Simplifying Risk Management An Evidence-Based Approach to Creating Value for Stakeholders
Recent decades have seen much greater attention paid to risk management at an organizational level, as evidenced by the proliferation of legislation, regulation, international standards and good practice guidance. The recent experience of Covid-19 has only served to heighten this attention. Growing interest in the discipline has been accompanied by significant growth in the risk management profession; but practitioners are not well served with suitable books to guide them in their work or challenge them in their professional development. This book attempts to place the practice of risk management within organizations into a broader context, looking as much at why we try to manage risk as how we try to manage risk. In doing so, it challenges two significant trends in the practice of risk management: • The treatment of risk management primarily as a compliance issue within an overall corporate governance narrative; and • The very widespread use of qualitative risk assessment tools (“heat maps” etc.) which have absolutely no proven effectiveness. Taken together, these trends have resulted in much attention being devoted to developing formalized systems for identifying and analyzing risks; but there is little evidence that this is driving practical, cost-effective efforts to actually manage risk. There appears to be a preoccupation with the risks themselves, rather than a focus on the positive actions that can (and should) be taken to benefit stakeholders. This book outlines a simple, quantitative approach to risk management which refocuses attention on treating risks; and presents choices about risk treatment as normal business decisions.
- Risk in the Context of Organisations
- Trends in Risk Management
- Bridging the Gap Between Academics and Practitioners
- Terminology, References and Structure
Chapter 1: What do we Mean by Risk?
- Upside and Downside Risk
- Risk vs Uncertainty
- Risk to Whom?
- Reconciling Conflicting Interests
- Risk Measures
- Categorisation of Risks
Chapter 2: Why do we try to Manage Risk?
- Improving Expected Outcomes
- Reducing The Likelihood of Extreme Events
- Reducing Variability in Outcomes
- Demonstrating Good Corporate Governance
- Why do we not Manage Risk?
- Empirical Evidence
Chapter 3: Risk Management Systems
- Integrated Risk Management
- Implementation of Integrated Risk Management Systems
- ISO 31000
- Risk Displacement and Risk Compensation
Chapter 4: Scope, Context and Criteria
- Agreeing Risk Criteria
- Ownership and Delegated Authority
- Justifying Resources
Chapter 5: Risk Assessment
- Risk Identification
- Risk Analysis
Chapter 6: Risk Treatment
- Risk Treatment Example
- Combining Risk Treatments
- Recording and Reporting
Chapter 7: Measuring the Effectiveness of Risk Management
- Measuring the Effectiveness of Individual Risk Treatments
- Estimating the Mitigating Effect on Major Disruptions
- Evaluating the Success of Implementation
- Quantifying the Overall Impact of Risk Management Programmes
- Taking A Pragmatic Approach to Measurement
Chapter 8: Underlying Themes and Summary
- Is a Quantitative Approach Really Practical?
- How Does Strategy Link to Risk?
- Where Does Risk Management Belong in the Organisation?
- Crises and Black Swans
- Applicability to the Public and Not-for-Profit Sectors
- Would any of This Have Made a Difference in the Covid-19 Pandemic?
- Summary of Key Ideas
Annex A: Risk Return Relationships in UK Listed Companies
Annex B: The Impact of Covid-19 on FTSE 100 Share Price
Annex C: Alternative Numerical Example
- Risk Criteria
- Risk Analysis
- Risk Treatment
Annex D: Some Useful Sources of Risk Information
- Information Security
- Natural Disasters
"The author provides a comprehensive story that radiates a better understanding of organisational risk, through to the motivations for managing risk and its application in practice. The connectivity of these aspects is profound and enables such an approach to be defensible and more likely to stick in practice."
Peter Noble, Chief Operating Officer, Newcastle Health Innovation Partners.
"With a practitioner approach to risk management, Patrick brings what can be seen as a compliance obligation into ways of working that in my experience have added genuine value to management team business planning and collaboration."
Matt Margereson, Chief Operating Officer, Hotel Chocolat.
"Patrick Roberts ’s practical sense backed by sound academic research has gone a long way to embed risk management into many organisational cultures. To the surprise of many this has been achieved without the need for costly software or bureaucratic form filling and the ultimate nightmare of the risk management tail wagging the management dog. This book, for the first time, challenges accepted wisdom on risk management and takes it out of its silo and places it squarely into mainstream management where it truly belongs."
Mike Stephens, formerly Director of Safety, Security and Resilience, the Medical Research Council.
"What is offered is a light bulb moment in collating and translating all the theory into a practical next level Risk Management solution. More than an expert opinion, but an expert solution; integrating risk assessment and mitigation within a structured process. This approach has already added value to the business in dealing with COVID disruptions and associated Global Supply Chain issues."
Malcolm Watling, Group Sourcing Director, Domino Printing Sciences.
"Risk is mismanaged by most organisations from project selection through to completion. We all know of failed projects which have been buried and careers destroyed; and highly successful projects which rewarded executives but were, in reality, just an extremely lucky punt. Patrick’s quantitative approach to risk management allows organisations to assess managers’ performance based on the quality of their decision making rather than short-term results."
Sean Blackburn, fixed failing projects whilst at McKinsey and now growing businesses as an executive within global organisations.
"I have had the pleasure of working closely with Patrick on a number of projects over several years. His professionalism, depth of knowledge and pragmatic approach when communicating the strategic requirements when reviewing a business continuity plan and the various considerations when analysing the impact on the business.
"This book clearly explains Patrick’s unique approach to risk management, drawing on his years of practical experience in implementing business continuity management and information security management systems for clients. In doing so, it goes well beyond the details of how to do risk management; to explore the fundamental questions of why we are trying to manage risk and how we can measure if we are delivering value for our stakeholders.
"This is a must-read book for any CEO or board level executive involved in risk management."
Dave Watson, Group Head of Property, Facilities Management and Fleet Operations, JLA Group
"A truly engaging, insightful and refreshing examination of the approach to risk management. An invaluable text for academics and practitioners alike to consider risk management techniques differently to bridge the gap between theory and application. Patrick uses his vast experience and extensive research to present a compelling and innovative case, with the focus on simplifying the process and placing return on investment at the heart of the decision-making process, driving efforts to truly manage risk to the benefit of all organisational stakeholders"
Head of Corporate Security UKI & EMEA, Financial Services
"In this well-timed work, Patrick Roberts uses his extensive practical experience of risk management to offer a pragmatic look at the topic, offering organisations and the groups within these organisations a different and more tangible perspective. It's a refreshing take on the why, the how and (crucially) the return on investment of risk management for leaders and managers at every level within ‘everyday’, relatable organisations."
Rupert Johnston, Director, Risk & Resilience Ltd and Specialist Member of the Institute of Risk Management.