< Risk governance

Welcome
NZ2100 and KiwiGrow
Sustainable development
Governance & accountability < Our challenge < NZ2100 and governance < Risk governance < Democratisation < Democracy, not anarchy < International governance
Certification & accreditation
Ethical investment
Global issues
Collaboration
Making hard decisions
Brave New World
Free & Public domain
About us

 
  • Traditional corporate risk governance
  • Risk governance that works
  • Risks and decisions under uncertainty
  • Risk portfolios and NZ2100

This page is under development

Risk governance

Governance is concerned mostly about two things: ensuring the organisation achieves its objectives, and avoiding pitfalls. The idea of risk governance has grown up around the second concern, but is equally applicable to the first.   Risk is the possibility of loss, and the loss may be loss of an existing asset or capability, or it may be the loss or waste of some opportunity.  A risk is the product of likelihood (or probability) and a particular consequence, best thought of as an event.   Risks are different from hazards, which may be thought of as risk-generating situations or contexts.  For example, an organisation with a non-innovative culture represents a hazard, in that many risks result - the failure to maintain market share, the failure to attract creative new staff, or the failure to take advantage of  new opportunities related to the new economy. 

The key points to make regarding the relevance of NZ2100 and KiwiGrow to risk governance are:

  • The NZ2100 model provides an holistic basis for formulating a portfolio of company objectives, or desired outcomes.  The possibility of failure to achieve any of these desired outcomes within a given period of time represents a risk.  Consequently the NZ2100 model provides a way of developing and managing an organisation's risk portfolio.
  • When we deal with risk, we conceptualise the future as much as possible around crisp events that have consequences with real meaning to us.  We cannot remain neutral about these events. Seeing the future in terms of sharply defined possible future events makes it real to us, and motivates some kind of management response.
  • Much risk governance today is concerned with the tedious task of constructing and maintaining  "risk registers" - lists of risks that the organisation faces, together with assessments of the risk in the absence of any response, and with a management response (the "risk control") in place. A senior management team can look down the risk register and check if all the important risks look like they are covered - especially the ones that could lead to significant costs or embarrassment to the organisation.
  • The conventional risk register approach tends to fail as a mechanism for dynamically managing risk, since the "control" for a risk may represent an entire company programme, that is ongoing.  So, where is the sharpness that we expect from risk management, and where is the accountability.  Ideally controls are sufficiently tightly defined to become an individual's objective and responsibility.  This person becomes the risk "owner".
  • Today, any organisation faces a multitude of risks, and the task is one of management, rather than identification.  When an organisation applies NZ2100, each team establishes, with management, what it needs to do, by viewing its roles and functions through the lens of NZ2100.  The team generates a suitably short list of key accountabilities that relate to company-wide risks, and then identifies key sources of risk that are within the team's control and responsibility.  Responsibility for these team level risks, that contribute to the wider organisational risks, rests with the team member.
  • With the NZ2100 approach, the complete set of organisational risks are sheeted back to risk components that are managed by individual team members, whether those team members are managers, or machine operators.  It is easy then to identify all the elements of the control for an organisation-wide risk, and to establish, from this, an overall risk owner. 
  • With this approach, the activities of everyone in the organisation are sharply aligned to the objectives of the organisation, expressed clearly in terms of risk, and the risks collectively represent the risk of not achieving sustainable development, or failure to achieve alignment with the new green economy and society.
  • When we extend an NZ2100 risk governance approach to our wider "networked" organisation, we establish a powerful means of focusing the efforts of communities.  Ultimately, we cannot trace all the accountabilities to individuals beyond the organisation, and we content ourselves with the fact that other entities are NZ2100 or KiwiGrow-certified, and therefore are aligned to the same fundamental goals as ourselves.  They will represent centres of risk management rather than hazards or sources of risk.  This is precisely how we need to be seeing company supply chains.

This Risk accountability diagram (18K) shows how risk accountabilities can be distributed through any collaborating network of teams, organisations, etc., to achieve effective governance and commonality of purpose. 

  

 

Top    Home

© Copyright 2006-2009 Creative Decisions Ltd
Website designed by NZ Internet Services Ltd