Tag Archives: Risk Management

Immediate Vault Immediate Access

RIMS ERM Conference 2021: Introducing the New RIMS Maturity Model

Posted on by

This morning at the two-day RIMS ERM Conference 2021, attendees got a “sneak preview” of the new RIMS Risk Maturity Model, presented by Carol Fox, former RIMS vice president of strategic initiatives, and Tom Easthope of Microsoft’s enterprise risk management team. RIMS decided to “reboot” the Risk Maturity Model, Fox said, since the original model was launched in 2006, and the field of risk management had changed quite a bit in the years since, as had the world in general.

Easthope outlined how the new Risk Maturity Model was “designed by practitioners, for practitioners” with input from peers, pundits, academics and critics, to show what success looks like in mature organizations. To achieve this, the new model focuses on how advanced an organization’s risk management capabilities are, not necessarily whether the organization had performed specific actions, as the previous model stressed.

Fox told the audience, which attended in person and tuned in online, that the new Risk Maturity Model was built to “grow as the profession grows,” and outlined its five pillars:

  1. Strategy Alignment: Risk related to strategy can lead to riches or ruin.
  2. Culture and Accountability: Culture and accountability drive action.
  3. Risk Management Capabilities: Risk management capabilities encompass more than proficiencies in a single process.
  4. Risk Governance: Integrated governance leads to performance improvements.
  5. Analytics: Analytics are the engines to inform decision making and influence action.

The model is also customizable for each individual organization’s goals and context. When answering the model’s questions, risk managers will have the opportunity to specify their organization’s target on each metric. Success is then measured along five tiers, with Tier 1 being “No formal capacity in place” and Tier 5 indicating that “Capability exists in a continuous improving cycle, informed by internal/external inputs.” The model will not only give a score, but also provide risk managers next steps to help them advance their programs to the next level.

A presentation slide titled "Differentiating the Five Tiers," outlining the five tiers of the model's potential results.

As more people enter data and use the model, risk managers will be able to compare their own performance against that of other organizations and industries—though the presenters stressed that the data provided will be anonymized to both users and the researchers behind the scenes. Companies will also be able to access reports on different respondents across departments to see how answers differed within the organization.

The presenters extended an invitation to participate in the next phase of testing and to give feedback. The goal, they said, is for the model to reflect the reality of risk management today and to “evolve with the world that we live in.” Beta testing is slated to begin in December and to get involved, interested risk managers can contact the organization through the RIMS app, get in touch with Fox and Easthope via LinkedIn, or email RIMS vice president of strategic initiatives Soraya Wright.

This session and many others from the conference can be viewed on-demand online after the event.

RIMS ERM Conference 2021: Integrating Net Zero Commitments into ERM Plans

Posted on by

In a session titled “Integrating Net Zero Commitments into ERM Plans” at the RIMS ERM Conference 2021, Michelle Tuveson, executive director of the Cambridge Centre for Risk Studies, led an interactive session focused on how risk managers were handling their companies’ emission reduction pledges and efforts. Tuveson told the audience that while one-third of companies in G20 countries had signed onto “net zero” commitments—promises to eventually eliminate their companies’ carbon emissions completely—it is unclear how much analysis went into these pledges. As countries around the world start to require emission reporting, this lack of analysis (plus a lack of data to assess progress) is a major concern for these companies’ risk managers.

buy azithromycin online meadowcrestdental.com/wp-content/uploads/2023/10/jpg/azithromycin.html no prescription pharmacy

The audience seemed to back up this assertion.

buy augmentin online meadowcrestdental.com/wp-content/uploads/2023/10/jpg/augmentin.html no prescription pharmacy

Tuveson conducted a live poll, which revealed that most attendees felt that their industries were on the less prepared side for net zero developments and that their ERM and net zero plans were not very integrated. When asked which group was most driving their companies’ climate action, most answered that it was investors/rating agencies (31%), followed by the board and executive management (20%), consumers (17%), and peer companies (11%).

Tuveson was joined by Joerg Osterloh, director of enterprise risk management at Coca-Cola Europacific Partners, who outlined the company’s net zero activities.

buy albenza online meadowcrestdental.com/wp-content/uploads/2023/10/jpg/albenza.html no prescription pharmacy

With a commitment to be net zero by 2040, it had already reduced emissions across the company by 30% by 2019. The company was prioritizing this effort partially because it saw climate change risks “front and center,” impacting all aspects of its supply chain.

Osterloh credited a strategy that included analyzing how much emissions each sector of the company’s business produced, then strategically addressing each. For Coca-Cola Europacific Partners, the most emissions came from drink packaging, which was not as easy to reduce as other categories like operations and supply cooling. Overall, Osterloh noted the importance of being fully transparent in the company’s net zero activities and its advocacy to influence public policy on transitioning to a low carbon future. He also stressed investing now in new technologies, rather than waiting for those technologies to mature.

At least some risk managers and their companies may already be following this advice. In a final poll, most audience members said that the focus of their companies’ net zero strategy was substituting renewable power (26%), followed by greening supply chains (19%), adopting new technologies (18%), altering products and services (15%), and purchasing carbon offsets (9%).

If you missed this session, it and many of the other sessions at RIMS ERM Conference 2021 can be viewed on-demand online.

Applying the Pareto Principle for Personal and Professional Success

Posted on by

Vilfredo Pareto, an Italian economist born in 1848, was apparently also a keen gardener, and like all keen gardeners, Vilfredo knew not all plants are created equal. Some of them produced a great crop of abundance, and some of them had very little to offer. In fact, legend has it that Vilfredo noticed that 20% of his pea plants were producing 80% of the healthy pea produce. 

This realization set Vilfredo on a voyage of discovery of other uneven distributions in life, particularly in relation to wealth. His discovery that 80% of the wealth in Italy was owned by 20% of the population was later found to be broadly true across many cities, countries and other geographic areas. This uneven 80/20 distribution formed the basis of what we today call the “Pareto Principle” or the “80/20 rule,” in recognition of the more general imbalance of inputs and outputs in many aspects of life. 

For example, it has been found that:

  • 20% of employees are responsible for 80% of results
  • 20% of customers account for 80% of profits
  • 20% of content in content marketing produces 80% of traffic
  • 80% of pollution originates from 20% of all factories

These rules are not set in stone and the ratio often will not be exactly 80/20, but this uneven distribution of the “vital few and trivial many” is found in many aspects of life and business.

So, why does this matter, and what are the practical implications for you as a risk manager and an individual managing your own personal life?

Risk Management Applications

Risk management often involves examining a seemingly never-ending list of things that can go wrong and may result in negative consequences. There are many different drivers that can increase either the likelihood or severity of a risk event and risk professionals are tasked with trying to prioritize the risks and focus on the key drivers.

The Pareto Principle can help to clarify prioritization in risk management. For example, the 80/20 rule has been evidenced within occupational health and safety, with 20% of hazards shown to account for 80% of injuries. Other cited examples include 80% of computer system crashes coming from 20% of reported bugs, and 20% of drivers causing 80% of accidents.

The 80/20 rule serves as an important reminder that not all risk drivers are equal and that a key aspect of risk management is the ability to truly understand the drivers behind risks so that we can focus our attention on those that matter most.

Personal Implications 

Perhaps one of the most profound personal takeaways from the Pareto Principle is the application to personal time management. We all know that some people manage to achieve extraordinary success in life, despite the fact that we are all constrained by the same 24 hours in each day. Arguably, many of the most successful business people are masters of prioritization and applying the 80/20 rule to their own personal time management. They recognize that not all tasks are created equal and, hence, they will carefully think about which tasks are their top 20% that will result in an 80% output. Then they get to work doing these tasks and delete, delegate or defer the other 80%. So the next time you have a list of 10 things on your to-do list, make sure to carefully choose the top two and get to work on them.

Putting Risk Management on the Front Line

Posted on by

Businesses in India expressed an overwhelming desire to approach risk management more strategically in this year’s Excellence in Risk Management India report, with 68% of respondents deeming “integrating risk management into strategic planning” their top priority. Today, managing risk intelligently is everyone’s responsibility—not just the company’s executives—and the question of how to enable risk management at the front line of defense (FLoD) was a key theme for Marsh’s “Enabling the First Line of Defense” panel discussion at the RIMS Risk Forum India 2019. Consistently taking the initiative is key to risk management, and panelists discussed a number of proactive strategies for enabling front-line employees to address risk.

Enabling the First Line of Defense

As risk responsibilities move to the front line, organizations will need to review how their risk framework can be adapted. To equip everyone to confidently handle risk, risk management needs to be more intuitive. Data and analytics can also play a significant role in making the process more collaborative, measurable and strategic. Backed by technology, many firms are now not only able to prevent downside risks, but have capitalized on new markets, opportunities and changes in demand.

Panelists expressed that risk management was not a priority for frontline staff like sales executives, who are more likely to be encouraged to meet sales KPIs. Reflecting on his time within financial services, panelist Sudip Basu, Hinduja’s group head of risk, said that during peak times, risk was not an important consideration, and rarely outweighed more immediate profit and success motivations. Of course, self-examination happens during down-turns, which the sector has experienced over several tumultuous decades, both in India and globally. Basu said that this was definitely the case after the global financial crisis.

Bake Risk Management into KRAs

One key activity that the panelists flagged was baking risk management into key responsibility areas (KRAs) so that risk management messaging cascades down to the front line and into business activities. However, the panelists also expressed concern about the level of monitoring being implemented alongside these KRAs, stressing the need for follow-through on good intentions and highlighting this as an area of development needed for success.

Celebrate Successes

Celebrating success is far from an unfamiliar concept, though firms may need to address how success is measured and at what level. According to panelist Jyotsna Sharma, Bridgestone India’s chief financial officer and head of IT, firms are very good at celebrating risk management successes at the senior levels, but not as good at recognizing it for front-line teams. Sharma said that it would be beneficial to build in small acknowledgements for front-line teams and employees who have done exceptional work, have been proactive or have demonstrated risk management best practices.

Acknowledge Incremental Gains

The panelists also stressed the importance of incremental gains. A  change in the front line’s perception of risk management is not likely to happen overnight. If only key milestones or large events are recognized, it could be harder to gain buy-in and ongoing support from teams on the ground. Much like celebrating wins achieved by the FLoD, acknowledging incremental gains helps the team to view the journey to success as a process, and could help FLoD initiatives to more easily gain momentum.

While the FLoD is traditionally associated with operational management, as risks grow increasingly complex and interrelated, risk management is no longer only the purview of control functions, particularly when major influences from regulatory and broader economic environment exist. Ensuring that there is adequate awareness of risks—while rewarding successes across various levels of the organization—is critical for organizations to cope with risk in the current business environment.