Simplifying Risk Management
An Evidence-Based Approach to Creating Value for Stakeholders
Recent decades have seen much greater attention paid to risk management at an organizational level, as evidenced by the proliferation of legislation, regulation, international standards and good practice guidance. The recent experience of Covid-19 has only served to heighten this attention. Growing interest in the discipline has been accompanied by significant growth in the risk management profession; but practitioners are not well served with suitable books to guide them in their work or challenge them in their professional development. This book attempts to place the practice of risk management within organizations into a broader context, looking as much at why we try to manage risk as how we try to manage risk. In doing so, it challenges two significant trends in the practice of risk management: • The treatment of risk management primarily as a compliance issue within an overall corporate governance narrative; and • The very widespread use of qualitative risk assessment tools (“heat maps” etc.) which have absolutely no proven effectiveness. Taken together, these trends have resulted in much attention being devoted to developing formalized systems for identifying and analyzing risks; but there is little evidence that this is driving practical, cost-effective efforts to actually manage risk. There appears to be a preoccupation with the risks themselves, rather than a focus on the positive actions that can (and should) be taken to benefit stakeholders. This book outlines a simple, quantitative approach to risk management which refocuses attention on treating risks; and presents choices about risk treatment as normal business decisions.
Table of Contents
Chapter 1: What do we Mean by Risk? Chapter 2: Why do we try to Manage Risk? Chapter 3: Risk Management Systems Chapter 4: Scope, Context and Criteria Chapter 5: Risk Assessment Chapter 6: Risk Treatment Chapter 7: Measuring the Effectiveness of Risk Management Chapter 8: Underlying Themes and Summary Annex A: Risk Return Relationships in UK Listed Companies Annex B: The Impact of Covid-19 on FTSE 100 Share Price Annex C: Alternative Numerical Example Annex D: Some Useful Sources of Risk Information
Patrick Roberts is a Principal Consultant in the Climate and Resilience team at Verisk Maplecroft. In this role Patrick advises clients globally on all aspects of organisational resilience.
Prior to joining Verisk Maplecroft, Patrick was a director of Cambridge Risk Solutions. Over the course of fifteen years, he assisted the whole spectrum of organisations, from micro businesses and small not-for-profits to large corporations and government agencies, to manage risk and resilience more efficiently. In particular, he developed extensive experience in the implementation of business continuity management and information security management systems. He also designed and delivered a wide range of crisis management training and exercises to clients including hospitals, airports and universities. He is a Fellow of the Institute of Strategic Risk Management and has a PhD from Nottingham University Business School.
Before embarking on a career in risk management, Patrick had a varied career including various project and line management roles in the engineering industry and serving as an Infantry Officer in the British Army. Patrick was also a director of British Weightlifting from 2015 to 2019.
"The author provides a comprehensive story that radiates a better understanding of organisational risk, through to the motivations for managing risk and its application in practice. The connectivity of these aspects is profound and enables such an approach to be defensible and more likely to stick in practice."
Peter Noble, Chief Operating Officer, Newcastle Health Innovation Partners.
"With a practitioner approach to risk management, Patrick brings what can be seen as a compliance obligation into ways of working that in my experience have added genuine value to management team business planning and collaboration."
Matt Margereson, Chief Operating Officer, Hotel Chocolat.
"Patrick Roberts ’s practical sense backed by sound academic research has gone a long way to embed risk management into many organisational cultures. To the surprise of many this has been achieved without the need for costly software or bureaucratic form filling and the ultimate nightmare of the risk management tail wagging the management dog. This book, for the first time, challenges accepted wisdom on risk management and takes it out of its silo and places it squarely into mainstream management where it truly belongs."
Mike Stephens, formerly Director of Safety, Security and Resilience, the Medical Research Council.
"What is offered is a light bulb moment in collating and translating all the theory into a practical next level Risk Management solution. More than an expert opinion, but an expert solution; integrating risk assessment and mitigation within a structured process. This approach has already added value to the business in dealing with COVID disruptions and associated Global Supply Chain issues."
Malcolm Watling, Group Sourcing Director, Domino Printing Sciences.
"Risk is mismanaged by most organisations from project selection through to completion. We all know of failed projects which have been buried and careers destroyed; and highly successful projects which rewarded executives but were, in reality, just an extremely lucky punt. Patrick’s quantitative approach to risk management allows organisations to assess managers’ performance based on the quality of their decision making rather than short-term results."
Sean Blackburn, fixed failing projects whilst at McKinsey and now growing businesses as an executive within global organisations.
"I have had the pleasure of working closely with Patrick on a number of projects over several years. His professionalism, depth of knowledge and pragmatic approach when communicating the strategic requirements when reviewing a business continuity plan and the various considerations when analysing the impact on the business.
"This book clearly explains Patrick’s unique approach to risk management, drawing on his years of practical experience in implementing business continuity management and information security management systems for clients. In doing so, it goes well beyond the details of how to do risk management; to explore the fundamental questions of why we are trying to manage risk and how we can measure if we are delivering value for our stakeholders.
"This is a must-read book for any CEO or board level executive involved in risk management."
Dave Watson, Group Head of Property, Facilities Management and Fleet Operations, JLA Group
"A truly engaging, insightful and refreshing examination of the approach to risk management. An invaluable text for academics and practitioners alike to consider risk management techniques differently to bridge the gap between theory and application. Patrick uses his vast experience and extensive research to present a compelling and innovative case, with the focus on simplifying the process and placing return on investment at the heart of the decision-making process, driving efforts to truly manage risk to the benefit of all organisational stakeholders"
Head of Corporate Security UKI & EMEA, Financial Services
"In this well-timed work, Patrick Roberts uses his extensive practical experience of risk management to offer a pragmatic look at the topic, offering organisations and the groups within these organisations a different and more tangible perspective. It's a refreshing take on the why, the how and (crucially) the return on investment of risk management for leaders and managers at every level within ‘everyday’, relatable organisations."
Rupert Johnston, Director, Risk & Resilience Ltd and Specialist Member of the Institute of Risk Management.