The good folks at Riskviews got me thinking about my least read posts. I’ve been doing this for a few years and understand that no one wants to scroll through over 300 blog entries to find some gems from 2006. So here are a few items you may have missed that might be worth your time.

A Common Sense Approach to ERM

In a sentence, The Riskczar says the common sense approach to describing the process of risk management like this: First you identify your risks, you figure out which ones are the most important, next you decide how to address and then you do something about it and tell everyone how you are doing from time to time.

Simple.

Fantasy football pool risk management

Risk Management Monitor addresses the concern about employees spending hours of company time researching and updating their fantasy football picks. Some argue that it’s disruptive – having fired employees or blocked access to certain websites from the company network – while others suggest it boosts morale.

Riskczar believes that fantasy football is merely another workplace distraction. If people were not spending their workday on sports betting, they might be wasting time on Facebook or Twitter. And in places where those sites are banned, your employees may be reading the online version of the Wall Street Journal, shopping on Amazon or searching for a new job on Monster. If we transport ourselves back to 1990 before the Internets, people used to hang out by the water cooler talking about football or the latest episodes Cheers and the Cosby Show. Unengaged employees have always found a way to slack off. Technology didn’t create that.

And what goes for the workplace often goes for the classroom. When I returned to school in 2001, only a couple of people had wireless Internet access from their laptops. One professor was upset that the surfing was going on and wanted to turn off the connection. Here’s my take: before wifi, people brought laptops to class and played Solitaire and before that people passed notes around or doodled on their hands. Today they probably play on their iPhones or BlackBerry devices. Unengaged students will always find a way to pass the time. Technology didn’t create that.

But in the end does it really matter what your employees are doing with their time so long as all of their work is getting done on time?

The CRO cannot be expected to do what only the CEO can do

Here’s an excellent op-ed piece in US Banker about the role of the chief risk officer and the CEO. This may be the best thing I’ve read in months.

Setting the tone for this article is Warren Buffet who recently wrote in the BRK shareholder’s letter: “I believe that a CEO must not delegate risk control. It’s simply too important. … If Berkshire ever gets in trouble, it will be my fault. It will not be because of misjudgments made by a risk committee or chief risk officer.”

The author writes:
1)  CEO is directly responsible for thoroughly understanding and signing off on all significant risks embedded in the bank’s business strategy
2)  CEO is directly responsible for protecting the bank’s franchise against excessive or inappropriate risks that could derail the business strategy or damage the bank’s reputation and access to capital.
3)  CEO is directly responsible for creating a strong risk culture across the entire bank

Read this article then read it again. Print it out and nail it to the front door of your bank too.

What can Grover teach us about risk management?

In a book called Project Manager’s Spotlight on Risk Management by Kim Heldman, the author references The Monster at the End of This Book by Jon Stone and Michael Smollin to demonstrate the importance of having a risk response plan for dealing with monsters and threats in projects.

I took this allegory a step further and actually read this book to a room full of adults during my presentations on risk management basics.

In the book, Grover is concerned with the monster he is going to find at the end of this book. To mitigate this threat, Grover spends thousands of dollars on costly building supplies to prevent us from turning pages, so that we do not get to the end of the book.

As a risk management professional, I appreciate Grover’s proactive risk management approach, but unfortunately, our blue, furry little friend overreacts to the threat.

If he had only performed a proper risk assessment, rather than basing it on anecdotal evidence – he learns about the monster by reading the title page only – Grover may have realized that the monster did not have the catastrophic impact he expected it to have. It turns out the risk was not even material.

With more due diligence, Grover may have chosen a different risk treatment: he could have accepted the risk by doing nothing or transferred it to someone more naïve like Elmo.

This book is a great primer on risk management and one that your three-year old might also enjoy.

Risk Nason, one of the members of Riskczar’s Secret League of Extraordinary Risk Gentlemen, asks his readers if they could snap their fingers and switch places with anyone in the world, who would it be. Similarly, he asks if you could switch places with anyone’s risk department, whose would it be? Can you name the organization?

While it’s hard to be specific, I’d be looking for an organization with a corporate culture that would be accepting of the sort of change management efforts that would be required if one was going to embed risk management as a systematic capability. This is to say, I would probably not go into an organization and try to build a risk management program if I reported to anyone other than the CEO or CRO; I would probably not want to lead risk management if it reported up through the CFO (especially if the individual is an accounting professional with an auditor’s view of what-is-risk-management). It is not fair to paint all accountants that way, as there are always exceptions but for the most part, CA/CPAs have a view of risk management (i.e., risk and control self-assessment, internal auditing) that doesn’t jive with mine.

What about you? How would you answer Rick’s question?

Here’s an excellent op-ed piece in US Banker about the role of the chief risk officer and the CEO. This may be the best thing I’ve read in months.

Setting the tone for this article is Warren Buffet who recently wrote in the BRK shareholder’s letter:  “I believe that a CEO must not delegate risk control. It’s simply too important. … If Berkshire ever gets in trouble, it will be my fault. It will not be because of misjudgments made by a risk committee or chief risk officer.”

The author writes:

1) CEO is directly responsible for thoroughly understanding and signing off on all significant risks embedded in the bank’s business strategy

2) CEO is directly responsible for protecting the bank’s franchise against excessive or inappropriate risks that could derail the business strategy or damage the bank’s reputation and access to capital.

3) CEO is directly responsible for creating a strong risk culture across the entire bank

Read this article then read it again.  Print it out and nail it to the front door of your bank too.

The following post is a summary of an article written by Beaumont Vance in Risk Management Reports (February 2008) where he drew comparisons between the role of the Left Tackle (described in Michael Lewis’s book The Blind Side) and the future of risk professionals. All portions from Vance’s article are in italics.

Vance writes:

Up until the 1970′s, the men who protected the quarterback (called linemen) were considered to be of little importance. Since they never handled the ball and never scored any points, they were paid very little. The general thinking back then was that one needed only find a very large strong man to pound the daylights out of anyone approaching the quarterback and that such men while not exactly common, were not rare enough to merit a high salary.

Now think of the football team in corporate terms. You had the quarterback who was like a CEO calling the plays. You had people who carried the ball who could actually score; they were like sales people. Then you had the big lugs who pushed people around the field; they were like operational people. The Scoring personnel were white-collar professionals and the linemen were the blue-collar line workers.

Anyone working in risk management knows that people who produce income, such as salespeople, get an inordinate share of the rewards and glory. This is true in football as well.  The guy who scores the points is the star and gets paid the big bucks. Never mind that he could never succeed without a small army of support people. To the producers goes the spoils. The people doing the manual labor are overlooked.

From a business perspective, the loss of a quarterback is a catastrophic financial loss. And like these corporate catastrophes, the loss of the quarterback was the result of a new type of threat that had never before been seriously considered.

 

Things all changed on November 18, 1995 when NY Giants linebacker Lawrence Talyor ended the career of Washington Redskins’ quarterback Joe Theismann by snapping his leg while breaking his tibia and fibula. The lineman (Left Tackle), charged with protecting the quarterback from Taylor, was out with an injury. The back up did not do a very good job protecting his quarterback.

After this infamous football game, those who managed the staffing and strategy of professional football may well have come to the conclusion that protecting the quarterback was necessary (obvious in retrospect, but then so is every game-changing catastrophe.) More to the point of this article, they decided that those players protecting the team’s chief asset were very important indeed. They took a new look at the large men in charge of protecting the quarterback. These players were talented, to be sure; however, they were paid very little money and were treated as third class citizens. That all changed.

 

The corporate management of professional football began to look for the very best talent to protect its on-field CEO’s. They soon discovered that very large, very strong, very fast men were not abundant. Soon, they were paying these behemoths salaries in excess of the quarterback’s. In fact, one lineman had a clause in his contract specifically guaranteeing that he would always be paid more than the quarterback.

 

Vance goes on to explain that he believe the time will come when the chief risk officers will be paid more than the CEOs and like football, once the quarterback is well protected then the rest of the team can concentrate on executing their plans.

We can only hope this is true.