I've read a risk management blog today and are very impressed with the technical article, which covers various aspects of solvency and insurance industry valuation. As I read, my mind analyzed information about various laws, sections, cases, and so on. Concerned. After I finished reading, I took a breath and thought … "Did I actually feel that I was thinking of different books to understand the article and actually understand the regular business?" This was condemned in an overwhelming thesis – "I do the same to show my knowledge, I mention the stage of the various acts and the case law laws that ruined businessmen ". Well, in my defense, I say it is more satisfaction and success.
Somewhere I feel that risk managers (the so-called RM) consume their cake and food. The primary responsibility for managing risks is the business team. The role of RM is a support function that supports business. Business leaders will not get the information, knowledge and tools needed to proactively manage their risks. Let me explain why I make this statement.
In their auditing role, they focus on what has happened in the past and not on business leaders to deal with the future. This is a feedback rather than the operation of the feed-forward system. Another aspect is that they issue guidelines and policies in their advisory role without fully engaging business people.
Scenario 1 : Let me make a scenario about implementing information security policies. RM discusses the general requirements for business executives, prepares policy, receives feedback, and then issues the final policy. Then they tell business users to do it. As implementation is not possible in many areas, business users are given exceptions. In a nutshell, only 75% of the policy is implemented.
In both roles, the involvement of a business team is minimal at the beginning of the project. They are expected to implement the recommendations.
In the light of the above-mentioned shortcomings, I wanted to explore the concept of collective intelligence and its applicability to risk management functions.
As a first step, understand the nature of information and intelligence that risk managers need to demand for their work: 1) Organizational Intelligence – Information on Processes, Structure, Culture and Technology. These business executives usually get an overview of interviews and standard operating procedures.
2) Trade Intelligence – Information about the external environment – Customers, Suppliers and Competitors. This information can be obtained from interviews on business executives, customers, and suppliers. Other sources include different media and research reports.
3) Technical Intelligence – Information on the various laws, practices, methodologies and tools applicable to risk management. RMs are aware of how risk management should be carried out in the proper use of information.
As you can see, business leaders have more information and knowledge about two of the three intelligence capabilities required for risk management. In a co-operative approach, risk managers should be able to effectively share their professional skills with business leaders.
The question is how can this collaboration model work? Let me repeat the example of preparing information security policies.
Scenario 2: In this scenario, RM sets out the objectives of the preparation and implementation of information security policies, as well as the intranet's table of contents and broad outlines. It is now open to employees to contribute to and decide how to develop and implement them. Employees note what applies, how the process works, what bottlenecks and challenges are, how to do it, and how to do it. RM identifies the most important contributors and meets with them by interviewing them. Based on internet interactions and discussions, RM prepares a draft policy document and uploads it to the intranet. Again, employees are asked to review the same and give feedback. After the feedback has been added, the risk manager continues to approve senior executives.
In this approach, RM buys the acquisition of employees before the policy is finalized. Here, implementation will be easier, as employees feel the collective responsibility and responsibility. This allows the adoption of information security policies as part of the organizational culture.
For an overview of the approach, let us add the example that I have read in the "Collective Intelligence – a Peaceful Happiness World" that Yaachai Benkler pre-phrased and remixed by Hassam Masum. I have modified the "Three story-telling" example of risk management.
Three Threats to Risk Management Adaptation
Prepare three companies for risk management: red, blue, and green. Each society has special procedures for conducting and discussing risk management activities.
Red : In the red society we follow a hierarchical top-down approach. The risk management class may represent all risk issues / observations for CXO. Business Operations Manager needs to find the right RMs to discuss their issues. The business process member must direct the risk question / query to the relative risk manager through the business manager.
Top Management issues guidelines, guidelines, and reports to the business team. The members of the business group listen only to top management and enforcement issues. In this case, employees' understanding of risk issues is generally controlled by top management. Employee perceptions and knowledge are based on information provided to the elderly.
Blue : In the blue society, the hierarchical top-down approach again follows but with a slight difference. Here, the Business Operations Manager can bring the risk problems directly to CXO. The risk management unit and the business manager then work together to solve the problem. In this case, the team of agents of the management team will appear to solve the risk problem.
In this scenario, business operations team members hear the risks that are reported by top executives, RMs and their chosen agents. Employee perception, knowledge, and risk awareness are governed by this group of people. Despite the fact that the information is not directed at the top of Red's top-down approach, the main players in the management team are checking.
Green : The approach to risk management in green society is collective intelligence. The members of the business team can raise all their concerns, suggestions and problems regarding the intranet risk management. Members of the other teams, including risk people, are discussing the intranet and the meetings in the same way to suggest a solution to the problem and reduce the risk.
In this scenario, members of business operations will discuss the issues that apply to them. There are no supervisors from the top leaders in the topic supervisor and are not licensed. Information on risk management is channeled through multiple channel members, business executives, RMs and CXOs. Employee information is intense and well-informed about the subject. Detection and awareness comes from multiple sources.
A problem of approach to collective intelligence may be that employees have extensive information and on what basis they decide on the relevance and applicability of information. How does the risk management function work? The additional diagram presents the steps for using collective intelligence in risk management activities.
The most important benefits of this approach are as follows:
1) The risk management department is generally faced with the challenge that the business group applies risk management practices. There are enough people to guide the process, but a significantly higher number of implementers needs to know the problem. To this end, focused efforts are needed to increase awareness and training. Training and implementation costs are then quite high. With the collective intelligence approach, the mass of people is already aware of and aware of the issue. Here the cost and time of execution are lower.
2) Whistle blow is the only option that allows workers to take a critical question into light. It has a lot of negative effects on the employee, the management and the organization. With open communication, workers will be able to discuss the smallest issue of corruption, illegal and unethical behavior without any insecurity. The risk of exposure also prevents employees from indulging in such practices.
3) Another aspect is that this approach fulfills the workers' psychological needs. The approach ensures the ownership of the business operation group and this motivates them to implement risk solutions. RM is adopting a forward-looking system by guiding the business operation team to act in the future. Rather than criticizing the perpetrators of the past.
4) This approach encourages innovation and new ideas. Employees are encouraged to conduct their own research and return to feedback. They do not talk about what they should research. The diversity of thinking works efficiently in providing better solutions.
5) Last but not least, the feeling of cooperation and cooperation exists between all classes. It breaks down the walls that the leaders build in the silos.
Do you think this approach is worth adopting the risk management function? At present, most organizations accept the Red and Blue Society for risk management. Do you think you are preventing the application of collective intelligence to the risk management of green society?
Another point that should not be forgotten is the unconscious agenda when I began to explore this concept. Significantly reduces RM's work and responsibilities. They can be cool.
Source by sbobet