Liz Taylor on Practical Enterprise Risk Management
6th November 2014 | Liz Taylor
Risk expert Liz Taylor explains how tools for managed risk-taking can aid decision-making and provide clarity in the midst of complex issues.
Why did you write this book?
There were many reasons for writing the book, mainly my own professional jealousy over those who had written such wonderful books on Risk Management, but also because I’ve got a slightly different take; I been bored silly by some books where there’s too much jargon and frustrated as hell by others that are too narrowly focused. I felt that there needed to be an easy to read, broad-ranging book on Enterprise Risk Management.
Why did you take this angle of managed risk taking?
Risk is about threat AND opportunity, and yet too many books concentrate on the threat side and not the opportunity side. I think it comes down to one’s own understanding of what a risk is – in Arabic, for example, risk does mean threat – the two are synonymous. But in modern risk management, the movement is about “uncertainty”. Where in the word “uncertainty” does that tell you it’s only about negative things?
Even the ISO standard 31000 concentrates on the negative and is very focused on operational risk management. There needed to be a book that explained ways to maximise opportunities using risk management techniques as well as how to minimise threats. The book also speaks in the language of the senior management and board where managed risk taking takes place.
What can un-managed risk taking lead to?
Often people think risk is managed when it is not and nasty surprises then are more frequent and more severe. An outsourced service that fails, a break in the supply chain, a failure of a debtor…all can lead from un-managed risks.
How is this book different from all the other risk management books on the market?
Too many risk management books are full of jargon and are too narrowly focused, some on financial risk management, some on operational risk, and others on health and safety risk. And they almost all concentrate on the negative side of risk – threat. Few of these books speak the language of the boardroom or would appeal to senior management.
This book raises the game of risk management to that of enabling senior management and board members to use simple elegant risk management tools themselves.
Where do you think risk managers might be going wrong?
Risk managers are focused on the role that they carve for themselves in the organisation – sometimes this is about technology risk, other times it’s about financial risk; rare is the risk manager who encompasses all aspects of risk and can rise above the particular to address the true threats and opportunities facing the organisation. Too many risk managers fail to recognise the needs of senior management in terms of the skills needed by senior management in making strategic decisions, they fail to communicate or indeed recognise the real threats and opportunities to the organisation and they try to justify themselves by inundating the board with data which brings no value in aiding strategic decision making.
Your chapter on risk appetite brings in this notion of capacity – why doesn’t that appear in other texts?
Many of the texts speak about tolerance limits as part of risk appetite, but when you really analyse what’s driving the decisions being made at the top of the organisation it’s much more about the capacity to absorb good things and bad things and that then should drive the tolerance limits further down in the organisation. For example, when launching a new product, the decision making is about the physical ability to respond to the demand as much as whether the demand is there. That first aspect is about capacity. A lot of threats arise because there is not a really good thought process about various aspects of capacity of the organisation.
You imply in the book that senior management and boards seem to think that risk management is something that others have to do. Why is that?
Some of the risk management tools that I outline in the book are very simple to comprehend and incredibly powerful for enabling clear thinking about complex matters. Senior management and directors are human beings who struggle as much as the rest of us to understand complexity. Risk management tools provide clarity over complexity and where there is clarity, better decisions can be made.
Why did you include the question and answer session at the end of each chapter?
Initially there was a view that there should be a summary of the key learning points at the end of each chapter, but I get turned off by this as it makes me think I’m reading some text book designed to get me through an exam, rather than something that’s going to make a difference in my life. So I put it in as questions, and one of my reviewers suggested that I should include the model answers.
Practical Enterprise Risk Management is available now from www.koganpage.com.
Liz Taylor is a highly-regarded practitioner in enterprise risk management industries, with 35 years’ experience. She was formerly Chief Executive of ALARM (the National Forum for Risk Management in the Public Sector), Senior Vice President for Marsh Europe and a former Europe-ride Risk Manager of the Year. Currently running her own training and consulting company, she is a Fellow of the Institute of Risk Management as well as the Business Continuity Institute.