The good folks at Riskviews got me thinking about my least read posts. I’ve been doing this for a few years and understand that no one wants to scroll through over 300 blog entries to find some gems from 2006. So here are a few items you may have missed that might be worth your time.

A Common Sense Approach to ERM

In a sentence, The Riskczar says the common sense approach to describing the process of risk management like this: First you identify your risks, you figure out which ones are the most important, next you decide how to address and then you do something about it and tell everyone how you are doing from time to time.

Simple.

Fantasy football pool risk management

Risk Management Monitor addresses the concern about employees spending hours of company time researching and updating their fantasy football picks. Some argue that it’s disruptive – having fired employees or blocked access to certain websites from the company network – while others suggest it boosts morale.

Riskczar believes that fantasy football is merely another workplace distraction. If people were not spending their workday on sports betting, they might be wasting time on Facebook or Twitter. And in places where those sites are banned, your employees may be reading the online version of the Wall Street Journal, shopping on Amazon or searching for a new job on Monster. If we transport ourselves back to 1990 before the Internets, people used to hang out by the water cooler talking about football or the latest episodes Cheers and the Cosby Show. Unengaged employees have always found a way to slack off. Technology didn’t create that.

And what goes for the workplace often goes for the classroom. When I returned to school in 2001, only a couple of people had wireless Internet access from their laptops. One professor was upset that the surfing was going on and wanted to turn off the connection. Here’s my take: before wifi, people brought laptops to class and played Solitaire and before that people passed notes around or doodled on their hands. Today they probably play on their iPhones or BlackBerry devices. Unengaged students will always find a way to pass the time. Technology didn’t create that.

But in the end does it really matter what your employees are doing with their time so long as all of their work is getting done on time?

The CRO cannot be expected to do what only the CEO can do

Here’s an excellent op-ed piece in US Banker about the role of the chief risk officer and the CEO. This may be the best thing I’ve read in months.

Setting the tone for this article is Warren Buffet who recently wrote in the BRK shareholder’s letter: “I believe that a CEO must not delegate risk control. It’s simply too important. … If Berkshire ever gets in trouble, it will be my fault. It will not be because of misjudgments made by a risk committee or chief risk officer.”

The author writes:
1)  CEO is directly responsible for thoroughly understanding and signing off on all significant risks embedded in the bank’s business strategy
2)  CEO is directly responsible for protecting the bank’s franchise against excessive or inappropriate risks that could derail the business strategy or damage the bank’s reputation and access to capital.
3)  CEO is directly responsible for creating a strong risk culture across the entire bank

Read this article then read it again. Print it out and nail it to the front door of your bank too.

What can Grover teach us about risk management?

In a book called Project Manager’s Spotlight on Risk Management by Kim Heldman, the author references The Monster at the End of This Book by Jon Stone and Michael Smollin to demonstrate the importance of having a risk response plan for dealing with monsters and threats in projects.

I took this allegory a step further and actually read this book to a room full of adults during my presentations on risk management basics.

In the book, Grover is concerned with the monster he is going to find at the end of this book. To mitigate this threat, Grover spends thousands of dollars on costly building supplies to prevent us from turning pages, so that we do not get to the end of the book.

As a risk management professional, I appreciate Grover’s proactive risk management approach, but unfortunately, our blue, furry little friend overreacts to the threat.

If he had only performed a proper risk assessment, rather than basing it on anecdotal evidence – he learns about the monster by reading the title page only – Grover may have realized that the monster did not have the catastrophic impact he expected it to have. It turns out the risk was not even material.

With more due diligence, Grover may have chosen a different risk treatment: he could have accepted the risk by doing nothing or transferred it to someone more naïve like Elmo.

This book is a great primer on risk management and one that your three-year old might also enjoy.

So what happens when you are part of an office lotto pool and win? And what happens when some folks don’t participate the one week the group buys the $50 million ticket?

This is just what’s going on in a Toronto office where additional people are claiming an interest in the prize so the Ontario Lottery and Gaming Corp (OLG) is delaying the prize payout until they complete their investigation.

How do you mitigate your Lotto Risk? Tony Bitoni of OLG offers this advice to those who manage office lotto pools:

  • Appoint a Group Leader
  • Keep photocopies of purchased tickets.
  • Keep a list of participant names with signatures, phone numbers and the amount paid.
  • Send a weekly email to all members with the jackpot amount, draw date, cost per play and cut-off time for payment.

Your national/local lotto or gaming commission likely has similar rules on their websites so read them and protect your winnings.

I am part of just such a group in my office and recognize there are two risks:
1) I can never leave the group because if I do, and the group wins, I will be disgruntled. For $2 a week, it’s not worth the risk of “winning”.
2) As a manager and risk professional, I am often worried about retention risk if the group strikes it rich and everyone in operations or accounting quits. While not everyone will likely follow this path, it is still a concern.