That’s fake news. Real news COSTS. Please turn off your ad blocker for our web site.
Our PROMISE: Our ads will never cover up content.
Greg Hutchins
Published: Monday, April 19, 2010 - 12:15
“I think we now live in an era when many of the concerns in running organizations are being reframed in terms of risk, which suggests that risk professionals are likely to rise to the top.”
(Source: “Managing Risk in the New World,” Harvard Business Review, October 2009)
My basic message is that 21st century leadership is all about making smart decisions under uncertainty, extreme volatility, constrained resources, increasing needs, and lack of full information. Borrowing Marshall Goldsmith’s term, I believe that the 21st century mojo of leadership will be all about making the tough decisions that need to be made in an economy running at a trillion-dollar deficit.
Twenty-first century leaders who understand, embrace, and execute smart political, financial, environmental, and stakeholder decisions will prevail and succeed. The 21st century leadership and management rubric will revolve around risk/cost/benefits involving enterprise risk management (ERM).
So, what is the “new normal?”
“The world is so integrated today. We no longer have direct control over our destinies, either individual or corporate. We are swimming in a sea of change and risk management can add stability to our lives.”
Dennis Arter, author, futurist
Many business rules and leadership assumptions have changed radically post-September 2008—the official period of the U.S. financial meltdown. I would almost say that most business rules have been reset. Harvard Business Review says that leaders need to understand and manage within the constraints of the “new normal.” Let’s look at some of the implications of the “new normal.”
We’ve experienced a number of “Black Swan Events”—low-likelihood, but high-consequence and even catastrophic events. September 11, 2001, was epochal in how it changed society as well as public safety decision making. There has been a sustained recession. The stock market lost trillions of dollars in market capitalization. Major companies went into dizzying tailspins because of financial fraud and massive overspeculation. A number of market bubbles also burst, all of which have resulted in overwhelming uncertainty.
Risks arise from uncertainty and the inability to plan, execute, and ultimately control events. So, “what if” questions and “how to” responses involving risk are now part of the fabric of every management discussion in companies as well as governments.
Most senior management decision making today is made through a risk filter. In the public arena, federal, state, and local agencies are focusing on risk and homeland security. In public-held companies, board-level and senior management decisions are based on a risk analysis, because of increased board- and executive-level accountability, increased financial reporting transparency, increased due diligence, reporting regulations of the U.S. Securities and Exchange Commission and the New York Stock Exchange, and a number of other reasons.
In Against the Gods: The Remarkable Story of Risk (Wiley, 1998), author Peter L. Bernstein says that the mastery of risk-based decision making is the foundation of modern life and it’s what divides modern from ancient times. These are pretty strong words. Let’s look at a few definitions of risk:
Risk—uncertainty of outcome, whether a positive opportunity or negative threat, of actions and events. It is the combination of likelihood and consequence, including perceived importance of a positive and negative event, which may involve a hazard, improvement, or new opportunity.
Risk—possibility that an event will occur and adversely affect the achievement of objectives
Risk—a situation or circumstance that creates uncertainties about achieving program objectives
There are a several critical points regarding these risk definitions:
“Risk is the watchword for this millennium. It’s at the forefront of management thinking in the areas of homeland security, health care, and supply risk management.”
Dick Gould, a Fellow of the American Society of Quality (ASQ)
Risk, like quality, can be managed to facilitate good decisions. Let’s look at the following definitions of risk management:
Risk management—an organized, systematic, decision-support process that identifies risk, assesses or analyses risks, and effectively mitigates or eliminates risks to achieving the program objectives
Risk management—all the processes involved in identifying, assessing, and judging risks, assigning ownership, taking actions to mitigate or anticipate them, and monitoring and reviewing progress
“Although regulatory compliance continues to be a ‘hot button’ issue for product sales, organizations are looking for solutions that can help them better manage multiple forms of risk.”
Why is ERM the leadership and management model for the 21st century? In an uncertain world, the logic goes somewhat like this: Increasing threats and uncertainties lead to unknown events and unknowable risks, which can only be prevented, predicted, or maybe preempted through enterprise risk management.
The underlying premise of ERM is that every entity, whether for-profit, not-for-profit, or a governmental body, exists to provide value for its stakeholders. All entities face uncertainty, and the challenge for management is to determine how much uncertainty the entity is prepared to accept as it strives to grow stakeholder value. Uncertainty presents risk and opportunity, with the potential to erode or enhance value. ERM provides a decision-making framework for management to effectively deal with uncertainty and associated risk and opportunity and thereby enhance its capacity to build value.
A few years ago, I had to provide testimony on a technology audit. I needed to pull findings together into a visual ERM model, which eventually was called the “House of Risk.” It was composed of the following elements:
Governance: The vision, mission, culture, and philosophy of the business, including sustainability, profitability, stewardship, etc.
Risk management: Consists of the enterprise activities to manage opportunities and to mitigate potential adverse events.
Compliance: Consists of the activities to demonstrate adherence to laws, regulations, and policies.
Assurance: Consists of providing confidence that the organization is complying with laws, regulations, and policies.
Technology: Consists of infrastructure of technical processes and tools to ensure that enterprise governance, risk, compliance, and assurance are effective.
Enterprise risk management integrates an enterprise view of governance, risk, compliance, process variation, and product nonconformance. Figure 3 offers a depiction of the enterprise view, which is able to explore, prevent, predict, mitigate, and even preemptive bad things from occurring.
The Toyota auto recalls illustrate the perfect storm of the unthinkable and the unknown. Who in the world anticipated that the exemplar of auto quality, inventor of the Toyota Production System (lean management), and many quality tools, would lose so much brand equity built around quality? Toyota had all the lean management and Six Sigma tools and data. However, Toyota didn’t connect the dots to the enterprise risk level. If they had, Toyota may have been able to anticipate, mitigate, and preempt the recall and substantial dilution of its quality brand equity.
As risk decision making has increased, there is now a sense of realization that activity, process, or project-based risk mitigation does not work—much like fixing or correcting the symptom of a quality problem results in recurring problems. Many managers realize that the root cause solution to a chronic or systemic quality problem is through enterprise risk management. Enterprise risk management in many ways is analogous to total quality management (TQM).
The differences between the two are also revealing.
Why should quality leaders and professionals learn risk management?
“You’re at risk in your quality career. Risk can be about how your job is going to be outsourced or somehow fundamentally changed. What can you do about it? Learn cutting-edge technologies. Be prepared. Don’t wait, your future depends on your making smart decisions now.”
Gerry Brong, futurist, writer, academician
What’s the new normal in your business? What’s been reset? What was the previous baseline and what is it now? Specifically look at your treasured leadership and management assumptions. Are they still valid? If not, what’s the new reset for you?
Quality has fundamentally changed. Quality leadership and professionals must take a hard look at their role in this new business environment, assess their current skill set, determine what they need to learn to be relevant contributors of value, and make a smart decision of where they will be in the near future. I suggest that you learn and do ERM.
Quality Digest does not charge readers for its content. We believe that industry news is important for you to do your job, and Quality Digest supports businesses of all types. However, someone has to pay for this content. And that’s where advertising comes in. Most people consider ads a nuisance, but they do serve a useful function besides allowing media companies to stay afloat. They keep you aware of new products and services relevant to your industry. All ads in Quality Digest apply directly to products and services that most of our readers need. You won’t see automobile or health supplement ads. So please consider turning off your ad blocker for our site. Thanks, Greg Hutchins is an engineer, certified enterprise risk manager, and the founder of the Certified Enterprise Risk Management Academy, Made in the U.S.A., WorkingIt.com, and Quality + Engineering. 21st Century Leadership—Enterprise Risk Management
Like quality, risk can be managed to facilitate good decisions.
Figure 1: Upside risk/downside risk
Uncertainty and risk
What’s risk management?
Figure 2: Management focus
What’s enterprise risk management?
(Source: Gartner Group)
Enterprise risk management, or ERM, has been defined as a process affected by an entity’s top management and other personnel, applied strategically and across the enterprise, which is designed to identify potential events that may affect the entity. ERM helps determine and manage risks to fall within the entity's risk appetite, and provides reasonable assurance regarding the achievement of the entity's objectives.
House of risk
Figure 3: House of Risk
Connecting the dots
ERM and TQM share some similarities
Our PROMISE: Quality Digest only displays static ads that never overlay or cover up content. They never get in your way. They are there for you to read, or not.
Quality Digest Discuss
About The Author
Greg Hutchins
© 2021 Quality Digest. Copyright on content held by Quality Digest or by individual authors. Contact Quality Digest for reprint information.
“Quality Digest" is a trademark owned by Quality Circle Institute, Inc.