WILSON's View on Risk Management

ERM is powerful when designed as a performance-focused activity. It's not an audit, nor a compliance process. ERM manages the barriers that prevent organizations from achieving their objectives.

Author:
Richard Wilson develops Performance Risk Management capabilities for complex organizations. He has helped the largest companies in North America manage the barriers to their desired performance.

richard.m.wilson@ca.pwc.com | (416) 941-8374

Friday, April 9, 2010

Risk: It's how you word it

One of the greatest risk management challenges I have seen over the years is wording risks properly. It sounds simple enough (and it is!). So why is there such inconsistency in wording risks? The first reason is that there is no universal standard to follow. The second is that there are too many interpretations about what risk is. Finally, risk carries a negative connotation in many organizations, (sadly), so people try to describe their risks in a positive way to position them more favourably.

Well worded risks are a cornerstone to a successful risk management program. If people across your organization end up with multiple interpretations about your risks, the credibility around your risk scores will fall. Getting the wording right is pretty important.

Allow me to suggest an easy and reliable way to word your risks. To begin with, remember that a risk is an event. Secondly, it is an event that may prevent you from achieving your objectives. Therefore, the simplest way to word your risk is" X may happen". For example, "Sr. executives may leave the company", or "Production at the plant may fall by 20%", or "Interest rates may rise above 5%". All of these risks are clear, and since they are worded in the future, should not be threatening to newly emerging risk management cultures.

Follow each risk with "context bullet-points". These are the data points about the risk that people should consider. For example:

Production at the plant may fall by 20%
  • our packaging supplier is in financial trouble
  • our competitors are trying to hire away plant staff
  • our plant wages are not competitive
  • unpredictable weather patterns in that region are expected
  • etc...
Here is a test to see if your current set of risks need rewording:
  • Do any of your risks begin with "A lack of...", or "The inability to..."? (If so, they are describing situations within which a risk may occur and not the event itself.)
  • Do any of your risks contain the words "and", or "or"? (If so, you have combined two events which will be difficult to score.)
  • Are your risks worded as objectives in the positive? For example, "Retain our senior executives". It's a great objective but doesn't describe the effect of uncertainty on objectives.
  • Is the risk tied to one or more objectives so that it is clear where the challenge to the organization lies?
  • Do your risks have contextual data points attached to them?
Following this approach will clarify your risks and heighten the likelihood of a common interpretation. It's really that simple!

[Rich]
richard.m.wilson@ca.pwc.com




Posted by
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

About The Author

My photo
Richard is a Director in PwC's Risk Advisory practice with clients in both Canada and the United States.

He is an experienced senior executive with 15 years in a CEO or COO role (publically traded and private firms). Richard has been leading risk management implementations for more than a decade incl. 60 C-level risk assessments, and has led online risk assessments for 30,000 people in 25 countries.

He has advised the largest company in the US on risk management, and he has facilitated a risk assessment for the United Nations. Richard has been published in Compliance Week, Canadian Business, and the Globe & Mail and has been a keynote speaker on the topic of risk at many conferences in both Canada and the US since 2004.