Transformation can be defined as “a marked change, as in appearance or character, usually for the better”. Risk management transformation is the process of changing the character (not just the appearance) of your risk management, always for the better.
In order to transform, you need to:
This smells of risk management maturity analysis, and in many ways it is. The difference is to focus on the practical steps which will achieve the right transformation. The following article attempts to answer the why? what? and how? of risk transformation.
We transform to get better. In simple terms it is to maximise the return of your risk management investment. Risk management is often considered just compliance, insurance, an overhead, an annoyance etc. This attitude drives the inevitable desire to curtail risk management to the bare minimum required. Risk management becomes risk minimisation. This attitude misses the fact that risk is “the effect of uncertainty on objectives” implying that risk management is the management of uncertainty on objectives further implying that risk management is really objectives or outcomes management. It is hard to argue that managing objectives and outcomes is not an enabler. When risk management is positioned in this light, it becomes by default, an enabler. The key to risk transformation is therefore to position it as a key enabler of your business using a process that is well understood, fully embedded in the business and efficient and effective to use.
Transform to what?
The first step is a stocktake of where you are at present. A maturity analysis is useful. Most process maturity models recognise 5 stages of maturity, as in Fig 1, from “Initial” where risk management is performed by your heroes in a crisis, all the way through to optimised where risk management is fully embedded into everything that you do, is proactive and is fully supporting the success of the business outcomes. Read the eBook: A practical guide to Risk Maturity.
Fig 1: Risk Management Maturity
The key components to assess are:
The key is to determine a blueprint of where do you want to get to and by when. What does each of the above components look like in your blueprint?
How to transform
The first step to making risk management transformation happen is to determine the gaps between where you are now and your blueprint.
These gaps should then be broken down into management steps and a project plan created. It is about making it happen. To successfully transform you need to focus on the following key elements:
Author of 'A Short Guide to Operational Risk', David Tattam is an internationally recognised specialist in all facets of risk management, particularly at the enterprise level. His career includes many years working with PwC, as well as two Australian banks. His achievements include the creation of the Middle Office (Risk Management Department) for The Industrial Bank of Japan in Australia and the complete implementation of all Australian operations, systems, procedures and controls for Westdeutsche Landesbank (WestLB).