WILSON's View on Risk Management

ERM is powerful when designed as a performance-focused activity. It's not an audit, nor a compliance process. ERM manages the barriers that prevent organizations from achieving their objectives.

Author:
Richard Wilson develops Performance Risk Management capabilities for complex organizations. He has helped the largest companies in North America manage the barriers to their desired performance.

richard.m.wilson@ca.pwc.com | (416) 941-8374

Sunday, May 2, 2010

How to identify your hidden catastrophic risks

I was talking to a client recently about the bigger risks that could seriously harm their company.  He cited a recent example where a newly acquired small entity almost caused the parent company to be delisted from their exchange.  The acquired company refused to share some of their financial information with the parent and as a result they weren't able to file quarterly reports until the subsidiary was sold.  They came within a inch of being delisted.

Every company has hidden liabilities such as this.  Some are obvious such as having too much reliance on a single customer for revenue, or too much reliance on a single supplier for goods or services.  In other cases the problem is equally risky but not as obvious.  An effective way to get visibility on ALL of these major risks is to combine business continuity planning (BCP) with risk management.

Risk management tries to determine the likelihood of uncertain events occurring, while BCP assumes these uncertain events occur and plans alternate routes and recoveries.  During your risk identification process you will inquire about events that may prevent your company from achieving its objectives.  Try reverse engineering this process to say, "assume that this objective fails - what events could cause this to happen?".  The answers you receive will include catastrophic risks that no one assumes will happen.

For example, asking about risks related to loosing a big revenue stream may result in a limited list of risks due to optimism about how the company is operating.  However, assuming that the big revenue stream just disappeared, and asking for potential causes, will uncover new potential risks.  The optimism that blinds you to potential risk will be replaced by creative thinking about previously unconsidered risks. 

A case in point is the recent volcanic eruption in Iceland that grounded entire fleets of planes.  If you asked what risks would ground an entire fleet, volcanoes may not have been identified.  But assuming the entire fleet has just been grounded, and asking for potential reasons why, will prompt potentially uncreative people to think more broadly.

[Rich]
richard.m.wilson@ca.pwc.com




Posted by
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

About The Author

My photo
Richard is a Director in PwC's Risk Advisory practice with clients in both Canada and the United States.

He is an experienced senior executive with 15 years in a CEO or COO role (publically traded and private firms). Richard has been leading risk management implementations for more than a decade incl. 60 C-level risk assessments, and has led online risk assessments for 30,000 people in 25 countries.

He has advised the largest company in the US on risk management, and he has facilitated a risk assessment for the United Nations. Richard has been published in Compliance Week, Canadian Business, and the Globe & Mail and has been a keynote speaker on the topic of risk at many conferences in both Canada and the US since 2004.