#183 – BREXIT AND THE FAILURE OF ERM – GREG CARROLL

team-carroll-150x150I have often written on my view that there is an over emphasis these days on Black Swans in risk management. The Brexit vote not only shot shockwaves through financial markets but has created a whole new paradigm to world economic stability both short and long term.  And if Risk is defined as uncertainty then as of today, this must be one of our greatest risks.

So what happened with Brexit, after all it was a 50/50 risk!  It was an enormous accident. No one really thought it would happen. Just look at the graphic to the right to see what the odds bookies were offering that the UK would Stay!  Even I bought shares on Thursday, discounting the vote as a non-event.  From the petitions now circulating in the UK, I would say complacency amongst the middle classes and business community was the main culprit.  The same complacency to “nutter” politics may end up voting Donald Trump in, and world economic stability will worsen further. (as shown by the absurdity of his “congratulation on taking your country back” comment when landing in SCOTLAND!)

So where to from here?

My “guess” is that the UK will exit the EU well before the 2 year deadline.  This will be followed by a Thatcherite period of recession, social unrest and economic restructuring, which like its namesake, will leave UK stronger.  Ireland will boom as the new English speaking base for European access, and the EU will devolve back to its roots plus maybe the Czech Republic.

This event also raises a number of issues for modern enterprise risk management.  Firstly, is your effort in identifying emerging risk really cost justifiable? Secondly, how does it add to your risk resilience?  And finally, can your ERM tell you where you stand now, AFTER the event has occurred?  If you cannot answer these 3 questions then your ERM is a failure.

1. Dreaming of Black Swans

The fixation with Emerging Risks

Whether or not my “guesses” about the future are right or wrong, an ERM is meant to be a navigation tool not a crystal ball. Invariably, our biggest disruptions are generally sudden, momentous, and for which we are not prepared.

Instead of occupying our time and effort on trying to predict the future, risk management functions would be better served building business resilience to handle major disruptive events. It should empower us to identify the best course when there is a unexpected change in the weather and highlight any possible threats or obstacles.  Yes keep one eye on the horizon but make sure your navigation system is operational.

2. Risk Resilience in complex systems

The trap of the Risk Matrix and Heat Maps

The first necessary requirement for resilience is awareness. Awareness of how different aspects affect your processes and objectives is one of the foundations of risk management. Like a 1980’s entrepreneur, the EU has been fixated on expansion (a historical trait for Germany) at all costs.  Most of these 1980’s entrepreneur companies ended up unravelling but some restructured back to core business and survived.  So I see the only way of survival for the EU and ERM.

Sadly, ERM’s over-concentration on risk heat-maps and dashboards, has created a false sense of security that has distracted from the effort needed to develop interactive risk models that allow senior management to understand and manage disruption.  Just as the EU has been hijacked from its original “economic” purpose, so I see ERM being hijacked from its original intent to strengthen organizational resilience.

3. ERM as a Decision Making Tool

Delivering value

The Brexit vote was result of the majority of UK voters not believing that EU membership was delivering value.  So is the likely future of ERM unless it can start delivering more value than just as an information sink.  It has the possibility of providing invaluable decision making support for management, which is sorely needed in these turbulent and disruptive times.

I have seen very few ERM systems that have any aspect of being a decision making tool.  I’m not even talking about scenario analysis or “what if” capabilities.  I mean having the simple ability to ask “will a change in XYZ affect our viability?”.  Adding more and more to our risk registers is a waste of time unless they are structured to model how they affect the business.

And sorry, but listing an objective against a risk doesn’t cut it either.  It does nothing to inform on how the objective will be affected by a risk event.  This requires technical expertise in the subject matter to identify the influences and drivers and how their movement will affect an objective then monitoring the measurement of their movement. This has to be an automated, decentralized and interactive process.

Summary

For an ERM to work, it needs to be Enterprise (i.e. integrating all influences over the whole organization), Risk (i.e. model the interrelationships that cause uncertainty), Management (i.e. be a decision making tool for those who actually run the business).

Yes I declare my bias as FastTrack is commonly passed over for cheaper glorified spreadsheet (cloud) systems with pretty heat-maps and dashboards.  But if you can’t answer the above 3 questions you have to seriously ask yourself “What is the real value of our ERM?”

Bio:

Greg Carroll 
- Founder & Technical Director, Fast Track Australia Pty Ltd.  Greg Carroll has 30 years’ experience addressing risk management systems in life-and-death environments like the Australian Department of Defence and the Victorian Infectious Diseases Laboratories among others. He has also worked for decades with top tier multinationals like Motorola, Fosters and Serco.

In 1981 he founded Fast Track (www.fasttrack365.com) which specialises in regulatory compliance and enterprise risk management for medium and large organisations. The company deploys enterprise-wide solutions for Quality, Risk, Environmental, OHS, Supplier, and Innovation Management.

Mastering 21st Century Risk Management” which will be available from the www.fasttrack365.com website in a couple of weeks.   Meanwhile a recent Webinar on the topic can be seen at http://www.youtube.com/watch?v=nQoJj6FBxrY&feature=youtu.be in which we show how emerging best practices provide a good picture for how enterprise risk management should look in the 21st century.

Leave a Reply

Your email address will not be published. Required fields are marked *