|
Working In Uncertainty
Improve an organization
If you want to improve risk/uncertainty management in an organization there are at least three main approaches to consider:
Improve the risk management behaviour of individuals (mainly through nudges, coaching, training, rewards, selection, and promotion).
Improve the ways of working used in the organization for relevant activities such as planning, design, and other decision-making, through a wide variety of changes and implementation arrangements.
Introduce separate processes dedicated to managing risk or reviewing risk (often remedial or for independent review).
The material below focuses on the second approach, that of (re)designing the ways people work so that they manage risk/uncertainty better. There is also some material on the first approach, though most of this is on another page of this website that focuses on skills for key situations, especially at work.
There are many ways to improve ways of working but the starting point is to realise that uncertainty is only one factor driving your choices of working method.
Running improvement projects
- The way ahead for risk management and internal control in organizations (2014, article)
- Illustrative improvements for an organization (2011, article)
- How to be positive about risk (2010, article)
- The Risk Manager people want to work with (2009, article)
- Progressive risk control integrated with strategy and performance management (Interactive article) (2008)
- Participation and Key Performance Indicators (KPIs) (2007, article)
- Risk Meters: A better way to make and show rough, subjective risk ratings (2006, article with interactive demo)
- Better management of large scale financial and business processes using predictive statistics (2006, article)
- Promoting good management of risk and uncertainty (2006, article)
- Designing intelligent internal control systems (2004, guide)
- Internal control and leaking profits (2004, article)
- Embedded risk management should be easier (2004, article)
- Easier Turnbull compliance (2003, article)
- A new focus for Turnbull compliance (2003, article)
- The basics of managing risk and uncertainty (2003, article)
- Designing internal control systems (2003, guide)
- Natural project risk management (2003, guide)
- Fixing a process and controls mess (2003, guide)
- Controls for e-business processes (2002, article)
- Reengineering internal controls for efficiency (1996, article)
Sorting out the documentation
- Text for your risk management framework – free to copy (2014)
- Relevant authoritative guidance (2012, annotated references)
- How to write about ‘risk management’ (2012, guide)
- Fixing the ‘risk management’ process diagram (2011, article)
- General risk control matrix (2009, spreadsheet tool)
- Process risk control matrix (2009, spreadsheet tool)
- Simple risk control matrix (2009, spreadsheet tool)
- The psychology of devising internal controls (2007, article)
- Efficient reviews of documentation of internal control systems and audit testing (2007, article)
- Time to put numbers on internal controls (2005, article)
- ‘So embedded it's disappeared’ (2004, article)
- Diagrams for controls work (2003, article)
- The easiest and best matrices for documenting internal controls (2003, short but popular guide)
- Controlling jargon (1989, article)
Ideas for improvements
Guidelines for managing uncertainty/risk:
Other ideas:
- Scorecard with risk shown (2014, plus design in Excel)
- Coordinating predictions from different people (2013, introduction to Probability Management)
- Overseeing internal control and risk management (2013, self test)
- What is ‘risk culture’ and how can ‘risk culture’ be changed? (2013, article)
- Improved forecasting (2011, compendium of ideas)
- Practical word choices for risk managers (2006, guide)
- How to embed risk management into performance management and strategy making (2006, article)
- Research on risk management within performance management (2006, survey results)
- Uncertainty quantification (2005, article)
- What happens when you say ‘uncertainty’ instead of ‘risk’ (2005, article)
- Writing about flexible plans (A challenge of the new OFR) (2005, article)
- Results of a performance management survey (2004, survey results)
- What is attractive about embedded risk management? (2004, survey results)
- Results of an experiment in risk and uncertainty management (2004, survey results)
- Innovating in the face of internal control regulations (2004, article)
- Design ideas for Beyond Budgeting management information reports (2003, detailed guide)
- Managing risk and uncertainty in Beyond Budgeting implementations (2003, guide)
- Control without budgets (2003, article)
- Everyday Risk Management (2003, article)
Some inspiring case studies:
A huge source of technical ideas:
Intelligent internal control and risk management, a book by Matthew Leitch
At the moment there is no book called Working In Uncertainty that explains the perspective. However, my first book has a lot of useful material in it. Staying within the risk control perspective and language it extends the concept of a ‘control’ and integrates risk management with internal control in a simple way. What this book calls ‘intelligent controls’ are typical of the changes to core management activities that improve performance in uncertainty. Part 2 is a collection of 60 controls that most organizations should use much more, including many intelligent controls.
Getting beyond Risk Listing
Managing risks is not the same thing as making a list of risks and then trying to do something about them. (One of my surveys confirms almost everyone agrees on this point, so probably you do too.) Until the early 1990s the idea of listing risks was virtually unheard of, while a huge amount of work had gone into developing better ways to make decisions, make plans, and do design under uncertainty. The Risk Listing idea has been promoted strongly by some powerful groups and now dominates thinking about risk in some specific areas, notably: corporate regulation, audit, and project management.
This is a pity because you probably would prefer to be doing something else (almost everyone would according to my surveys). Pushing this unpopular bureaucracy has blighted the working lives of countless thousands of auditors, corporate risk managers, and project risk managers, to say nothing of the vast army of other managers pushed to go through this tedious procedure. Yes, it's better than nothing, sometimes. But that's not enough is it. Almost nobody who does Risk Listing chose that method freely and almost all who do it would opt out if they were given a choice.
The problem of Risk Listing:
- The fundamental flaws of ‘ISO 31000:2009 Risk management – Principles and guidelines’ (2016, article)
- The fundamental flaws in ISO's definition of ‘risk’ (2015, article)
- Why does anyone think Risk Listing is a good idea?(2014, article)
- Misuses of Risk Listing on projects (2014, article)
- The Risk Listing school (2012, article)
- When is it OK to use a risk register? (2011, guide)
- A comparative overview of risk management and internal control guidance (2010, article)
- Defining ‘risk’ (2009, article)
- Two studies of risk registers (2008, research results)
- Alternative risk lists (2007, survey results)
- Favourite ways to characterise risks (2007, survey results)
- A first step towards successful risk management standards (2007, article)
- COSO's new guidance for smaller organisations: a Trojan Horse? (2006, article)
- Why the COSO frameworks need improvement (2005, article)
- What is attractive about embedded risk management? (2004, article)
- Problem areas for current risk management standards (speech at BSI) (2004)
- How to run a Risk Listing meeting (2004, guide)
- What's on your risk registers? (2004, article)
- Embedding risk management: easier, faster, better (2003, article)
- Risk modeling alternatives for risk registers (2003, article)
- The crisis in management control and corporate governance (questionnaire) (2002)
Sarbanes-Oxley compliance:
The problem of ‘risk appetite’
- Straighten out your thinking on ‘risk aversion’, ‘risk appetite’, ‘risk tolerance’, ‘risk limits’, (2010, article)
- Risk appetite definitions (2009, article)
- Making sense of risk appetite, tolerance, and acceptance (2nd edition) (2007, article)
- Clear thinking and ‘risk appetite’ (2007, article)
Surveys:
Most of these surveys explore the preferences people have for risk management and collectively their results destroy the myths that Risk Listing is popular and hard to move on from.
Responses to official consultations:
I have been trying hard for several years to turn back the tide of Risk Listing but it's not easy. What keeps me going is the certain knowledge that most people would prefer to manage risk in other ways and would be more successful doing so.
Auditing
Made in England
|
|