what they mean.

First of all, I should answer the question “What does the profile of respondents look like?” Put simply, my readership base and those that responded are typical of the risk profession. You are a mix of senior risk professionals in larger organisations, risk advisors who work for senior risk professionals or are embedded in business units, consultants or managers who have a part-time responsibility for risk including CFOs, COOs, GMs, Legal Counsel and a host of other managers of strategy, governance, safety, internal audit and many more.

Please Download RMP's Customer Needs Survey Results Here.

My Interpretation:

1. Evolving – Almost 50% of respondents indicated the need to elevate their programs towards better practice. This tells us risk management continues to evolve. Given the breadth and depth of debate in LinkedIn groups on various elements of better practice, standards and how to make it happen, this comes as no surprise.

2. Engagement – Engaging middle management and front-line staff ranks significantly higher than engaging the C-Suite. This could mean one of two things. Either senior management is now more engaged than ever before or many of the respondents simply don’t have access to the C-Suite as they are operating much lower in the organisation’s hierarchy. I believe both are happening.

3. Communication – Perhaps what is also at work is either a lack of confidence or a lack of opportunity to develop the skills required to engage senior management as evidenced by the one in five who indicated they have trouble articulating their vision and/or getting involved at Board level.

4. Analytics – One in four is challenged to improve risk assessments while only one in eight is seeking better quantification of risk in risk assessments. I suspect there is still complacency when it comes to tackling our psychological biases when assessing risk and quantification is one way of addressing them.

5. Accountability – This was perhaps the greatest surprise to me. Only one in ten identified a need to demonstrate their program was better practice while less than one in twenty felt a need to demonstrate a ROI for the organisation’s investment in them and the program they run or are building. Unfortunately this makes sense as risk departments have been some of the hardest hit in cut backs seen by organisations over the past 12 months. My message to risk professionals: “If you don’t take ownership of demonstrating your worth then someone else will determine your budget!”

I don’t pretend that these results are representative of the risk industry globally or even locally, however, hopefully they provide you with some interesting insights.

Continue reading
Hits: 289 0 Comments

Posted by on in Risk Management

I was recently asked by a young risk professional for recommendations on good books on risk.  Here is my short list:

Against the Gods – The Remarkable Story of Risk, by Peter Bernstein – A great story as well as very informative.
The Black Swan, by Nassim Taleb – Some truly interesting concepts that risk professionals must understand.  It is heavy going at times as you need to wade through what I found to be not so entertaining storytelling.
The Failure of Risk Management, by Douglas Cubbin – Really challenges the norm and heavily promotes quantification of risk – something all of us should be thinking more about given the truth that our subjective judgements on risk are often wrong because of our psychological biases (see next book on this list).
The Psychology of Judgement and Decision Making, by  Scott Plous – Not strictly a risk book, however, comprehensive in its coverage of our biases and extensively references Daniel Kahneman who is known as one of the forefathers of Behavioural Economics (see two  books down for his most recent book).
The Art of Choosing, by Sheena Iyengar.  Excellent book with lots of great background on why we sometimes have difficulty choosing – different enough to the books on the psychology of judgement etc to be worth a read.
Thinking Fast and Slow, by Daniel Kahneman.  Again not strictly a risk book yet clearly spells out some techniques to manage our pyschological biases and enhance our risk-based decision-making.
Inviting Disaster, by James Chiles.  This book does not cover any technical aspects of the risk management discipline.  It is an investigation into the causes of some of the most famous disasters in modern history.  I have used many of these stories when running engagement workshops for management and staff.

If you would like to recommend a good book on risk, please comment below.

Continue reading
Hits: 331 0 Comments

Posted by on in Risk Management

Ten years ago nine out of ten CFOs I was consulting to would tell me their CEO was too busy to meet to discuss the risk program under development.  The CFO was tasked with the job and we should just get on with it.  Today it is less likely to be a problem to meet with the CEO on risk, however, getting to the Board still seems to have its challenges for many risk professionals.  My experience is that “risk appetite” is one of the best tools to engage the Board.  This is how you can make it work:

  • Be clear on why Boards should care about risk appetite.  The key reason is because it drives the behaviour of the executive, management and staff.  It is closely linked with ensuring the organisation has realistic objectives aimed at fulfilling the organisation’s purpose.

  • Through the appropriate channels, offer to have a session with the Board to develop a risk appetite statement (download a sample risk appetite here) and be clear on why.  Use their language not risk-speak. If they agree, all is good.

  • If the Board does not agree to have a discussion on risk appetite and delegates the task to management, prepare the statement with senior management and forward it onto the Board for review with a paragraph along the following lines: “The attached risk appetite statement will be disseminated to and used by staff and the executive to inform their decision-making.  Furthermore, the statement will be used to confirm risk reporting triggers when certain risks need to be reported to higher levels of management and ultimately to the Board.”

In my experience, presenting a risk appetite statement to a Board in this way leads to a full discussion between the Board and management and more often than not, the senior risk officer is invited to lead the discussion.  The Board becomes engaged and now has further basis for querying why a decision has or has not come to the Board for approval.

Continue reading
Hits: 921 0 Comments

Posted by on in Risk Management

Complimentary Webinar

Bringing IT and Business Together for
Business Continuity Planning (BCP)

Tuesday, 6th August, 3PM (AEST)
Register Here Now

Please join me as I conduct a Complimentary Webinar on Business Continuity Planning (BCP) and the links between IT and Business Managers.

To present this webinar, I have teamed up with Always Up IT, which is a Microsoft Gold Partner and EMC Premier Partner and assists businesses and government departments with technology needs.

This free webinar will help you to get your business set up for success even in the face of a disruption with a Business Continuity Planning strategy. You will learn why your organisation needs a BCP, how to devise a 5-step action plan to kick-start your BCP and you will come away with the tools to talk to and get buy-in from your organisation.

Register for the webinar now and learn how to align IT disaster recovery with the needs of your business.

Continue reading
Hits: 770 0 Comments

Posted by on in Risk Management

Risk Leadership: Qualified Risk Director - What Does It Take?

The Qualified Risk Directors Governance Council of the Directors and Chief Risk Officers Group (“the DCRO”) based in the US with members from “over 100 countries” has recently published Qualified Risk Director Guidelines.  The guidelines outline the skills and experience Boards and shareholder groups should be looking for when appointing Board members to boost oversight of Risk Management.

The guidelines state that Risk Directors should have the majority of skills and experience they outline in these four areas:

  • Risk Management Acumen
  • Personal Attributes   
  • Business Acumen
  • Education

    Looking at the guidelines as a whole, the positive from this approach is that they highlight the reality that many Boards still don’t fully appreciate that there is more to Risk Management than putting in a few rules and guidelines that can be assessed by audit to confirm compliance to regulators.  The guidelines send a clear message that a consummate risk professional (director) requires specific skills and expertise.

    The downside is that the guidelines can be seen as self-serving of the risk profession.  A push that says most Boards don’t have the skills to oversee risk and that risk professionals are the future saviours for organisations.

    Unfortunately the guidelines do add a little ammunition to this latter way of thinking as many of the attributes the guidelines suggest are important for a Qualified Risk Director are, in my opinion, requisite qualities of any Board director.  For example, directly from the guidelines:

  • Independence, integrity, honesty, and ethical conviction, with the determination to act above personal interests in the conduct of their role
  • Being unafraid to ask basic and necessary questions
  • The ability evaluate different kinds of strategic options, including financial, operational, technological, or market-based investments
  • The ability to see both the upside and downside of risk-taking
While I do not at all dismiss these Qualified Risk Director Guidelines as being a good resource for Boards,  I do feel they should have recognised the general skills of Board directors and highlighted the less prevalent skills not always found in an experienced Board director. Those skills that come from the understanding that risk is not a compliance function, it is all about performance.

Continue reading
Tagged in: Risk Management
Hits: 314 0 Comments

Posted by on in Risk Management

Thanks to Rita for getting me moving on a Business Continuity article.  A topic I have neglected in this newsletter for quite some time.  Perhaps it is because I feel Business Continuity Management (BCM) as a discipline has developed nicely over the past couple of decades and most practitioners don’t need too many tips in this area. 

Once I got thinking about it and had a chat to another of my readers (thanks Greg) it made me realise that I often see good practice omitted from BCM programs.  So here is my list of must dos for BCM!

Communication – You must treat your communication plan seriously.  When the big one happens, forget landlines, forget talking on a mobile phone – how are you going to communicate?  Remember, the earlier you communicate the sooner people can be properly informed and can start to calm down.  Social media provides great opportunity here and you need to be monitoring it anyway after a major event to manage your reputation.

Command and Control – You must get your senior management to attend test exercises.  Otherwise they will be unclear about what is planned if an event happens, or worse still, they may be ill-informed and may take control and throw a good plan out the window.

Change with the Business – So often I see a BCM strategy implemented, not embedded and consequently forgotten.  The business changes, the operation changes and the recovery priorities change and all of a sudden the BCP and, in particular the IT Disaster Recovery Plan (DRP), are out of sync with business operations.

Test Your IT DRP – It is one thing for the IT department to say they have a robust DRP, however, if it has never been tested there is more than a remote chance it will not deliver anywhere near expectations.

Continue reading
Hits: 443 0 Comments

Posted by on in Risk Management

Risk Leadership: 3LoD


I saw this abbreviation, 3LoD, in a presentation the other day and it took me a few seconds before I worked out it refers to the Institute of Internal Auditors' whitepaper entitled The Three Lines of Defence. There are some very good aspects to the paper and a few I am not so keen on.

3LoD has a good summary of the different roles and responsibilities of management, risk and compliance teams and internal audit:

  • Managers manage their risks by putting into place processes and systems to guide staff and minimize the potential for unwanted outcomes.
  • Risk and compliance teams are internal consultants acting as facilitators or enablers for management. They provide guidance on how best to understand and manage the uncertainty.
  • Internal audit provides assurance that what the governing bodies are told is the situation, is the situation.

There are a couple of less than perfect aspects of the risk and compliance professions that the title of this paper highlights. The first is a focus on the negative aspects. The use of the word defence suggests we need to use risk and compliance to protect ourselves from bad management whereas the main aim of risk and compliance is to focus on achieving success through the management of uncertainty.

The paper also highlights the lack of independence of auditors in all kinds and sizes of firms. So often the same person heads up the second and third lines of defence despite the IIA saying it should only happen in exceptional circumstances. It should never happen!

Auditors should audit and provide assurance. Any other manager can acquire the skills and resources to fulfill the risk and compliance function. It is a cop-out to suggest that sometimes the head of audit needs to head up risk and compliance. By all means have an audit professional in the role but do not have them report to the head of audit.

For more information on the value of independence that the separation of the risk/compliance and audit roles creates, see the December 2012 issue of Risk e-Views.

Continue reading
Hits: 660 0 Comments

Posted by on in Risk Management

One of the great advantages of family holidays is the opportunity to learn from the younger generation. So often there is no end of surprises and you are walking away with your tail between your legs or nodding approvingly.

Why should we look for risk leadership from the uninitiated or those younger than us?:-

"Devil may care" Their carefree attitude can remind us of why we are doing all this in the first place and help shift our risk appetite to a more appropriate level.

"Ignorance is Bliss" Their ignorance will often lead to solutions. They may be ignorant of the risk, however, more importantly they will be less willing to give up and are more likely to fight for a solution.

"Technology Savvy" We know they are technology savvy so why not ask them about the technology. Don't fall for the vendor's sales pitch.

"Social Re-norming" We know there are social norms, however, the younger generations are "social re-norming" our society. If you don't allow them to lead some of the way, you will fall further behind than you already are.

I know they say youth is wasted on the young but so too is experience wasted on the experienced. We forget too much of what we have learned, we forget how great it can be to take some risks because we have seen too many bad outcomes. We forget what we thought of the experienced when we were the inexperienced.

Don't waste your experience, tap into the younger and uninitiated and help drive change in attitudes to risk taking - remind people of what helped them get to where they are today - youthful exuberance balanced with risk-based decision making. It's not what you called it, but it was what it was!

Continue reading
Hits: 268 0 Comments

Posted by on in Risk Management

I recently read an interesting article in my son’s school’s newsletter.  It was a teacher of 28 years’ experience who for the first time in his career had another teacher sit in on a lesson with the purpose of self-improvement via a collaborative approach.  In his words:

"So, after 28 years in the wilderness, I took the plunge this week and welcomed a colleague into the protected walls of my classroom. My colleague, many years younger, technologically savvy, and very cool, quietly sat in the back corner and wrote copious notes on his observations. At first, I was conscience of his presence, but quickly got into the swing of the lesson. By its conclusion, my Year 12 students had understood the concepts, or so I thought, and the lesson went to plan. The observation was followed up with a meeting and my colleague arrived with four pages of typed notes! After reminding him where he got his meal ticket from, our discussion commenced. What transformed was one the most valuable professional development experiences in which I have participated during my teaching career. My colleague sensitively raised issues, made suggestions, provided praise and left me with some strategies to work on before our next encounter in the second term. The entire experience proved very enriching and will certainly, in the long run, improve the educational outcomes for the boys in my classroom."

 It reminded me that every risk professional could benefit from similar support.  When we are facilitating or taking on a tough meeting influencing senior executives on risk, how often do we have a peer sitting in the wings to provide us feedback?  My tip is to search out a peer to provide that feedback from time to time so you can continually improve.

Continue reading
Hits: 305 0 Comments

Posted by on in Risk Management
Continue reading
Recent comment in this post - Show all comments
  • agen judi online says #
    i would like to thank for Douglas for every his useful posting
Hits: 525 1 Comment

Posted by on in Risk Management

Recently I read a comment in a LinkedIn Group that stated Chief Risk Officers should be given more authority in order to enforce sound risk management practices. This made me raise my pen.

The notion of authority for a CRO worries me a bit along the lines that the risk management function and internal audit should be separated. I am more of the school that CROs sell benefits, facilitate better practices and influence good decision-making as broadly as they are able while the assurance function (eg Internal Audit) attests to the success or otherwise of the CRO's efforts (Also see my blog on should Boards have a separate Risk Committee). Yes, sometimes the CRO’s job will be near on impossible and you would need the charisma of Richard Branson, however, being seen as a “Trusted Advisor” rather than an authoritative figure will in the end assist management make better decisions.

As many of the subsequent posts to the comment stated, you need to earn respect. In my words, “Trusted Advisor” status must be earned. You can have notional authority without influence.

Lastly, I was involved in the establishment of a Masters in Risk Management at Monash University, Australia, about 12 years ago and during a workshop on what might be a CRO's ultimate skill set, we concluded someone with the core technical RM skills and an MBA was getting towards the mark. Since then I have often commented that a CRO needs to be an MBA on steroids. A CRO needs to understand strategy, finance, safety, project and change management, organisational behaviour as well as have a great understanding of the business. On top of that, a CRO needs to show strong leadership across all of these areas.

Continue reading
Hits: 582 0 Comments

My Tweets

Subscribe to RMP Newsletter
Download our white paper
Linkedin Twitter
Live chat by BoldChat