John Fraser talks sense about risk management
John Fraser is a highly-respected Canadian risk and audit practitioner. He introduced and then for 13 years led the risk management program at Hydro One. John shares his wisdom on effective risk management with both common sense and humor. I like his book on ERM, which you can find on Amazon.
In a new piece, John uses the scenario of a board chairman addressing the board to explain enterprise risk management. It is an easy read, useful for directors, executives, and practitioners.
I particularly like and agree with these comments:
- [The Chief Risk Officer (CRO)] will report directly to the chief executive ofﬁcer (CEO) and will champion and coordinate our approach to ERM. Accountabilities for managing risks will remain with line managers as before. The CRO role will provide ways to help us view risks from across our company and to better allocate our resources. The CRO will be a support function helping the management team with reporting to the board, and in coordinating risk activities across the organization
- [Risk criteria] will help decision makers across the company understand how much risk is tolerable, what is intolerable and where further action is required. These criteria (often referred to as risk appetite, risk attitude or risk tolerance by some) will be updated by management and reviewed by the board at least annually
- ERM will also involve better and more explicit integration of risk considerations into the strategy development, business planning and execution processes. Everything we do as a company should be done to treat and optimize the risks and uncertainties to achieving our long-term strategic plan
- We expect that the use of ERM will make everyone’s job easier by leading to greater transparency and foresight into how we manage risks across the organization and this in turn will lead to us achieving our goals with even greater success in the future
John is a big believer in risk workshops, which he used at all levels of the organization including with the board. I agree that they are essential and very valuable, but also believe that some decisions need to be made at speed – when there is little time to convene a workshop. My philosophy is that risk workshops should supplement but not replace a management that is trained and equipped to manage risk as part of everyday decision-making.
One interesting aspect of the risk management program at Hydro One was the edict by the CEO that capital would be allocated based on risk prioritization. Every request for capital had to identify the risk(s) being addressed. This worked well for them in their environment. I am not sure it would work as well in other business environments, but it remains a though-provoking idea well worth careful consideration.
I welcome your consideration of John’s piece and my comments.