230 likes | 243 Views
Join us for a presentation on Enterprise Risk Management (ERM) and its importance in understanding and managing all risks within an organization. Explore the impact of risk culture and learn from the case of Boeing's risk management approach. Presented by Britta Hay, FSA CERA PRM Consulting Actuary and Adjunct Lecturer at UWI (Mona).
E N D
RISK IS OPPORTUNITY Presented by: Mathematics DepartmentThe University of the West Indies (Mona)April 25, 2019
Enterprise Risk Management Britta Hay, FSA CERA PRM Consulting Actuary and Adjunct Lecturer, UWI (Mona)
Enterprise Risk Management (ERM) ERM is Everything Risk Management • Enterprise – looking at the entire organization. • Risk – looking at all risks, not just the ones that can be easily identified and quantified. Internal and external risks. • Management – managing everything together, not as isolated business units, while recognizing people, their motivations and behaviours.
Enterprise Risk Management (ERM) ERM looks at all parts of the business, and knows that to manage risk at the enterprise level you need to understand how the parts fit together. Risks may offset each other, or… managing one area “perfectly” could have disastrous effects on another.
Enterprise Risk Management (ERM) Perhaps the most important aspect of ERM, often overlooked, is risk culture. Risk management tasks are not typically seen as core to the business, so the best way to ensure that they’re given priority is to build a culture that recognizes their value. Many companies set up elaborate ERM frameworks only to have them rendered useless by weak risk culture.
Boeing 737 Max 8 • An updated version of the 737, which debuted in 1967. • More powerful engines, with software to prevent stalling. • “MCAS” takes control of the plane if ascent is too steep. • The software is linked to one of two angle of attack sensors. • Indicator lights show if the sensors have different readings. • Indicators lights are optional; available at additional cost. • Pilots are not strong enough to fight MCAS if it takes over; they have to know to switch it off if the plane dives.
Selected Timeline • 1997 – merged with McDonnell Douglas, increasing to 140,000 employees while decreasing domestic competition. • 2001 – corporate headquarters moved to Chicago, away from the design and manufacturing units in Seattle. • 2003 – allegations of corruption leading to firing of CEO. • 2003 – settlement over industrial espionage lawsuit. • 2005 – President and CEO fired over Code of Conduct violations. • 2013 – relocation of manufacturing units, most to South Carolina. • 2016 – President and CEO named Chairman of the Board.
Boeing’s Culture The timeline hints that the culture at Boeing was changing. Mergers and relocations will always affect corporate culture without careful management, especially with new hires. There’s now a literal, geographical, disconnect between executive management and the pilots and engineers who have a hands-on understanding of what it means to design, build and fly airplanes, and of the risk in getting it wrong. A literal disconnect will often become a cultural disconnect.
“Digital Transformation” • Metric: Value “Value is the biggest driver for transformation at Boeing, whether cultural or digital. Value is measured in either net new revenue or reduction in cost, or avoidance of cost.” • Metric: Productivity “Boeing has seen somewhere between 100% and 300% more productivity from the software development teams” • Metric: Time on Tasks “how long did it take to get a minimum viable product out?” Ismail, Nick, "Boeing's digital transformation... it's cultural", 2019
Excerpt from Boeing’s 2019 Proxy Statement: Risk Oversight
Risk Oversight • Audit Committee Risk Oversight “Perform central oversight role with respect to financial statement, disclosure, and compliance risks.” • GON Committee Risk Oversight Governance, Organization and Nominating Committee – focused on hiring and compliance for the Board and Senior Management. • Finance Committee Risk Oversight • Compensation Committee Risk Oversight
Boeing’s Risk Culture Boeing doesn’t seem to have a robust ERM framework. The main focus of their risk management seems to be compliance, suggesting that their primary objective is to satisfy external parties. Their culture doesn’t appear to acknowledge that the goals of risk management are internal, not external. Compliance must be the result of risk management, not the objective.
Boeing’s Risk Culture Boeing’s risk management ignores the importance of what it means if they, an aircraft manufacturer, get it wrong. When mistakes will have fatal consequences it is fundamental that all employees are empowered to escalate risk findings, and that they’re all addressed. There are numerous reports surfacing now of Boeing whistleblowers, even in quality control, who were silenced or ignored.
Risk Culture – an opportunity Poor risk culture can destroy a thorough and well-structured risk management plan. It’s challenging to incentivize employees to provide support for ERM. Conversely, a strong risk culture will be effective even in the absence of a detailed ERM framework. This is what Boeing had – a strong culture, built through experience. Risk culture can also present opportunities for risk-aware companies…
Risk Culture – what to look for in hiring In a risky industry, you should hire risk managers who are: • Honest.There’s no room for dishonesty within a sound risk management framework. • Competent. Employees who hide their incompetence are a huge risk to any organization. • Willing to speak out. A “yes man” will amplify risk exposures. • Driven by factors beyond their jobs. Driven by their values, and/or by professional standards.
Risk Culture – the ERM opportunity How can this be an opportunity? It may seem that it’s not, because surely everyone is fighting to hire these honest, competent, outspoken, driven candidates, but: • They may not come across well in interviews because they’ll likely be straightforward about their qualifications and competence, while others embellish. • They will likely have been reprimanded in the past for speaking up; they may have been considered difficult or “insubordinate” by prior employers.
Risk Culture – the ERM opportunity So here’s the opportunity: If a company wants to implement ERM, but has limited resources, they can start by: • Hiring an honest, “difficult”, driven person with good risk management knowledge and experience. • Empowering them to observe, report and advise top management on everything, but not to make decisions. • Paying them fairly, but not exorbitantly. • Having a zero-tolerance policy for unethical behaviour.
Risk Culture – the ERM opportunity Hiring just one person can be a manageable ERM first step that will yield valuable risk information: • Any area that is unwilling to speak openly with the risk manager is probably hiding something. • Ideas or concerns that employees might have can be escalated through the risk manager without the frictions in formal reporting lines. If your risk manager is honest and principled, staff doing the right things will recognize this and will help to build the risk culture; staff doing wrong will reveal themselves.
Risk Culture – the ERM opportunity Most important is for everyone to recognize that the risk manager is there to observe, report and advise. The risk manager isn’t there to make risk go away. Every area in a business must take ownership of its risks, with the risk manager a resource available to assist. Risk management is too often seen as a costly, annoying compliance exercise – but when done right it provides a way to make a business safer and more efficient.
Importance of Risk Culture Boeing treated risk management as a compliance exercise, and didn’t realize that they were breaking down the very risk culture that helped make their name. Culture can’t be formally documented or codified, so senior management were likely unaware of its importance. Companies in risky industries can learn from this case, and can recognize that the single most important thing they can do to for ERM is to foster the culture that is needed to properly support it.
Thank you! brittahay@outlook.com