Risk Management

Risk management has been in a long running battle to justify its value to the modern organisation. In that time it has evolved from an exercise in caution intended to prevent harm and unwanted losses to what one practitioner described as “a new means of strategic business management, seizing opportunities and capitalising on the rewards”. The financial sector has shown us that some of the largest investments in risk management, coupled with some of the most ambitious claims of capability, have delivered some of the worst results.

These failures have served as a timely reminder of where risk management needs to focus to add value - and where it can go seriously wrong. These lessons include:

• Rather than seeking to ‘optimise’ rewards, risk management needs to first ensure business protection.
• Risk management too often results in rules, documentation, process and reporting that are time intensive and, by their volume, make major risks less visible not more.
• Spurious probability assumptions, sometimes based on quantitative models, have led organisations to discount risks which may have a huge impact but are wrongly assessed as too unlikely to warrant serious attention.
• Events and warnings that have been the lead indicators for major risk breakdowns have been overlooked or rationalised as unimportant when they do not fit with the status quo view of the business’s risks.

Kingston Smith Consulting’s approach to risk management is built on methods which are known both to work and add value. Our practices cannot always lay claim to be at the leading edge of risk management evolution, but they do have the singular benefit of being effective. Our approach is based on six principles:

1. Clear and simple governance standards. These flex to the culture of the organisation but make explicit where risk decisions are made and what the Board feels is the oversight and input they require to these decisions.
2. Core risks are well understood and well managed. Core risks are those risks which are central to doing business in a given sector. In reality most of these risks do not change greatly over time and they are capable of being addressed with measures that are both efficient and sustainable for the long term. Like any other investment with annuity benefits, core risks justify a significant outlay in risk management.
3. A culture of challenge. Risk managers are not enablers to risk taking but are first and foremost tasked with voicing the contrary view to organisational orthodoxy.
4. Excellent people supported by simple models, rather than complex models supported by ineffective resource.
5. Focused effort on the risks around change. Process change, system change, new products, services or locations; these changes to standard activity represent real and present risk and need skilled risk management.
6. Early warning mechanisms and the agility to respond to those warnings. Few risk breakdowns occur without prior warning. Minor issues and near misses within the organisation need to be recognised and investigated before they become major issues. The problems of other businesses need to be studied and stress tested in your own organisation.