I came across Greg Carroll a few weeks ago when he was giving what we thought was a counter-intuitive blog called: Chaos Theory & C – Level Disillusionment with Risk Management.
Not good! This ran counter to the enter premise of CERM and our business model. But, we were intrigued. And, Greg was kind to expand on his views.
CAN YOU PROVIDE THE READERS A LITTLE BACKGROUND ON WHO YOU ARE AND YOUR NEW BOOK MASTERING 21ST CENTURY ERM?
My working career started at Cooper Lybrand’s Management Consulting Services in the mid 1970’s working in their Financial Modelling area. This led me to do a Graduate Diploma in Computer Simulation in the late 1970s. This was predominantly to do with using mathematical modelling in decision making, an area of mathematics known today as operational research. In 1981 I started what today is Fast Track implementing software for Compliance and Risk solutions. Focusing mainly on regulatory compliance in safety critical environments such as Aviation, Health and Utilities, clients include Dept of Defence, Dept of Heath, and SA Water as well as corporate clients like Serco, Fosters and Motorola.
WHY DO YOU THINK THAT RM AND/OR ERM IS NOT WORKING?
Thru general discussion with C-Level executives I have detected a wide spread view that RM is a bureaucratic necessity for regulatory bodies but of little real value and ERM is just a management fad. This was supported by a number of formal research findings this year including KPMG and Milliman.
I believe current practices are not only out of date but not applicable to today’s business environment. Unlike 10 years ago, today business is highly volatile and paradigm shifts are not only common but occur a light speed. We need 21st century management systems and tools capable or reacting to events quickly. Periodic reviews no longer cut it. In my book I compare it to the change from the Wild West of the 1890 to the Roaring 20s, where wagon trains and cowboys were long forgotten, so I see the change from 1990’s to 2020s.
WHAT DO YOU PROPOSE AS A SOLUTION FOR 21ST CENTURY ERM?
None of what I am proposing is new or ground breaking. Operational research I studied 30 years ago and Bayesian modelling has been around for 250 years. The key issue is we need a paradigm shift in risk managers. Instead of being risk averse, they need to be focused on developing opportunities, and be formally schooled in basic decision modelling and probability mathematics. I believe a large number of those practicing risk today are not suitable for their role in the 21st century.
WHAT IS A NEURAL RISK MODEL AND HOW DOES IT WORK?
A neural risk model interrelates all risks, causes and drivers, allowing for both vertical and horizontal aggregation in all directions. Any single item can be a risk, a cause or a driver under different conditions. The traditional view a risk having a specific value is not reflected in the real world. Operational risks are connected to financial risk which are both related to reputational risk. All 3 need to be managed differently but need to affect one another in real time. Using environmental monitoring (including from Big Data) with triggers to fire re-evaluation of effects across the entire enterprise is what is needed to meet board level expectations for ERM.
HOW DO YOU SEE QMS OR QUALITY FITTING INTO 21ST CENTURY ERM?
I see QMS inextricably tied to ERM. You cannot have one without the other. ERM must be focused on increasing shareholder value, which in turn requires a delivery vehicle which QMS provides. ERM is your intelligence unit and QMS your field commander.
WHAT DO YOU SEE IS THE FUTURE OF ERM IN A. ISO 9001 (2015); B. GRC; AND 3. MANAGEMENT SYSTEMS?
I do not hold to a number of the current arcane debates on definitions and boundaries of management systems. I believe in a single integrated management system for GRC, with not one framework, but multiple frameworks applicable to each specific area of need. I am still hopeful that there will be a convergence of ISO9001, ISO 31000 and GRC but with the political nature that has developed around these groups I fear they are just designing a better horse drawn wagon.
Thanks Greg. Eye opening. I’d like to see the neural net your talk about. It could be a game changer in ERM.
Bio:
Greg Carroll - Founder & Technical Director, Fast Track Australia Pty Ltd.
Greg Carroll has 30 years’ experience addressing risk management systems in life-and-death environments like the Australian Department of Defence and the Victorian Infectious Diseases Laboratories among others. He has also worked for decades with top tier multinationals like Motorola, Fosters and Serco.
In 1981 he founded Fast Track (www.fasttrack365.com) which specialises in regulatory compliance and enterprise risk management for medium and large organisations. The company deploys enterprise-wide solutions for Quality, Risk, Environmental, OHS, Supplier, and Innovation Management.
Mastering 21st Century Risk Management” which will be available from the www.fasttrack365.com website in a couple of weeks. Meanwhile a recent Webinar on the topic can be seen at http://www.youtube.com/watch?v=nQoJj6FBxrY&feature=youtu.be in which we show how emerging best practices provide a good picture for how enterprise risk management should look in the 21st century.