Tuesday, 16 April 2013


Risk management is the ability to identify risk, assess it, and mitigate it. Although there are many definitions of risk management, the following share common attributes:
  • "Risk management is the culture, processes, and structures that are directed toward the effective management of potential opportunities and adverse effects. (AS/NZS 4360:1999--"Risk Management")"
  • "Risk management is the identification, assessment, and response to risk to a specific objective. (Enterprise Risk Management--Integrated Framework, COSO, 2004)"

Risk management is a rapidly developing discipline and there are many and varied views and descriptions of what risk management involves, how it should be conducted and what it is for. Some form of standard is needed to ensure that there is an agreed:
  • Terminology related to the words used
  • Process by which risk management can be carried out
  • Organisation structure for risk management
  • Objective for risk management

Importantly, the standard recognises that risk has both an upside and a downside. Risk management is not just something for corporations or public organisations, but for any activity whether short or long term. The benefits and opportunities should be viewed not just in the context of the activity itself but in relation to the many and varied stakeholders who can be affected.

There are many ways of achieving the objectives of risk management and it would be impossible to try to set them all out in a single document. Therefore it was never intended to produce a prescriptive standard which would have led to a box ticking approach nor to establish a certifiable process. By meeting the various component parts of this standard, albeit in different ways, organisations will be in a position to report that they are in compliance. The standard represents best practice against which organisations can measure themselves.

Quality Management and Risk Management

Quality management can be thought of as the process of designing and executing products and services effectively, efficiently, and economically. In this context, effectiveness primarily involves the ability of the products and services to meet or exceed customers’ expectations, while efficiency involves the ability to provide products and services without wasting any resources. Economics involves the ability to generate requisite revenues from the process so that the organization can be sustained.

Risk management is the process of identifying, addressing, prioritizing, and eliminating potential sources of failure to achieve objectives. Applying risk management means being proactive, preventive, predictive, and preemptive. Risk asks the question, “What if?” and looks at likelihood and consequences to determine which of the what-ifs are significant and need to be addressed.

Six Sigma and Risk Management

Risk management is a discipline historically thought of as a way to avoid problems, not create new solutions. In a Lean Six Sigma culture, risk management issues become a way of improving processes and transcending functional tasks to allow for an improved customer experience.

The illustration below depicts how a company can best address its risk management capabilities. At the lowest levels of the continuous process improvement curve, companies are simply monitoring compliance requirements and being reactive at best. As a company moves up the curve, its ability to utilize Lean Six Sigma tools to address risk management capabilities increases. From a cultural perspective, the organization changes from one that is event-driven and constantly putting out fires, to one that utilizes an effective and proactive approach in a “project way of life,” and finally reaches the highest level where a Six Sigma culture attains a “process way of life.”

Continuous Process Improvement Curve

Treating Risk Management Like A Process

So what are the Lean Six Sigma tools that can best be applied to the risk management plateau and help a financial institution gain competitive advantage in the process? There are just as many tools in the Lean Six Sigma tool kit as there are applications to the risk management process. The reason: To be successful risk management needs to be treated like a process just like mortgage loans and item processing. A great place to start making this happen is giving risk management an equal place in the strategy of the company. Some of the most successful customer-focused companies do strategy in a Six Sigma way through Hoshin Kanri.

As the Hoshin planning process has evolved in financial services organizations utilizing Lean Six Sigma, it has developed into a business tool that influences best practices across numerous lines of business. Stemming from the utilization of operational risk dashboards with the definition of the proper operational risk metrics, the Hoshin planning process can be enhanced to track and improve performance in managing the aspects of risk that affect associates, customers and shareholders.

Hoshin planning plays a key role by allowing the operational risk planning team to concentrate on the most meaningful metrics that lead to successful strategic execution. A few years ago, the process of collecting metrics and consolidating them into a functional scorecard could take weeks. Now, this process takes a couple of days, and allows all associates to access a scorecard via the company’s intranet. This timely enhancement allows teams to update strategic goals regularly, aligning them in accordance with changes in the business environment.

Operation Risk Plan

An operational risk management leadership team also should use Kanri as the second step to incorporate Hoshin planning into its regular management routines. While a Hoshin plan captures a team’s strategy, Kanri is a management process that focuses on the Hoshin plan and its tactical execution. Significant improvements in key process indicators around operational risk management occur with the inclusion of the Hoshin plan in monthly business reviews. The Hoshin plan should act as a means to judge business goals and drive operational risk decisions in the everyday, business-as-usual environment.

Ergo the conclusion is: reducing risks means being more competitive.

Executives should understand that reducing risk will make their institutions more competitive. Banks that lower risks will be the winners in the marketplace. Risk management should become a “best practices strategy,” aligning data, technology, people and processes across the organization, and not an “audit compliance task.” Ultimately, companies should adopt a risk management philosophy that evolves from discrete events and projects into a risk management process that can become a key breakthrough strategy in a Hoshin plan and can leverage all the best aspects of Lean Six Sigma.

Sources: iSixSigma, Quality Digest, TheIRM.org

No comments: