The basic concept

For any activity or event, nothing is attainable, or even if it is attainable it will not be of the level and standard that is expected, if there is no real commitment and passion put into that activity or event. Sometimes the hard fact is that many times these element of commitment and passion do not always come naturally, or one may be available while the other is lacking. Being passionate about a thing, activity or event implies that a person is fully committed and attentive to the details, standards and qualities necessary to complete the activity or event. Like an artist putting in all his skill, focus, heart and soul to his painting to bring that painting to ‘life’. Or a singer giving his all to belt out that personal number with his body, spirit and soul into the rhythm to bring out the best in his song and performance. Attitude, and good or right attitude, will always engender commitment and passion.

Attitude

Attitude is about body, spirit, mind, and soul. It is all what a person has in himself that make him believe and perceived what he is to do and rely on to be the right and true thing that may not necessarily be the same as the belief and mindset or inclination of another person. Attitude can be about idiosyncrasy of individuals, and the perceived belief and behaviours that influence the manner by which a person acts and respond. Putting risk management as an attitude of individual employees of an organisation implies that they are aware of, and live by, the knowledge that risks influence their way of daily corporate life, activities, operations and the management of their organisation. Having that kind of attitude will make employees know that risks make them ‘think of risks’ and are always aware that risks influence the ways they conduct and do things in their various activities and operations. Possessing such attitude gives birth to an organisation’s conducive environment for effective risk management framework, risk management infrastructure, and risk management implementation.

Attitude

Attitude is about body, spirit, mind, and soul. It is all what a person has in himself that make him believe and perceived what he is to do and rely on to be the right and true thing that may not necessarily be the same as the belief and mindset or inclination of another person. Attitude can be about idiosyncrasy of individuals, and the perceived belief and behaviours that influence the manner by which a person acts and respond. Putting risk management as an attitude of individual employees of an organisation implies that they are aware of, and live by, the knowledge that risks influence their way of daily corporate life, activities, operations and the management of their organisation. Having that kind of attitude will make employees know that risks make them ‘think of risks’ and are always aware that risks influence the ways they conduct and do things in their various activities and operations. Possessing such attitude gives birth to an organisation’s conducive environment for effective risk management framework, risk management infrastructure, and risk management implementation.

Objectives of risk management

Today, risk management is a function that any organisation prides itself of having as a support function for its front-line, marketing and business activities. Risk management should never be seen or regarded as a function for itself, nor is it an end in itself; but rather a means to an end i.e a mean to support management meets well its various goals and bottom-line targets. The myriad and practical objectives of risk management in any organisation are never far from the following:

  • meeting budgets, targets, goals and the objectives of the various internal (management) and external and stakeholders in an organisation
  • producing quality goods and services
  • eradicating errors and omissions, frauds and shortfalls
  • doing things right first time, and doing the right things always
  • avoiding surprises
  • fulfilling corporate governance
  • complying with legal and regulatory pronouncements and requirements

What is risk?

My own simple and no-pretence definition or interpretation of risk is as follows: “Risk is an event or occurrence that marred or thwarted the outcome of my aims, objectives, goals, wishes, or expectations”. This definition is in tandem with, or a down-to-earth summary of exotic interpretations/definitions that many authors and risk-management researchers like to allude to

Risk management culture

When risk management is successfully incorporated or inculcated into the culture of an organisation, it would mean the beliefs, heroes, practices, rituals, ethos, and behaviours in that organisation have elements and features of risk-understanding, risk-awareness, risk-management fundamentals, and the implementation of risk-management framework. The people in that organisation (like employees, management, directors), as well as those outside it (like suppliers, creditors, vendors, agents, regulators) think, live, act, behave and apply risk management in all what they do, talk about, and transact. This state of affairs is seen as probably ‘surreal’ in yonder years. But in the real world these days, it is not necessarily so. Why is this so? Well, for one it is due to the wide coverage, emphasis and focus that many organisations today put into their risk management programmes in order to comply with regulatory directives to have robust risk management programmes place. But more so because directors and management today believe that good risk management programmes are no more an option, but rather the right way of doing and managing business and non-business outfits nowadays, if one is to have a better competitive advantage from one’s competitors. The notion that doing or managing successful business (and to be one-step ahead of one’s competitors) is all about managing risks effectively. This belief is what many board-members and contemporary management profess. With this belief, the probabilities that risks would surface to thwart and disrupt events and operations in organisations are minimised or eradicated (although in reality risk is hard to eradicate but their likelihood of occurrence could be minimised and their negative impacts mitigated).

Organisational culture

Culture is a word that has quite complicated meaning and nuances. Culture’s domains are in people and in organisation. In people, the precepts of culture would mean the way things are done or practised or enacted by every individuals in the society, their dress-codes, beliefs, habits, antics, behaviours, perceptions/attitudes, practices, rituals, and idiosyncrasies. In organisation, the precepts are not dissimilar to ‘culture’ in people. Just that in organisation the culture is reflected or implemented/practiced by the organisation. Of course an organisation (though a legal entity) is an inanimate thing. So the culture or organizational culture is in fact those precepts that are practiced or exhibited/displayed and put to motion by the people inside that organisation that are collectively refereed to as the employees and management. Like in or with people, the culture in an organisation also exhibits elements or precepts of rituals, heroes, practices, beliefs, and ethos. So if risk-management becomes an element or gets incorporated into an organisation’s culture, what it means is that the features or characteristics and fundamentals of risk management, risk-awareness, etc, are infused into the organisation’s culture, or the way things are done in that organisation.

Importance of conducive environment.

There is an age-old oriental cliché that says ‘ you can’t carve a statue from a rotten wood’, Using this analogy, we can deduce that an organisation that has very poor (or rotten) risk management culture or low risk-management understanding and non-conducive risk-management environment would find that it will fail slowly in the long-run, when implementing it’s initiatives or programmes for its risk management journey. There are seven cornerstones or building blocks for a good risk management programme. They are (i) risk-management philosophy, (ii) risk-management policy, (iii) risk management awareness/culture, (iv) defined and clear roles of every one, (v) human resources and training, (vi) risk-management framework of risk-identification, risk-evaluation/assessment, risk-controls, risk-reporting and risk-monitoring, and (vii) risk-follow up and re-assessment and change-management. Conducive risk management environment stemming from risk management awareness/culture is one of the above seven building blocks needed for any organisation’s effective risk-management function. was conducting a 2-day course on operational risk management in Phnom Penh Cambodia in January 2008. One of the participants in my course made a remark as follows, “From my past observation, if the environment is not conducive, any risk management programme will not really succeed in its mission and objectives in the long term”. I retorted that I fully subscribed to that precise statement.

Article By: Dr Joseph Eby Ruin