This post is intended to provide the foundational concepts around organizational sustainable risk management factors. This post also recommends adopting sustainable risk management as a core discipline within sustainable change delivery. This is part of a series that provides the foundation for understanding sustainable change delivery.
“It is far better to grasp the universe as it really is than to persist in delusion, however satisfying and reassuring” – Carl Sagan (1997).
(Quote borrowed from Douglas Hubbard’s The Failure of Risk Management)
There are a number of organizational concepts that are important for organizational sustainable risk management, including the following:
“Risk tolerance
Is defined as ‘the threshold levels of risk exposure which, when exceeded, will trigger an escalation’” (OGC, p. 15, 2012).
“Risk capacity
Is the maximum amount of risk that an organization, or subset of it, can bear, linked to factors such as its reputation, capital, assets and ability to raise additional funds. In the public sector, risk capacity might be defined by an external regulator, or by a government minister.
Risk appetite
Is the amount of risk the organization, or subset of it, is willing to accept” (OGC, pp. 13-15, 2012).
The following paragraph was modified from Jonathan Reuvid’s 2012 work “Managing Business Risk: A Practical Guide to Protecting Your Business” to help provide context for these concepts.
Exhibit 1: Appetite versus tolerance (Reuvid, p. 17 – Figure 1.2.2 – Source IRM, 2012).
“[Exhibit 1a]… depicts expected business performance over time.
Exhibit 1a: Business performance over time (Reuvid, p. 17 – Figure 1.2.2 – Source IRM, 2012).
In practice, performance is subject to risks that, if they materialize, could result in a range of performances [exhibit 1b]…
Exhibit 1b: Possible outcomes (Reuvid, p. 17 – Figure 1.2.2 – Source IRM, 2012).
This gives the potential risk ‘universe’ [exhibit 1c]. It is clear that line AC is not desirable. However, it is not necessarily obvious that line AD also might not be desirable; extreme success might itself produce additional risks.
The appetite for risk, however, is likely to be shown by a narrower band of performance outcomes, depicted in the triangle AMN [exhibit 1e]. So tolerance becomes about absolute values, e.g. ‘We will not expose more than x per cent of our capital to losses.’ Risk tolerance statements become lines in the sand beyond which the organization will not proceed without board approval (although, of course, the board may grant it), whereas risk appetite becomes about what the board wants to do.
Access to competent individual sustainable risk managenent practitioners is key to allow the organization to leverage the skills and experience to accept, adopt, and integrate these competencies into the organization. However, the organization needs the management systems and structures to support the successful organizational implementation and benefits from sustainable risk management.
Peter Milsom is an entrepreneurial advocate for sensible, sustainable change delivery practice. Peter has come to realize that sustainability is the perfect catalyst for Project / Programme / Portfolio / Risk / Value / Business Case and Benefits Management improvement.
As an entrepreneurial methodologist Peter's unique value proposition is the vast array of tools and techniques that he brings to every engagement using the most cost effective and efficient methods based on the situation and tailored to meet your needs. This is based on his unique combination of experience and extensive training / certifications in change delivery, value / risk / benefits management business case, and business architecture.