Home > Audit, Compliance, COSO, Governance, GRC, ISO, Risk > Risk Management Challenge – The Answer

Risk Management Challenge – The Answer

The Question

In a recent blog, I said I had asked one of the leaders of a CPA firms’ ERM consulting practice this question:

“Maybe you can help me understand how you would ensure that an HR manager makes the ‘right’ decision when deciding whether to hire a recruitment officer to support a new service center in Bangkok (opening in 6 months) now or in 3-4 months; support recruitment for the service center from the office in Singapore; hire one with experience only in Thailand or with broader experience across SE Asia; hire a single female in her late 20s or a married male in his late 50s; pay more than the individual being replaced (and go over budget) or hire a less experienced individual at a lower cost; include one or more business managers in the recruitment process; probe deeply or in a standard fashion into his/her references and background, which might delay hiring; and whether to hire an individual that is looking to advance to a director’s position within 2-3 years.”

As Arnold Schanfield predicted, the individual did not provide an answer to the question – although he agreed with the premise in the blog post.

In that earlier blog, I asked:

“…what are the organizational objectives here? Which are “at risk” and how can the HR manager (a) know what they are, (b) understand the potential effect of his choice on their achievement, and (c) know which decision means taking the desired level of risk?”

I shared another situation:

“Another example, which I use a lot, is the procurement manager who has to decide how she will source critical components (i.e., components critical to the manufacture of one of its primary products). Does she select the lowest cost provider who may not have the best reputation for quality, responsiveness, or on-time delivery? Or is it better to allocate the supply among the top three vendors? Or is it better to select one vendor and negotiate a long-term contract with opportunities for shared profit and innovation? Or should the procurement manager suggest to her director that the company consider building (or buying) its own facility for manufacturing these components?”

I asked “Which is the right risk to take? How can she know?”

A number of people provided their thoughts – and I thank them for sharing.

The Answer

I believe the answer can be obtained using risk management principles (using the guidance of your choice – mine is ISO 31000). You can also consider, as I do, that these are principles for effective management and decision-making. Here is my thought process:

  1. The owner of an objective is also the owner of any risks to those objectives
  2. Where the owner of a risk is not responsible for all the actions and activities that affect the risk, he needs to communicate his needs to all whose actions he is dependent upon. In other words, he needs to make sure they know how their actions will affect him
  3. But that responsibility is not one-way. Managers should take responsibility for the effects their actions will have on others
  4. In the first example, every organization whose objectives are dependent on the new service center should ensure that their needs and expectations are known and understood by the managers of the new service center
  5. The manager of the service center needs to know how any failure to meet those needs and expectations will affect the business
  6. The manager of the service center needs to work with HR and ensure they not only understand that he wants to hire for the new operation but how critical that need is to the business. For each position, he needs to agree on requirements such as timing, experience, location, and so on
  7. The HR manager must go beyond any paperwork (e.g., staffing requisition) to ensure he understands all expectations, including  the risk to the business should there be either delays or compromises in hiring
  8. The HR manager also needs to understand any legal, company policy (such as not discriminating based on gender, age, or race), or other requirement when deciding how, when, and where to hire the recruitment officer
  9. The HR manager should consult with other business managers, including the manager of the service center, before making any decision that could impact his service to them
  10. The manager of the service center should monitor progress in hiring the recruitment officer as a delay represents a risk to his and his customers’ objectives
  11. Any manager should be able to ask for assistance from the risk manager, such as facilitating a workshop to discuss the situation and agree on actions
  12. Each player should communicate any changes in the situation
  13. In the second example, the managers whose objectives are impacted by the procurement decision should ensure that the procurement manager fully understands their priorities (such as quality vs. cost vs. reliability, etc.)
  14. The procurement manager similarly needs to take responsibility for knowing his customers’ (within the business) priorities
  15. Where appropriate, in the opinion of the procurement manager or the managers of manufacturing or finance (for example), the decision should be made collaboratively
  16. The risk manager may be of value by facilitating a discussion

The bottom line is that in neither case should the decision-maker base their decision on their own objectives. They need to understand and consider the objectives of those affected by their decision.

Similarly, everyone whose objectives are “at risk” to decisions and actions made by another should seek out those others and work to ensure their and the organization’s objectives are known and considered.

Where possible, decisions should be made collaboratively with all those potentially affected.

Do you agree?

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: