Professional Documents
Culture Documents
Harnessing complexity: the risk professional’s role / Eye of the beholder: why each
organisation has multiple reputations / Navigating the storm: charities in turbulent times /
On the front line: COVID and risk in the NHS
ADVERT
Enterprise Risk 2
Enterprise Risk Editorial
Autumn 2022 Digital-first evolution
T
Editor his month marks an important milestone in the evolution
Arthur Piper
of Enterprise risk magazine.
Produced by First, I’m proud to announce the launch of our all-new
Smith de Wint
Cobden Place, 5 Cobden Chambers Enterprise risk website. Following the redesign of the print
Pelham Street, Nottingham, NG1 2ED magazine last year to reflect our increasing focus on a digital-
Tel: +44 (0)115 958 2024
risk@sdw.co.uk first communication strategy, we have thoroughly refreshed the site to
www.sdw.co.uk build on the work we started in 2021.
Sponsorship and Not only does the site get a stylistic overhaul, but there is more content
Advertising Sales Manager and better integration between the editorial we produce at the magazine
Redactive Media
IRMsales@redactive.co.uk and the excellent communication efforts of IRM’s Special Interest Groups,
Tel: +44(0)20 7324 2753 thought leaders and marketing gurus. It should be now much easier for
Enterprise Risk is the official publication of members to search and explore a wide range of risk management topics
the Institute of Risk Management (IRM). all in one place – rather than having to switch between the magazine and
ISSN 2397-8848 member websites. In addition, individual magazine issues and the features
they contain are easier to find and read online.
About the IRM
The IRM is the leading professional
body for Enterprise Risk Management
(ERM). We drive excellence in managing
risk to ensure organisations are ready for
the opportunities and threats of the future.
We do this by providing internationally We have worked hard over the past
recognised qualifications and training,
publishing research and guidance, and
setting professional standards.
year to make the publication ready
For over 30 years our qualifications have to take advantage of the range of
been the global choice of qualification for
risk professionals and their employers. benefits digital media can bring
We are a not-for-profit body,
with members working in all industries,
in all risk disciplines and in all sectors
around the world.
Institute of Risk Management Anyone who has worked on website projects will understand that
2nd Floor, Sackville House, 143-149 for those concerned they are akin to real-world megaprojects with
Fenchurch Street, London, EC3M 6BN
Tel: +44 (0)20 7709 9808 complexities only slightly less enmeshed than those described in our
Fax: +44 (0)20 7709 0716 cover story special focus for this issue. So, thanks to all concerned in
enquiries@theirm.org
www.theirm.org that process – but especially to our design guru Mark Leatherland for
creating such a stunning look from our less than coherent plans and
Copyright © 2022 Institute of Risk
Management. All rights reserved. ideas and to IRM’s website engineer and widget wizard Barry Disley
Reproduction without written permission for making it all work.
is strictly forbidden. The views of outside
contributors are not necessarily the views Second, the Autumn 2022 issue of Enterprise risk will be the last
of IRM, its editor or its staff. to be printed physically. We will continue to produce the same
quarterly publication and deliver it to you in a digital format. But
having worked hard over the past year to make the publication ready
to take advantage of the range of benefits digital media can bring –
including the imperative to reduce our carbon footprint – the launch
of the new site seems to be the right time to make that move.
Now that the new website is live, we will be exploring better ways
to communicate with you about the pressing matters that risk managers
face – and helping you link and communicate with like-minded risk
professionals and the resources you need to help you grapple more
successfully with those issues.
Arthur Piper
Editor
Autumn 2022 3
CLIMATE CHANGE
World@RIISK & ESG FORUM HOSTED BY
15 NOVEMBER 2022 | SAVOY PLACE | LON
LONDON
DON
ADVERT
Aimed at both risk professionals and senior decision-makers
FEATURED SPEAKERS
16 22
10 26 30
Features REGULARS
38 Toffler
innovation and value creation. pressure on the health
IRM’s Risk and Complexity professionals and risk managers Since organisations and
Special Interest Group enables working in the NHS. While societies depend on electricity
practitioners to better understand there are still huge challenges, for their digital operations and
and collaborate in this area risk management has become everyday existence, it is time to
part of the everyday working take solar flares seriously
life at NHS Borders
Autumn 2022 5
Advertorial
T
tangible targets to build trust and
transparency while demonstrating the
he importance of Sustainable Development company’s values and commitment
Environmental, (WBSCD) and the World to ESG. Activities and progress can
Social and Resources Institute’s (WRI’s) then be tracked against a set baseline,
Governance (ESG) Greenhouse Gas Protocol which in turn can provide insight into
performance can or ISO 14064-1 setting the key areas of improvement as well as
no longer be overlooked as basis for how companies progress of the broader industry.
pressure from shareholders categorise and calculate their Through robust assurance
and consumers puts it at greenhouse gas emissions. frameworks, insight can extend
the top of the agenda for The “S” in ESG can be into the supply chain to gain better
many businesses. This means that more subjective, as these activities visibility of the impact of suppliers and
stating intentions with no evidence often deliver impact that is less tangible subcontractors. This can highlight any
of action is no longer enough and and harder to quantify, for example the potential risks hidden within the supply
can pose reputational risks and positive effects of a responsible sourcing chain but also enable businesses
accusations of greenwashing. policy or efforts to support employee to demonstrate the impact of their
A collaborative supply chain health and wellbeing. These types of broader networks. This enhanced
approach is needed to evidence activities go beyond delivering financial visibility can foster better methods
action throughout an organisation and value to champion commitment to ESG, of quality and control, and ultimately
its supply network, which will in turn establish brand purpose and positively help build stronger relationships
deliver outcomes that can stand up engage employees, customers and throughout the supply chain.
to stakeholder scrutiny and ultimately partners to drive business growth.
help future-proof businesses against In both cases, companies face Act now to demonstrate
evolving regulation and social change. the challenge of accurately collecting commitment
and aggregating the necessary data Businesses that want to achieve the
Starting with standards to support their ESG targets and greatest return on their ESG investments,
Recognised industry standards play a claims and demonstrate progress. while continuing to build trust and
key role in establishing trust by providing Accurate data is underpinned by transparency with stakeholders,
a consistent reporting framework for robust management systems. partners, clients and employees,
businesses. Frameworks such as the need to establish robust methods of
Task Force on Climate-Related Financial Improving insight measurement and assurance now.
Disclosures (TCFD) and the Sustainability to identify risks For an ESG strategy to have
Accounting Standards Board (SASB) For taking positive steps now, the desired and greatest impact,
give companies a common set of businesses can act by implementing measurement and assurance need
guidelines for reporting transparently. a robust management system and be introduced across businesses
Currently, the “E” in ESG is the auditing solution. A management and their supplier network. By acting
most consistently reported, with system will help any size of company now, businesses can get ahead
carbon accounting standards like set internal processes to ensure ESG of their competition and be better
the World Business Council for targets are met and progress is real. positioned for new legislation.
Enterprise Risk 6
IRM Viewpoint OPINION
T
likelihood by taking well-informed,
here has been a options for response. At present, strategic steps to bolster resilience.
lack of foresight and renewable energy sources are What this current situation
understanding of the too few and too unreliable. has highlighted for many is lack
risks facing energy Moving to renewables will take of joined-up thinking when it
supply for some time. time. Today, mitigating against comes to the strategies, initiatives,
Centralised planning of energy the risk of failing to deliver secure policies, planning and geopolitics.
markets is deemed necessary, but and affordable energy could mean Failures in constructively
the current crisis raises doubts using a mix of energy sources – challenging embedded thinking,
over the efficacy of the methods including fossil fuels and nuclear a willingness to accept optimist
and approaches governments energy – in the context of building timelines for environmental
have used to assess and a low carbon economy in future. targets and a gaping lack of
understand the relevant risks. But any strategy must take account accountability when it comes
A belated decision by the UK of the weather – the single most to planning and understanding
government to fire up coal plants is important factor impacting risk, opportunities and reward
commendable as a relative quick- demand for electricity and gas. have all combined to create a
fix to a pressing problem – even That is why factoring anticipated crisis which, ordinarily, could
if the costs of recommissioning changes to the climate into our and should have been avoided.
defunct plants will be inflationary forward planning and scenarios Building resilience in the energy
and fall on the shoulders of needs to form part of critical sector and future-proofing critical
struggling taxpayers. But polite systems planning. That would industries is a long-term project.
requests for consumers to use help provide a wider range of It requires better strategic risk
less energy is unsustainable and potential outcomes, and with that, management so that the country
does nothing to build resilience development of effective responses. and the global community can
into the energy sector. Risk management and the avoid defaulting to reaction mode
attainment of resilience is every time a major crisis hits.
Too green too quickly? a forward-looking, strategic
In our view, a single-minded process, but history can teach
rush towards creating a low useful lessons. In this current Grant Griffiths, an IRM
carbon, net zero energy system debate and looming crisis, affiliate, Dylan Campbell, a
is a miscalculation. While successive governments have technical specialist, and Alexander
commendable in principle, in failed to grasp the nettle in the Larsen, CFIRM, are members of
practice it has limited our ability effective regulation of the energy IRM’s Energy and Renewables
to respond to the current crisis market because of short-term, Special Interest Group.
because it has narrowed the over-optimistic thinking.
Autumn 2022 7
Trending DATA
Enterprise Risk 8
Regulation increases Supply chain
for banking sector environmental
impact gains
Firms respond by demonstrating visibility
sound compliance culture
The same
as today
2021
Over the next 12 36% 32%
months I expect the Indirectly Directly
amount of regulatory
information published
by regulators and
18% 10%
None Decision
exchanges to be... maker
2020
50% 44% 29%
Indirectly Directly
Slightly more
than today
But proper risk management
Over the next 12 months I expect more assessments still low:
compliance involvement in:
We have a general
44%
sense of potential
future climate risks
based on events from
the last three years
55%
Assessing cyber
47%
Implementation
42%
Post-pandemic 27%
We have conducted
a climate change risk
assessment and ident-
ified our most critical
resilience of a demonstrably review/planning supply chain risks
compliant culture
We have conducted
18%
climate change risk
assessments and
scenario planning
for our supply chain
42%
Assessing effectiveness
42%
Setting of compliance
40%
Setting of risk 11%
We do not consider
climate change as
a future risk
of corporate governance budget and other risk appetite
arrangements management resourcing
Sources: State of supply chain sustainability report 2022,
MIT Center for Transportation and Logistics | Gartner
Source: Regulatory intelligence: cost of compliance 2022, Thomson Reuters supply chain practice, July 2022
Autumn 2022 9
Complexity
and risk
BY ARTHUR PIPER
Enterprise Risk 10
Feature COMPLEXITY SPECIAL
A
lmost a decade had a valid understanding
ago, Warren Black of complexity nor were they
left Deloitte in looking at the problem through
Brisbane, Australia, the right lens,” he said.
to work on a nearby
infrastructure mega-project with Guiding theories
British Gas. The company’s QCLNG The QUT Faculty of Engineering
programme was a $27.5 billion then encouraged Black to turn
initiative aimed at propelling the his rough hypothesis into a PhD
business into the drilling and by research, and seven years
extraction side of the energy of part-time study later, he has
industry. Up until then, British submitted the document for final
Gas was primarily a shipping examination – a process that is
and transportation business, so likely to be over within the next
it had little direct experience of few weeks. While the hard core
delivering such a venture – or of of the field is defined by mind-
running that size of mega-project. numbing mathematics, Black
Warren was about ten years has distilled that learning into
into a risk management career, some pragmatic definitions that
so he accepted the challenge. He should be of practical use to risk
Warren Black
agreed to develop an integrated managers. In fact, Black’s research
performance and risk reporting into complexity in large-scale
framework over numerous project management school. Not only engineering projects initially
control areas, oversee the project was there a lot of money flowing pulled together two overlapping
performance and risk metrics and into research because of a big oil fields of research – complexity
ensure that British Gas’s project and gas boom in the region, but theory and systems theory.
risk and assurance standards were complex projects had moved centre As one might expect in a fast-
applied consistently across the stage. Warren started working moving academic field, there is
programme’s control framework. with the school to develop some no accepted definition of the term
A few months into the project concepts around the complexity complexity. But it derives from the
and Black and his team realised he was experiencing on the Latin word complexus: something
that British Gas’s standards were QCLNG project. Six months later, made up of many parts. So, for
not designed with highly agile, British Gas started experiencing Black, complexity describes a
complex environments in mind. financial constraints on its situation in which there are many
“There was nothing wrong with the QCLNG programme and began to contributing components with
standards, but they had come out restructure its priorities. Black had multiple interfacing relationships
of a conventional-style engineering a handful of half-formed ideas and – but it is also a situation that
environment and did not fit a lot a practical conundrum that he felt is dynamic, so its components
of the contextual complexity we needed an urgent answer – how and relationships are continually
were seeing in the project,” he says. does complexity influence risk in evolving and changing.
At that time, Black started modern working environments? David Snowden, a pioneer in
collaborating with Queensland “I realised that there wasn’t the field and someone who Black
University of Technology (QUT), enough experience in the industry refers to in his own work, has
which was in the process of setting to manage complexity in these made the distinction between
up an executive programme projects because people neither complicated and complex
Autumn 2022 11
systems. Black says an example behaviours, which means we says. “Now, today’s systems have
of a naturally complicated body can control the whole system.” unique characteristics. There
would be an airliner. It has many is only one eBay or Amazon –
parts, but each of those parts Why now? they are global phenomena:
works in linear, predictable ways. As with many Western theories, one system with multiple
Once you have manufactured one Black found that ancient Greek connections and interfaces.”
airliner, you can simply repeat philosophers such as Archimedes And that brings us to the
the process as many times and in identified complexity in natural crux of the modern problem:
as many locations as you wish. systems as a problem many “We are now having to think
But complex systems such centuries ago. That made him about systems, and the challenge
as weather patterns, immune question why the field had begun we have is that too much
systems, the human brain to gain more traction in academic of our thinking comes from
and economic markets are and related subjects during the industrial-era methods in a
essentially unique. They may last 20 to 30 years. The rise of systems-driven world. Those
have similar components computerisation during the management ideas and control
and overlapping patterns, but 1970s and 1980s – as well as our standards developed during the
because of their dynamic nature progression into the so-called industrial manufacturing age
they are continually shifting, Fourth Industrial Revolution today are no longer fit for purpose for
evolving and transforming in – has made complex systems the age of complex systems.”
unpredictable ways. Complexity more relevant to our everyday
theory seeks to recognise, life. In turn, complex systems Natural resilience
understand and control this theory has become a mainstream While Black had found a way
advanced number of transforming management philosophy, of describing the control of
relationships in any one system. rather than a niche science. complex systems, he realised
Systems theory intersects In the early 20th century, large that the kind of resilience that
with complexity theory because industrial behemoths dominated came from the linear thinking
that often dominates traditional
risk management practices
may not effective. “If you talk
Complexity theory seeks to recognise, about engineering resilience,
it generally refers to a building
understand and control this advanced or infrastructure being able to
weather a destructive shock and
number of transforming relationships retain its existing form – or return
in any one system to it: bouncing back or staying
where you are,” he says. But it is
the nature of complex systems to
be in a state of flux – so normal
it seeks to recognise, understand the world: Ford, General Motors, can only be defined in relation
and control how the relationships U.S. Steel, DuPont and others. But to the most current state of the
between the components in a while they were big, they were system. It describes a contextual
complex system work. “Both only complicated. Their factories state rather than some ideal form
theories essentially look at how followed linear processes that were that a disrupted system could
to control outcomes for such dependable and repeatable. By snap back into after a crisis.
phenomena as the weather or contrast, the operations of Apple, “One of the challenges that
the economy,” Black says. For Facebook and Google are not as we have right now is that the
engineers that means looking linear or obvious as the previous conventional view of resilience,
at how to understand the generation of industrial giants. particularly in risk management,
connections between humans, Each organisation’s customer almost seems to come down to
technologies and mechanical service offerings are underpinned business continuity planning
operations – and how to control by complex, information- (BCP) and disaster recovery
those relationships for efficiency sharing systems, which makes planning (DRP),” Black says.
and for less hazard and risk. them far more systemically He says that this approach
“The goal is to try to control connected and driven. means that organisations
the system – understand what “Complicated systems are must first experience a crisis
it is, how it behaves and, most easier to fix because once you or disruption before resilience
importantly, what drives those find the part that is not working can be demonstrated. In most
behaviours,” Black says. “If we you can mend or reconnect cases, those plans strive to get
understand what drives the it and your production or organisations back to business
behaviours, we can control the operations start again,” Black as usual. But most organisations
Enterprise Risk 12
CONVENTIONAL RISK MANAGEMENT DOES NOT
ACKNOWLEDGE THE RULES AND SCALES OF COMPLEXITY
Complex
expected or uniform
Risks are known,
INHERENT
NATURE
OF RISK
DISCREET SYSTEMIC
Risks are independent, Risks are connected to many
isolated or localised contributing or dependant factors
Autumn 2022 13
THE FOUR FOUNDATION PRINCIPLES
OF COMPLEX SYSTEMS THINKING
Acknowledge the Focus more on the System behaviours are Allow for shifting states
advanced systemic state connected whole than influenced by signals and differing orders
Complexity exists when the individual parts and feedback A complex system will
there is an advanced The behavioral outcomes Complex systems are driven shift between various
degree of system driven of a complex system by the signals and feedback higher and lower orders
interactions, changes are determined by how generated by their internal – at each differing level,
and variability. the system is allowed to components interacting with specific behaviours and
Complex systems collaborate as a “whole” both each other, and the phenomena will emerge.
thinking acknowledges (aka harmonise). surrounding environment. Complex systems
that such advanced states Complex systems Complex systems thinking requires
require equally advanced thinking focuses more thinking aims to improve the management control
thinking & methods. on influencing the whole manner and quality of signals solutions to offer high
rather than each of the and feedback because high agility, scalability and
individual constituent parts. quality signals and feedback responsiveness.
= high quality behavioral
outcomes (and vise versa).
Enterprise Risk 14
Risk managers need to be asking how they can help their
organisations build up natural resilience so that they do not
need to predict crises, because they have the right systems
in place to deal with any events as they arise
focus more on the connected determined by only a handful management has not got right yet,”
whole of the system rather than of leading contributing agents. Black says, “because each of the
its individual components. In “Risk managers need to pick four different scales of the same
risk management, individual out what the leading contributing phenomenon need four different
components are often put on a agents are – and if you can risk strategies.” The closer to
heat map and assigned separate influence, say, those three to five complexity and chaos the system
controls that are prioritised in agents, the signals and feedback gets, the more natural systems
relation to impact and likelihood. that they will generate will be in resilience and complex systems
“As soon as a whole series of the direction of what you want,” thinking becomes relevant.
contributing components are Black says. “It may never be total In addition, the controls
connected into a common control so that it does exactly and processes that work in one
goal – in other words the what you want it to do, but if environment are not guaranteed to
organisation – it is a system of you influence them positively, work in another, so organisations
co-dependent risks,” Black says. you will more often than not may need to build a whole new
“When we are dealing with risks get positive risk outcomes.” risk strategy for each complex
in a complex environment, we The fourth principle is to system. “Risk managers need
should be looking at managing recognise that all genuinely to be asking how they can
the whole system not merely complex systems will shift help their organisations build
the individual contributors.” through differing states and up natural resilience so that
He sees this as a critical orders as they naturally evolve they do not need to specifically
learning for macro-global threats and transition. With each new predict crises, because they
such as growing economic state or order, new phenomena have the right systems in place
vulnerability, increasing and behaviours specific to that to deal with any events as and
COVID disruption, geopolitical order will emerge. For this reason, when they arise,” he says.
tensions and climate change. standardised, “one size fits all” Black is optimistic for the
They cannot sit as individual approaches to management profession. In engineering
items on a risk register because control are extremely limited and many other management
they cut across many parts when engaging complex problems. courses, systems thinking and
of the organisation in often complexity theory are becoming
unpredictable ways. “They are all Multiple scales mainstream. Recently, for example,
connected and need managing Black says that in order to address IRM launched its own special
as a co-dependent connected this multiple shifting order interest group on the issue. The
system because they all drive and challenge, Snowden developed a social environment of the Fourth
influence each other,” he says. framework, as early as the 1980s, Industrial Revolution and the
Principle three recognises that is still relevant today. It businesses that dominate the
that because complex system demonstrates how complex states economic landscape are in tune
behaviours are influenced by shift between differing levels of with networked reality – people
signals and feedback, they react to organisation. A phenomenon can are increasingly experiencing
changes in the environment and to jump from complicated to chaotic complexity in their everyday
the behaviour of the other elements very quickly, or from complex lives. He urges those beginning
in the system. Take a flock of birds, to obvious. Black’s preferred careers in risk management to get
which is influenced not only by the example is the conflict in Palestine: involved and take some courses on
behaviour of the predominant half one day it is complex, the next complexity management. “If you
a dozen members of the flock but chaotic – but rarely is it simple are brave or bored, do a master’s
also by the changing environment or ordered. In essence, every or PhD in applied complexity or
and by feedback from each other. complex environment has multiple systems thinking to a particular
Fortunately, control agent theory scales, and for every scale or problem,” he says. “But at the
comes to the rescue. It says that no order, new phenomena and, more very least, read the books on
matter how complex the system importantly, new rules emerge. complexity and contribute in
is, its entire behaviour is normally “This is something that risk your own unique way.”
Autumn 2022 15
Feature COMPLEXITY SPECIAL
Harnessing
complexity
BY GRAEME MILLER AND MICHAEL BARTLETT
B
ack in the 17th of risk information today. Complexity in a nutshell
century, Isaac Our organisations and Put simply, complexity risk is
Newton’s mechanistic the environments in which the type of risk which arises
interpretation of the they operate have changed from, and is unique to, complex
world allowed for immeasurably since the systems. However, before
reliable predictions to be made mechanistic age, and the world we can identify and manage
with a degree of accuracy is now understood to operate as complexity risk, we must first
never seen before. This helped a multitude of complex systems. understand the characteristics
fuel the Industrial Revolution Current and recent events of complex systems. To do this,
and with it, the accepted including Brexit, COVID-19, the it is useful to delineate the
structure of organisations. ongoing war in Ukraine and a difference between complicated,
Companies were viewed as looming recession have served complex and chaotic systems.
machines which could be tweaked to further demonstrate this. Complicated systems are
and oiled to work faster and With modern organisations rich in detail whereas complex
produce more. As the repetitive now being the epitome of systems are rich in structure. A
tasks undertaken by employees complex systems, we must good example of a complicated
became increasingly specialised, adapt our risk management system is a car engine. It contains
internal departments had less approach accordingly. To borrow many parts all working together
understanding of what the from Newton, if we want to for a common purpose. Critically,
others were doing. These were see further, we too must stand however, the behaviour of the car
early examples of the siloed on the shoulders of giants and engine can be designed, predicted
organisational structures that take risk management to the and accurately controlled.
we still see impeding the flow next stage of its evolution. This is not the case with
Enterprise Risk 16
With modern organisations now
being the epitome of complex
systems, we must adapt our risk
management approach accordingly
Autumn 2022 17
COMMON FEATURES Complex systems
OF COMPLEX SYSTEMS themselves often
■ Self-organisation into patterns (as with have complex
flocks of birds or shoals of fish) systems nested
■ Sensitivity to initial conditions (the famous butterfly effect) within them
■ Perceived rare events happening more regularly
than would seem likely using standard modelling these self-organising components
techniques (think market crashes) will exhibit the characteristics
of a complex system. They are
■ Adaptive interactions (where agents in the system of course made up of people,
respond to changing conditions based on experience) each of which is a complex
system of cells which function
■ Feedback loops, where a change in a variable results in as independent agents and self-
either an amplification of that change (positive feedback) organise to form a multi-cellular
or a dampening of that change (negative feedback) being. Complex systems therefore
do not operate in isolation but
■ Limited ability to consistently predict outcomes. interact with others, both within
and outside of the nested system.
These can include interactions
with external physical, technical,
complex systems, such as forest to demonstrate how the laws environmental, economic and
ecosystems or the economies governing elemental components socio-political complex systems.
of countries, which grow, at a micro level constrain Complexity risk comes
adapt and evolve according to behaviour at a macro level. with additional concerns and
external conditions and the When the sensitivity to initial considerations. Due to the high
behaviour of agents operating conditions in a complex system degree of interdependence and
within them. While these becomes more pronounced, emergent behaviour, root causes
examples of complex systems are chaotic systems are produced and subsequent impacts of risk
ostensibly very different, they in which we have even less events are far more difficult
share common features which capacity to forecast outcomes. to ascertain. What appears to
distinguish them from merely This is illustrated by the famous be an obvious antecedent or
complicated systems (See Common analogy of the butterfly effect consequence of a risk event may
features of complex systems). put forward by Edward Lorenz turn out to be miles off the mark,
As a result of the listed in 1963, where the flapping of a leading to a loss of control.
features of complex systems, butterfly’s wings might ultimately If the system escalates from
behaviour which cannot be lead to a tornado. While the complex to chaotic, producing
explained as the simple sum inputs and immediate outputs meaningful forecasts and
of the parts becomes apparent. are not random in isolation, the formulating impactful mitigations
This critical determinant of a number of variables and their will become less and less viable.
complex system is known as sensitivity to initial conditions This is compounded where
emergent behaviour. A good mean that they appear random bidirectional dependencies
example of emergent behaviour when analyses are repeated. and interrelationships exist
is the property of consciousness This makes chaotic systems between internal departments
arising from the interaction of extremely difficult to predict and external bodies.
neurons in the brain. There is up to a certain point, beyond Complex systems exhibit
nothing in the individual neurons which it becomes impossible. distributed rather than centralised
or the simple rules by which control where decisions and
they are governed to suggest Nested systems actions are taken without
consciousness will emerge. Clearly, Complex systems themselves structured coordination. While
however, the science of analysing often have complex systems efforts to exert top-down influence
the behaviour of individual nested within them. Very much will yield some of the desired
neurons is vastly different from like Russian dolls, a global results, consideration must be
analysing human consciousness corporation might be made up of given to the fact that control
and its resultant behaviour. This regional offices each containing largely sits with agents in the
comparison can be taken further departments and teams. Each of system. But, if used correctly,
Enterprise Risk 18
An example of emergent behaviour is the property of consciousness arising from the interaction of neurons in the brain
the distributed control feature of and Changing the viewfinder from and used in a meaningful way.
complex systems can promote the Enterprise Risk, Spring 2022). This Harnessing and analysing data is
effective deployment of employee demonstrates some consensus on vital to the management of risk
skills and expertise across the need to move away from our in highly unpredictable complex
contemporary organisations traditional methods or, at the very systems. By identifying recurrent
least, enhance them to cope with themes in our data, lessons can
Levels of complexity our new hyper-connected world. be learnt from actual events.
Organisations often fail to By adopting a narrow, siloed This is our best defence against
appreciate the levels of complexity approach to risk management, uncertainty in complex systems
inherent in their structures and organisations leave themselves in and supports the development
interactions with the outside the dark. Breaking an organisation of mitigation measures that
world. With multi-tiered supply into bite-size chunks makes sense can be applied time and again –
chains employing just-in-time from a management perspective, while continuing to learn from
methods, rigid hierarchical but we must be mindful that this their successes and failures.
management structures, and creates barriers to the efficient The influence of human factors
increased public and regulatory transfer of risk information. This such as biases and heuristics in
pressure to consider social and does not just apply internally, the identification, assessment,
environmental impacts in our but to the wider extended management and communication
operations, there have never been enterprise including suppliers, of complexity risk is frequently
more factors to consider in risk contracting partners, customers, underappreciated. The perception
management. These points have shareholders, stakeholders and of an individual risk can vary
been examined in detail in several the wider public network. greatly depending on the views
recent issues of Enterprise Risk (see Complex organisations produce and experiences of the person
Chain reactions from Enterprise Risk, vast amounts of invaluable data in looking at it. Moreover, with people
Summer 2021; Listening and learning their day-to-day activities. Often, acting as agents in the complex
from Enterprise Risk, Autumn 2021; however, this data is not collected system of an organisation, their
Autumn 2022 19
interactions with each other will It is important to note that modelling complexity risk by
produce emergent behaviour complexity is not something that recognising it’s all connected.
and create additional risk. can or should be stamped out, but In Listening and learning, Stephen
Failing to recognise these factors instead needs to be understood and Sidebottom also highlights that risk
leads to inaccuracies in our risk embraced. As much as it presents professionals are required to have
comprehension and potentially challenges for those seeking to a suite of persuasive “performance
leaves us further exposed. On manage the associated threats, skills” to drive successful risk
the other hand, capturing the it creates opportunities for those management. These skills will be
success or failure of specific who are open to them. Complex called upon to sell the benefits
actions or inactions can help systems thrive on diversity. The of complexity risk management
to overcome such biases. more sources of information, to the board. However, this is
Enterprise Risk 20
ADVERT
EYE
OF THE
BEHOLDER
Enterprise Risk 22
Feature PRACTICE
R
eputational risk is reporting can also determine the picture is complex. Amazon
unique. Not only is how investors perceive an is one classic example of this
it influenced by a organisation. If investors view divergence in stakeholder
corporation’s own an organisation as financially opinion – investors tend to view
actions, but it is also unstable, it can determine whether Amazon quite positively, which
influenced by external events that they decide it will provide a return can be in marked contrast
can be beyond a company’s control. on their investment and affect to press reports saying that
But importantly, an organisation’s the company’s market value. employees have rebelled against
reputation is primarily grounded in The difference between book pay and working conditions.
the perceptions of its stakeholders. value and market value is often
An accounting error could ascribed to reputation, which can Causes of risk
slash share prices, rogue employee account for anywhere between The growing threat to company
misbehaviour may damage 10 per cent to 70 per cent of a reputations stems from the
perceptions of corporate culture, company’s market capitalisation. volatile economic and political
a company may find itself out No industry or sector is immune environment of the modern world.
of step with prevailing societal
attitudes on sensitive subjects.
Simply put, reputational risk is the
potential for any event, controllable An organisation’s reputation is
or otherwise, to damage an
organisation’s reputation. It primarily grounded in the perceptions
is the risk from stakeholder
perceptions to profitability, brand
of its stakeholders
value, authenticity or ability to
perform your corporate function.
to the shifts in public perception, There are three specific trends that
Impacts and the current political and we can point to that contribute
Reputational risk does not only economic environment makes towards the increased threat
impact share price but can also companies more vulnerable to to corporate reputation: hyper-
create long-term operational these changes. It is important transparency, interconnectivity
issues for a company. For example, for business leaders to recognise and media anarchy.
if employees feel undervalued, that companies often have Hyper-transparency
this can have a detrimental multiple reputations, whereby represents the rising demand for
impact on the way a company their reputation differs accountability from stakeholders,
is viewed as an employer and depending on the stakeholder. a development that has forced
affect its ability to hire talent. For example, investors companies to become more open,
This is a particularly acute issue and customers may view a even if they have traditionally shied
in the current environment, particular company in completely away from transparency. This
where labour shortages are rife. opposing ways. This makes has marked a shift in the power
Additionally, research by the it difficult for companies to balance between companies and
Harvard Business Review found anticipate reputational risk as their stakeholders, with the power
that a company with 10,000 moving towards stakeholders.
employees and a bad reputation Interconnectivity represents
A Bad Reputation Costs
could be spending $7.6 million in a Company at Least the fact that we live in an
additional wages to counter it. 10% More Per Hire incredibly interconnected world
A lack of transparency in https://bit.ly/3pVRKDC – one in which stakeholders
declaring financial results and with shared interests and values
Autumn 2022 23
It is important for business leaders to recognise that companies
often have multiple reputations, whereby their reputation
differs depending on the stakeholder
are able to mobilise quickly on their reputational risk, which social media posts or bad press.
certain issues. There are 50 can help them to effectively Finally, companies need
billion connected devices in the manage issues. Methods of to be prepared to act quickly
world right now, which makes measuring reputational risk when an issue emerges, and
it easier for individuals to stay include creating a reputational risk having a rational contingency
up to date and react to issues assessment, which can help draw plan in place is always helpful.
they are passionate about. a baseline for where a company With the help of stakeholder
Finally, media anarchy – the sits within the perception of its intelligence, companies can
media plays a massive role in stakeholders, and in comparison anticipate emerging issues and
today’s society, and with the rise of to direct competitors, comparable act to mitigate the reputational
fake news and artificial intelligence organisations and the sector damage. They must be prepared
technology, it can seamlessly as whole. Once this baseline to communicate quickly and
spread fake content in real time. is established, variations from reach all their stakeholders.
Such content can be hugely the norm can be tracked. Not communicating effectively,
damaging to business reputations. By gathering data from social or allowing external parties to
This context has created a media, print news, online and uncover the issue, results in more
chaotic environment for businesses broadcast channels, companies frequent and more damaging
to navigate and has resulted in can listen to and analyse the reporting of an issue, prolonging
stakeholder entropy. Stakeholders thoughts and feelings of their the impact of the attack. Similarly,
are demanding accountability, yet different stakeholders. Using organisations should be ready
they do not have the means to machine learning and connected to acknowledge mistakes. They
decipher whether companies are intelligence tools, they will should demonstrate that they
being truthful and as a result feel be able to mine this rich data have identified and recognised
like they don’t have any control stream to identify sentiments the root causes of the crisis. This
over the world they live in. and topics that pose potential should be followed by making
All in all, businesses are risk. This allows businesses the necessary changes across
operating in an incredibly to define their own specific the organisation to address these
challenging environment in which reputational risk categories. causes and rebuild credibility.
stakeholder relationships need Once companies have an
to be managed very carefully. accurate measure of reputational Climate crisis and banking
Companies are no longer solely risk, they can implement Let us consider an example to
judged by their economic measures to protect against illustrate how the management
performance; they are also judged risk. One option is reputational or mismanagement of issues
by their contribution to society, risk insurance, an embryonic can affect reputational risk for
which makes it a tough balancing industry designed to cover the businesses. Sustainability is
act when some stakeholders costs of past and future damage arguably the most reputationally
are more concerned about to organisations’ reputations. impactful issue that companies
economic activity than societal However, companies also must deal with at the present
contributions, and vice versa. need to be proactive and have a time, and their response to that
foolproof engagement plan for issue is heavily scrutinised by
Measuring and managing stakeholders. Companies need stakeholders. Stakeholders are
Typically, businesses conflate to address all of the areas of looking for companies to drive
issues management and crisis their business that can produce change in reducing their carbon
management when it comes to reputational risk, be it disgruntled footprint, while making positive
reputation. But in reality, they employees, poor decision-making contributions to the environment.
should treat issues management by the CEO, data breaches, negative During COP26, several
as a day-to-day task. Ideally, organisations in the banking
issues management should An introduction sector made bold pledges to
prevent reputational issues to reputational reduce their carbon footprint
from becoming a crisis. risk insurance and made commitments to make
Companies need to start by https://bit.ly/3KGgGbW green investments. Under the
having a good understanding of banner of the Glasgow Financial
Enterprise Risk 24
stakeholders are no longer on with the specific group or
Glasgow Financial convinced by empty promises – groups concerned to minimise
Alliance for Net Zero’s companies need to ensure that reputational damage and
COP26 Statement their promises are backed by prevent issues from hitting
https://bit.ly/3AvECKi decisive and authentic action. In the mainstream media.
the context of climate change, Finally, in an ideal scenario,
companies need to understand companies would manage
How has the climate and respond to the priorities reputational issues through
crisis affected banks of their different stakeholder prevention and engagement with
reputationally? groups with regard to this stakeholders, without having to
https://bit.ly/3AAWDXF
issue. They cannot afford the deal with a full-blown reputational
reputational damage linked to crisis. But they should be prepared
Alliance for Net Zero (GFANZ), greenwashing or the financing for the worst-case scenario,
500 global financial service firms of global warming activities. and implementing a crisis
agreed to align £130 trillion communications strategy will
of investments with the Paris Risk management’s role help them better manage crises.
Agreement climate goals. The There is no denying that Companies should learn to act
alliance issued a statement that businesses are operating in an quickly when a crisis emerges and
more than 40 per cent of the unpredictable economic and reach all relevant stakeholders
world’s financial assets would be political environment, where with a carefully constructed
leveraged to achieve a net-zero one minor misstep can derail a message. They should not shy
economy and limit global warming company’s reputation. However, away from acknowledging
to 1.5C above pre-industrial levels. there are three simple measures wrongdoing – in fact, they
Overall, our research shows that risk managers can implement should openly acknowledge their
that partnerships such as to better manage the reputations mistakes. Finally, they should
GFANZ elicit positive sentiment of their organisations. use the time following any crisis
towards the banking sector.
In the months following
COP26, stakeholders have been
closely monitoring whether these Companies should use the time
organisations have stayed true
to their commitments. Overall, following any crisis to make
individual companies have
generated mixed stakeholder
changes across the organisation
sentiment. For instance, Bank of to restore credibility
America polled well following
a keynote speech by its MD
of ESG Advisory at a climate
event hosted by the World Bank Measuring and understanding to make changes across the
and Imperial College. In contrast, your organisation’s reputational organisation to restore credibility.
HSBC scored particularly badly risk is an important first step. As we have already established,
after a senior executive was You cannot successfully manage businesses are increasingly
suspended for making cavalier reputational threats if you do not operating in an unpredictable
comments about climate change, know where the threat is coming corporate environment fuelled by
accusing central bankers of from. With the right tools, data the rise in hyper-transparency,
exaggerating the financial risks. and stakeholder intelligence, you interconnectivity and media
This demonstrates that will have a greater understanding anarchy. In this environment,
of the weaknesses in your they are often facing multiple
company’s reputation. risks and must carefully engage
Imperial and The World Second, it is equally important with stakeholders to protect
Bank aim to unlock
to use this data correctly and their reputations. But like all
investment for just
energy transition address the weak spots in your other risks, reputational risk
https://bit.ly/3wEhx79 corporate reputation. For example, can be managed carefully and
if your employees view you in a businesses may turn threats
negative light, address this head into reputational successes.
HSBC suspends banker on with employees directly. If
over 'nut job' climate investors are concerned about Alberto Lopez Valenzuela is
comments, say reports performance, address these issues CEO of alva, the stakeholder
https://bbc.in/3CF36Ua at the next AGM. It is crucial to intelligence company.
address any weaknesses early
Autumn 2022 25
Navigating
the storm
BY SARAH PEARSON AND STEPH JACKSON
Enterprise Risk 26
Feature PRACTICE
As the UK heads for choppy waters, how can positive and effective
risk management help the charity sector steer a way through?
T
he UK is sailing toward suffer damage in the coming entire British Army and a full
the fabled perfect months, charities are likely Wembley Stadium thrown in.
storm – a whirlwind to be hit harder than most. Inflation and rising interest
of financial bad This matters to the rest of rates will suck money out
news, whipped up by the country, both because of the of pockets, and charitable
COVID-19 and the Russia–Ukraine knock-on effects on the primary contributions have already
war, in an economy still struggling purpose of charity, to help been hit hard. Back in February,
from the 2008 financial crisis. others, and because they make research by the Charities Aid
Above all, it is inflation which an important contribution to Foundation (CAF) found that
is ringing alarm bells. As we write, Britain’s GDP – usually estimated 58 per cent of people (69 per
the official Office for National at around 1 per cent of the cent among 25-34-year-olds)
Statistics Consumer Prices Index whole (though on some metrics were planning to cut back on
inflation rate stands at a 40- the figure is much higher). discretionary spending; in January,
year high of 10.1 per cent (with
consumer confidence at its lowest
since records began). In August,
the governor of the Bank of While every part of the economy
England, Andrew Bailey, forecast
that rate would climb to 13 per will suffer damage in the coming
cent, and raised interest rates to
1.75 per cent, a level not seen since
months, charities are likely to
December 2008, to try to tame it. be hit harder than most
Even so, he said the economy
would slip into recession and
stay there until the end of 2023;
earlier, apologising for sounding The Charity Commission’s only 25 per cent had donated
“apocalyptic”, he had described 2021/2022 annual report notes to charity in the previous four
rising food prices as a “major, that there are more than 169,000 weeks, which is significantly
major worry”. When Bailey uses charities on its register. Further, lower than the usual average for
such words, it is worth listening. there are an estimated 20,000 the month, of 29 per cent. This
Factor in the hazards which additional voluntary organisations meant, said CAF, that “around
may be lurking unseen below which are not included in that two million fewer people [had]
these turbulent waters – who figure – such as churches and donated to charity than usual.”
foresaw COVID-19, or the Ukraine other religious organisations. That in turn could lead
crisis? – and this may be a The National Council for to significant job losses, and,
time of greater risk than we’ve Voluntary Organisations estimates more importantly, a reduction
faced as a country since 1939. that some 827,000 people work for in the good work charities do
But that means it is also a time UK charities; factor in all those – at precisely the time when,
when great risk management voluntary bodies, and that figure paradoxically, it is most needed.
can come into its own. is more than 950,000, or around
3 per cent of the UK’s workforce. Identifying the challenges
Charity in tough times Put another way, this is It is important that we do not
Before we lay out some positive roughly the combined global panic; we have lived through
thoughts, allow us to consider workforces of Tesco (293,960), high inflation and much higher
what all of this means for Sainsburys (111,900), BT (105,300), interest rates before. We also
the voluntary sector. While Vodafone (95,220), Barclays have recent experience of a huge
every part of the economy will (80,800) and BP (72,500), with the shock – COVID – and the way
Autumn 2022 27
As understaffed organisations fight volunteering because of the
cost of fuel for the cars in which
fires on various fronts, training they collect and deliver items.
Like companies, charities
may be rushed, opening up the have staff, and those staff are
possibility of human error likely to be working harder, for
less (in real terms), which could
lead to problems of sickness,
retention and recruitment.
we dealt with that has already generation; as we noted, giving Again, this is happening
made us leaner, fitter and more by members of the public is now. For example, the Bluebell
resilient. And, since virtually under pressure, and the same Wood Children’s Hospice in
everyone is in the same boat, a will almost certainly be true of Sheffield, which has provided
“wartime” sense of us all pulling support from government and specialist care and support to
together may well develop. other sources of significant grant hundreds of children living with
But things still appear funding. Footfall – from charity life-limiting illnesses, and their
undeniably bleak; in that light, shops to mass participation events families, since 2008, announced
what does enterprise risk – may well trend down as people in May that it was suspending
management have to offer? have less disposable income. its clinical services until
First, it can help us to identify The effects of this are already appropriate staff levels could be
the specific threats heading our being felt on the delivery side, assured – a terrible, real-world
way. Charities face many of the too. For instance, the community illustration of a wider problem.
same interconnected issues as investment charity Neighbourly Further, as understaffed
commercial businesses. There said in July that some food organisations fight fires on various
are clear challenges in income bank volunteers were stopping fronts, training may be rushed,
Enterprise Risk 28
It is absolutely imperative that charities start to think
about their digital strategy and ensure adequate
investment in cyber protection and resilience
opening up the possibility of what we will see coming out of the But it is absolutely imperative
human error. And again – as in current crisis is a series of mergers that charities start to think
the commercial realm – charities and federated partnerships that about their digital strategy and
are wrestling with the impact allow us all to maximise our ensure adequate investment in
of digitalisation, and the threats backup house costs,” she said. cyber protection and resilience.
it poses – principally those of Other responses are to review A good starter for ten would
cyberattacks – alongside the and diversify income streams, be to undertake a thorough
undoubted opportunities. finesse grant applications and review of all processes which
work on comms with existing can be carried out online.
Sketching out and potential supporters; a Irrespective of future lockdowns,
a way forward “little and often” approach to good IT can streamline back-
Good enterprise risk management running events might make office functions and offer
– defined by IRM as an integrated sense, to spread the risk of quicker and more personalised
and joined-up approach to major events being cancelled, methods of communicating
managing risk across an or failing to meet expectations. with clients, supporters and the
organisation and its extended Benefact Group is already media, and of raising funds.
networks – is more vital than ever. offering advice on streamlining To sum up, when you’re
Done well, it can support an and improving fundraising: heading into the storm.
organisation to achieve its stated https://benefactgroup.com/ an ongoing enterprise risk
objectives. Along the way, it will fundraising-resources/ management approach enables
create better, more informed People are at the heart of every you to identify and fully
strategic decision-making, greater charity – both as the raison d’ être understand those key issues that
assurance and good governance, and the tool for service delivery. could stop you in your tracks –
increased organisational resilience, and as you scan the horizon for
and enhanced performance Good leadership emerging threats, you need to
and service outcomes. How, then, to maintain the be aware of opportunities, too.
But it must be taken seriously, morale and commitment of a Supporting engagement and
with leadership from board level skilled workforce? We cannot positive action at the top table will
down, allied to a positive risk overstress the importance of good help you to meet the expectations
culture so that the whole ethos leadership: charities must operate of your service users – and keep
permeates normal operations. an open and supportive culture, those stakeholders informed on
And it needs time to do it informing and involving staff the latest risk picture and your
justice – time which can feel in as they undertake this difficult plans. Above all, remember that
short supply during extended journey together. That means we will get through this, and
periods of increasing workloads one-to-one sessions, socialising that there are sunnier days and
and competing demands. where possible, and trying to calmer waters on the other side.
Of course, as with leading maintain a work–life balance.
businesses, forward-thinking A flexible approach that
charities have already embedded empowers staff to make decisions, Sarah Pearson is head
enterprise risk management as well as prioritising education, of enterprise risk
and thus have seen much training and career development, management at Ecclesiastical
of this coming; in respect of will pay long-term benefits and Insurance and a member of the
funding, many are already reduce expensive and destabilising board of directors at IRM. Steph
tightening their belts, managing churn in the workforce. Jackson, CIRM, is an enterprise
and reducing their costs. When it comes to digitalisation, risk management consultant at
One response is to merge. some elements of charitable Ecclesiastical Insurance and co-
In July, speaking at the Charity activity must always be done chair of the IRM Charities Special
Finance Group’s annual hands on – there is no way Interest Group. Ecclesiastical
conference, Stevie Spring, chair of to send food to a hungry Insurance is part of the Benefact
the mental health charity Mind, family via fibreoptics, nor Group, which is owned by the
said that partnership was not a a program which can care charity Benefact Trust.
choice: “I genuinely predict that remotely for a poorly child.
Autumn 2022 29
Work in embedding and
developing proactive risk
management was put on
hold as we moved into
the pandemic response
Enterprise Risk 30
Feature
Image credit: Luke Jones / Unsplash.com
CASE STUDY
On the
front line
BY LETTIE PRINGLE
N
HS Borders introduced This took some time to serious incidents. From this arose
risk management as implement into NHS Borders, the electronic risk management
part of the Clinical but by 2005, NHS Borders had system, which gave NHS Borders
Negligence and moved to an integrated risk real-time data to managers on
Other Risk Indemnity management model, incorporating incidents that had occurred
Scheme (CNORIS) in April 2000. both clinical and nonclinical risks, within their areas. This move
CNORIS is a scheme that all although this was still using a in systems streamlined the
Boards in Scotland buy into to centralised risk management process of managing incidents
cover clinical and nonclinical approach (see The evolution of risk but also allowed more robust
legislative costs that they may management in NHS Borders). monitoring for compliance, and
face by pooling risk together so thus increased the knowledge
it is allocated equally across a Changing approaches of senior leadership of what was
number of years. In layman’s In 2012, Healthcare Improvement happening on the frontline.
terms, it is similar to a traditional Scotland undertook a review of In April 2014, NHS Borders
insurance package for NHS adverse events. The learning from implemented BSI31000 Risk
Boards in Scotland. CNORIS this review moved the focus from Management Standards and
issued standards and regulations proactive risk management to the moved towards an enterprise
through the Scottish government reactive side of risk management, risk management approach, with
which highlighted the need to ensuring that improvements focus on the proactive side of
establish core risk management were made to incident-reporting risk management. To support
processes and systems that were processes and systems with the the move to an enterprise risk
supplemented by organisational expected outcome of improving management approach, the risk
risk control standards. the recording and sharing of register, complaints and claims
Autumn 2022 31
THE EVOLUTION OF RISK MANAGEMENT IN NHS BORDERS
systems were all integrated into Pandemic response clinical roles to support the
the electronic risk management Then COVID hit. Work in increasing demand on services.
system. This allowed, where embedding and developing This register was created with
necessary, following the risk proactive risk management was the knowledge and agreement
management journey through put on hold as we moved into that it was a short-term register
from risk to claim. Using the pandemic response and that would be amalgamated
BSI31000 standards also gave us a into a crisis risk management back into the operational risk
framework to follow, specifically approach. Ensuring flexibility in register within the year. Flexing
for risk management, and our risk approach during this time our risk management processes
allowed us to build together a was vital to ensure risks were and systems to meet the needs of
more robust and visual way of captured. Risk management went an organisation in crisis allowed
explaining to the organisation from a support service to a vital risk not to be hidden behind
what risk management was and service in providing information clinical priorities and became
a useful tool in making the
quick decisions required during
the height of the pandemic.
Risk management had all of a sudden Now in 2022, NHS Borders
is moving into the recovery
become a service in demand, both phase. Maintaining the level of
operationally and strategically importance and visibility risk
management was given during
the initial crisis in supporting
the recovery of clinical boards
its benefits to NHS Borders. At to the senior leadership team in is a key part of our lessons
this point, NHS Borders was at its what was happening on the front learnt during this time, as well
infancy stages of risk maturity. line to support in decision-making. as during future planning.
In 2018, the concept of Risk management had all of The way in which NHS Borders
organisational risk appetite a sudden become a service in delivers risk management has
was introduced, using a very demand, both operationally and had to change from a stand-
straightforward iteration to strategically. To support this alone profession to a service
ensure no one was left behind demand, a COVID-19 risk register whose aim is to support clinical
when implementing this and to was created consisting of the bare boards and support services to
plant a seed of this concept into bones of a risk register, stating undertake their risk management
the minds of our risk owners. In what the risk was, the level of risk responsibilities, which has in
2019, this was expanded to allow and the actions being taken to turn improved engagement. This
more flexibility and autonomy, mitigate or reduce the risk. It was does not mean being subservient
allowing risk owners to decide a quick way to capture the risks to but requires the mindset of a
if high or very high risks were an organisation under increasing specialist who trains and advises
out with risk appetite based on pressure and time constraints these areas on how to implement
a group of risk statements. as risk owners were pulled into risk management effectively,
Enterprise Risk 32
taking into account that our risk
owners did not go into the risk NHS BORDERS
N
profession but the care profession.
Autumn 2022 33
Risk management is being built into the normal running of NHS
Borders through the strategic planning process, and operationally
into complex decisions such as clinical prioritisation
with external agencies. There is towards development and through the strategic planning
an opportunity going forward implementation of delivery plans process, and operationally into
for joined-up working to to reach the required targets. complex decisions such as
improve the overall system and clinical prioritisation; this is
continue to provide safe, person- Opportunities where extremely hard decisions
centred and effective care to The fact that these risks have are made about which services
all patients. The introduction been identified, assessed, to stand down in the most
of a Scottish government bill to recorded and are being actioned pressurised moments, be that
create a National Care Service is testament to the proactive from COVID waves impacting
aims to alleviate some of these risk management approach the our services, or as part of our
problems by 2026, and this will organisation is taking towards full-capacity protocol where the
require co-design by multiple tackling very complex risks demand for our services has
agencies to ensure its success. head on. Engagement of the outstripped the supply available.
As we emerge from the Board Executive Team has been Risk management is becoming
pandemic, the financial outlook vital to ensure a top-down more integrated with the day-
remains challenging. NHS Borders approach is followed and the to-day workings of NHS Borders,
has a significant risk of being right priorities are set to manage and although this is just the start
unable to meet its statutory our most significant strategic of new ways of working post-
financial targets, including the risks. Ensuring the highest levels pandemic, where risk management
delivery of a balanced financial of the organisation understand is not seen as a separate entity
position over a three-year risk management and how this but part of everyday working.
planning cycle. Through the NHS supports their decision-making
Borders Financial Improvement has allowed us to develop a
Lettie Pringle, IRMCert,
Plan, the organisation aims to risk-based approach to this. Risk
is risk manager at
increase the level of opportunities management is being built into the
NHS Borders.
identified and to drive progress normal running of NHS Borders
Enterprise Risk 34
ADVERT
Directory SERVICES
1RS provide cutting edge 1RS ERIC (Risk & Andrew Firth
Compliance), 1RS CASS and 1RS SMCR solutions,
which have been designed and built by Risk and +44 (0) 20 7175 6177
Compliance professionals with over 25 years of
experience. Our solutions are supported by experts, hello@1rs.io
and we continually update the products to reflect best practice and changes in
regulatory expectations. We are trusted by banks, vehicle finance, wealth 1rs.io
management, investment banking and management, brokers, and more throughout
38 Borough High Street
the United Kingdom and Europe. For more information, visit https://1rs.io
London
SE1 2AL
Enterprise Risk 36
Directory SERVICES
Since 2014, Origami Risk is the only company that has been Neil Scotcher
consistently recognised for delivering client success, innovation,
and stability, while bringing new ideas and advanced features to +44 (0) 16179 17740
the RMIS market. Origami Risk’s innovative software is designed
with the latest technology and a focus on performance and nscotcher@origamirisk.com
ease-of-use, providing integrated solutions to the entire
insurance value chain, serving Risk Managers, Brokers, TPAs and www.origamirisk.com
Carriers. It features powerful workflow, advanced reporting and analysis tools, and
30 Moorgate
intuitive features to improve productivity and better manage total cost of risk—
London
saving our clients time and money and enabling them to be more successful. Learn
more at www.origamirisk.com EC2R 6PJ
Autumn 2022 37
Toffler OPINION
Plasma bomb
Since organisations and societies depend on electricity for their digital
operations and everyday existence, it is time to take solar flares seriously
Enterprise Risk 38
ADVERT
ADVERT