What We Liked
The Management of Risk guide defines Risk Management as:
"The systematic application of principles, approach and processes to the tasks of identifying and assessing risks, and then planning and implementing risk responses."
If that sounds familiar, it is. The only thing missing is the word "Project".
The MoR states that:
"Risk management should be most rigorously applied where critical decisions are being made. Decisions about risk will vary depending on whether the risk relates to long-, medium- or short-term goals."
MoR illustrates these term views as shown in Figure 2. We particularly like this figure because it illustrates that each of these perspectives relates to one of the three major management components of any organization that are:
- Senior executives responsible for corporate governance of the entire organization taking the long-term view
- Program/project management responsible for delivery on new initiatives and taking the mid-term new product delivery view, and
- Operations Line of Business responsible for generating the benefits from the available products.
Figure 2: Organizational perspectives
Chapter 4, Management of risk process, adopts the now well-established input-process-output model but with some elaboration as shown in the generic Figure 3.
Figure 3: Generic process elements - inputs, outputs, barriers and techniques
As an example, this model is used to illustrate the stage of risk identification as shown in Figure 4.
Figure 4: Risk identification process definition and information flows
By way of comparison, compare this to the Project Management Institute's model shown in Figure 5.
Figure 5: Risk identification - inputs, tools & techniques, and outputs
Why is risk management important? According to the authors, because:
"A certain amount of risk taking is inevitable if an organization is to achieve its objectives ... Taking and managing risk is the very essence of business growth.
The authors cautiously suggest that effective risk management is likely to improve performance against objectives by contributing to such things as:
- Better service delivery
- More focus internally on doing the right things properly
- Fewer sudden shocks
- Reduced waste and fraud
- Better management of contingent and maintenance activities, and so on
The authors also point out that:
"Many of these benefits are applicable to both the private and public sectors. Whereas corporations focus mainly on shareholder returns and the preservation of shareholder value, the public sector's role is to implement programs cost-effectively, in accordance with government legislation and polices to achieve value for money."
Oh, how we wish that our politicians understood that just as well!
In fact the authors recount that:
"In the private sector change has been instigated in the UK, across Europe and within the US by new regulatory environments driven for instance by the:
- Combined Code on Corporate Governance 2006 (UK)
- Basel II Accord 2004 (Bank of International Settlements, Switzerland)
- Sarbenese-Oxley 2002 (Public Company Accounting Reform and Investor Protection Act, US)"
In our humble view, given the current chaotic financial environment (mid-2008), the US Sarbenese-Oxley act as one example has done little to avert the severest risk of all - the financial collapse of major investment banking institutions. While the regulators were busy harassing high profile business people, the boys in the sub-prime mortgage trenches were busy whooping it up using highly questionable corporate-endorsed marketing practices.
A legitimate question, therefore, is whether or not a strong dose of "Management of Risk" would have averted much of the turmoil and the collapse of major long-standing institutions that should have known better? Obviously, risk management is a hard sell to both public and private corporations. However, one cannot help but think that a stronger dose of plain economics might not have been more appropriate.
10. Ibid, p1
11. Ibid, p5
12. Ibid, Figure 1.3 on p5
13. Ibid, Figure 4.3, p37
14. Ibid, Figure 4.5, p42
15. A Guide to the Project Management Body of Knowledge, Third Edition, Project Management Institute, Figure 11-6, p246.
16. Management of Risk: Guidance for Practitioners, Office of Government Commerce (OGC), UK, 2007, p2
18. Ibid, p3