Enterprise Risk Management | Thomas H. Stanton | TEDxJHUDC
Summary
TLDRThis speech addresses the importance of Enterprise Risk Management (ERM) in navigating complex organizational environments. It highlights how poor information flow and failure to recognize major risks can lead to disasters, citing examples like the BP oil spill and the GM ignition switch issue. The speaker emphasizes the need for top-down support in ERM to foster a culture that identifies and mitigates significant risks early, allowing organizations to operate effectively and avoid crises. The analogy of a car with brakes to illustrate the necessity of risk management in enabling progress is a key takeaway.
Takeaways
- 🌐 Complex world leads to unforeseen risks that can severely impact organizations.
- 🛑 Examples of risk surprises include the BP Gulf oil spill, GM ignition switch issue, and Takata airbags, which resulted in CEO firings and business failures.
- 🏥 Government organizations like the Veterans Administration and IRS also face risk management challenges, leading to dismissals and policy changes.
- 🔮 The common issue is a disconnect between top management's perception of success and the actual problems faced at lower levels of the organization.
- 🗣️ Effective communication of information from all levels is crucial for a company's success, as demonstrated by JP Morgan Chase and Goldman Sachs during the financial crisis.
- 🚫 Enterprise Risk Management (ERM) is essential to identify and address major risks that could hinder an organization's mission.
- 📋 ERM involves asking what the significant risks are and focusing on them rather than getting lost in minor details.
- 🔑 Support from top management is vital for the success of ERM, as it helps to foster a culture of open communication about risks.
- 🤝 Overcoming the 'no risks' mentality and encouraging departments to share their vulnerabilities is key to proactive risk management.
- 🛑 Early identification and addressing of risks can prevent small issues from escalating into major problems.
- 🚗 The purpose of ERM is not to create bureaucracy but to facilitate discussions on priorities and manage risks effectively for better organizational performance.
Q & A
What is the primary concern discussed in the script?
-The primary concern is the complexity of modern organizations and how emerging risks can lead to significant disasters if not properly managed.
Can you give examples of major disasters mentioned that were caused by organizational complexities?
-Examples include the BP Gulf oil spill, the GM ignition switch problem, and the Takata airbags issue.
What is a common response to these disasters in both private and public sectors?
-A common response is firing top executives and other personnel, and sometimes making legislative changes to address the issues.
What issue was highlighted within the Veterans Administration (VA) hospitals?
-The issue highlighted was long wait times for veterans, which were hidden due to pressure from the head of the VA to report that all were being dealt with within two weeks.
How does the script describe the flow of information in successful companies during the financial crisis?
-In successful companies, there was a strong flow of information from the bottom to the top and across silos, allowing them to respond quickly to emerging risks.
What role does Enterprise Risk Management (ERM) play according to the script?
-ERM helps organizations identify and manage major risks that could prevent them from achieving their mission, emphasizing the importance of addressing significant risks early.
How did JP Morgan Chase and Goldman Sachs handle the mortgage crisis differently from other companies?
-JP Morgan Chase and Goldman Sachs quickly identified and responded to delinquencies in their mortgage portfolios, taking preemptive actions like hedging their subprime portfolios.
What is the key lesson about information flow in organizations as mentioned in the script?
-The key lesson is that successful companies have a free flow of information from bottom to top and top to bottom, which helps in making informed decisions.
What example was given to illustrate the importance of good information flow?
-The example given was Goldman Sachs, where the head of the mortgage desk ensured that the top executives were informed about the losses, leading to timely risk mitigation actions.
What is the main objective of Enterprise Risk Management as described?
-The main objective of ERM is to help organizations identify and address major risks early, facilitating informed decision-making without creating additional bureaucracy.
What metaphor does John Reed use to describe the purpose of risk management?
-John Reed uses the metaphor of car brakes, stating that brakes are necessary so a car can go fast. Similarly, risk management helps an organization move forward confidently by understanding and addressing risks.
Outlines
🚨 Risks in Complex Organizations
The speaker discusses the challenges of managing risks in complex organizations, using examples from both the private and public sectors. In the private sector, the BP Gulf oil spill and GM ignition switch problem are highlighted as consequences of unmanaged complexity, leading to CEO dismissals and significant company damage. The Takata airbag crisis is mentioned as an example where a company could potentially go out of business due to risk mismanagement. In the public sector, the speaker cites the Veterans Administration's failure to address long wait times for veterans' healthcare, which resulted in deaths and subsequent organizational shake-ups, including the removal of the VA secretary. The IRS scandal, where the agency was accused of targeting organizations with 'Tea Party' in their names, also led to top-level dismissals. The common issue in these cases is the disconnect between top management's perception of success and the actual problems faced at lower levels of the organization, which are often not communicated effectively.
🛡️ The Importance of Enterprise Risk Management
The speaker emphasizes the importance of Enterprise Risk Management (ERM) as a proactive approach to identifying and mitigating major risks that could hinder an organization's mission. The focus should be on significant risks rather than minor ones, which often distract organizations. The speaker shares insights from the financial crisis, where companies that successfully managed information flow and responded to warning signs, like JP Morgan Chase and Goldman Sachs, were able to navigate the crisis more effectively than those that failed to do so. The need for support from the top and the integration of ERM into an organization's culture is stressed, as it encourages open communication about risks and facilitates early problem-solving. The speaker concludes with a powerful analogy from John Reed, former head of Citigroup, likening brakes in a car to risk management in an organization, suggesting that understanding and managing risks allows for faster and safer progress. The goal of ERM is presented as a tool for better decision-making and problem-solving, rather than creating additional bureaucracy.
Mindmap
Keywords
💡Complexity
💡Risks
💡Enterprise Risk Management (ERM)
💡Information Flow
💡Disaster
💡Veterans Administration (VA)
💡Internal Controls
💡Chief Risk Officer (CRO)
💡Culture
💡Reputational Risk
💡Brakes
Highlights
The complexity of the modern world often catches organizations off-guard with emerging risks that can lead to significant disasters.
Examples of private sector failures include the BP Gulf oil spill and GM ignition switch problem, which resulted in CEOs being fired and serious company damage.
In the case of Takata airbags, the risk of failure led to a company potentially going out of business.
Government organizations face similar issues, as seen with the Veterans Administration and the IRS scandals, leading to high-level dismissals and policy changes.
A common issue is the disconnect between top-level executives who believe everything is fine and lower-level employees who are aware of serious problems.
Successful companies, like JP Morgan Chase and Goldman Sachs, effectively managed risks by ensuring information flow from all levels of the organization.
Enterprise Risk Management (ERM) is a key strategy for identifying and addressing major risks that could impede an organization's mission.
ERM encourages a culture that focuses on significant risks rather than getting lost in minor details.
The importance of open communication and the role of the chief risk officer in facilitating discussions about risk priorities.
Early identification and addressing of risks can prevent small problems from escalating into larger crises.
The need for top-level support to make ERM effective and to foster a culture of risk awareness and problem-solving.
ERM is not about creating additional bureaucracy but about enabling better decision-making through informed risk conversations.
The analogy of a car with brakes to illustrate the importance of risk management in allowing an organization to move forward confidently and at speed.
John Reed's quote from the Financial Crisis Inquiry Commission emphasizes the role of understanding and managing risks for organizational advancement.
The speaker's personal experience on the Financial Crisis Inquiry Commission and the insights gained about the differences between successful and unsuccessful companies in crisis management.
The importance of recognizing and addressing warning signs in risk management, as seen in post-mortem analyses of various disasters.
The role of the chief credit officer in identifying and communicating pricing issues with mortgages, leading to proactive risk management.
The head of Goldman Sachs' mortgage desk emphasized the importance of reporting bad news to top management for informed decision-making.
Transcripts
[Applause]
that's right
thank you we live in an increasingly
complex world and one of the results of
that complexity is that a number of
organizations are surprised when risks
emerge that actually take them down on
the private sector side you can think of
the BP Gulf oil spill where complexities
led to a huge disaster in the Gulf of
Mexico you can think of the GM ignition
switch problem and in those cases of
course people fire the CEOs they fire
people companies are hurt seriously in
the case of the Takata airbags you may
actually see a company go out of
business on the government side you see
the same problem the Veterans
Administration had a series of Veterans
Hospitals and it turned out that over
stretched hospitals have long wait times
but the head of the VA had let it be
known he didn't want to hear about long
wait times he wanted to hear that
everybody was being dealt with within
two weeks so if you tell me that's what
I got to say that's what I'll say and it
turned out that VA hospitals in fact had
such long wait times that veterans were
dying before they got their health care
and when that finally came to light once
again they fired the secretary they
fired people down the organization and
Congress started to do surgery on civil
service protections in the VA the same
thing happened with the IRS where people
were looking at exempt organizations and
decided not very bright to look at
organizations that all had the name Tea
Party in it when that came to light the
resulting explosion led to firing people
from top of the organization down and
Congress again did surgery on the ir
the common element and all of this is
the people at the top sit there thinking
that everything is great and if you were
to talk to people down in the
organization what you'd find is gee we
got problems we got problems but there
seems to be a layer of cork that stops
the information from rising from the
bottom to the top I first learned about
this when I was on the staff of the
Financial Crisis Inquiry Commission and
we would have all these officials from
failed companies telling us how nobody
could foresee the drop in housing prices
well it turned out in the midst of all
the companies that failed there were a
number of companies that navigated the
crisis and I began to understand the
difference between successful companies
and unsuccessful companies and the
answer in my mind had to do with
information flow that in the successful
companies you had a flow of information
from bottom to top and top to bottom and
across the silos so the Baron's would
talk to each other so in in JP Morgan
Chase all of a sudden their mortgage
side realized that they were having
serious delinquencies and the news
immediately went up to the operating
committee at the very top of this multi
trillion dollar organization and there
was a food fight among the executives
what's going on here and they realized
their delinquencies were better than
their competitors delinquencies so the
instructions went down get rid of
subprime mortgages and that was in
October of oh six well before the crisis
the same thing happened with Goldman
Sachs in December of oh six where
somebody reported the head of their
mortgage desk reported that they where
their models said they were supposed to
make money for two weeks they had lost
money immediately the news went up and
Goldman hedged their subprime portfolio
those were the successful companies so
the lessons I took for them from that
or that information flow is essential
but also warning signs or the air if you
look at the post-mortem on the BP Gulf
oil spill or on Massey mining where 29
miners were killed or any number of
disasters the NASA Space Shuttle
disasters
it is so clear in retrospect that
there's a problem Enterprise Risk
Management is a way to deal with that
and it asks a simple question what are
the major risks that could stop us from
achieving our mission and the whole
point is you want to look at the big
risks government particularly but also
the private sector are always distracted
by all these little risks that they're
worried about that they tie up in red
tape and in fact what you want to look
at are the really big risks and if you
can build that into your culture you can
have a much more robust capacity to
understand the vulnerabilities that
you're otherwise going to run into
without appreciating them so one of the
failed companies and the financial
crisis the chief credit officer went to
his executive vice president and said we
got problems we're not pricing for the
mortgages were buying and the executive
vice president said how come you're the
only person in the company who believes
in your models well that was really
stupid by the way the chief credit
officer is still there and the executive
vice president is long gone but in the
case of goldman sachs when we
interviewed the head of the mortgage
desk we said why did you report the bad
news to the top and he said part of my
job is to make sure that the people at
the top of the organization know what
they need to know to make good decisions
and that was a successful company so
what you need to make enterprise risk
management work is first of all support
from the top
I've just been inserted into a
government agency actually about six
months ago was supportive and under
secretary
and she had us gather all of the senior
executives and talked to them talk about
the big risks and what you've got to do
is overcome the tendency of barons to
say there are no risks I run a good
department and instead to understand
everybody's got risks we're not blaming
you what we want to do is solve problems
and if we can hear about these risks
early we can deal with them before
rather than after something bad happens
in the earlier you hear about it the
easier it is to deal with an emerging
risk and what we did over time was
infuse the culture of the organization
so people understood we're not playing
gotcha what we're trying to do is help
you solve problems that otherwise may be
too big for you and by the way we're all
in this together in today's complex
world with the kind of reputational risk
that beset Sall organizations were all
in this together
and we had better work on it together so
that's Enterprise Risk Management and I
really hope you look into it because it
is a really powerful management tool I'd
like to finish with one of the actually
the best quote from the whole Financial
Crisis Inquiry Commission study and
that's from a guy named John Reed who
was head of Citigroup back in 2000 and
was eased out at that point before
Citigroup got into all of its trouble
and he asked the question why does a car
have brakes a car has brakes so it can
go fast if you didn't have brakes
you'd creep around at two miles an hour
if you've got brakes you understand what
the problems are and you can really go
forward at 65 miles an hour and the
whole point of enterprise risk
management is not to create another
layer of bureaucracy but rather to have
your chief risk officer facilitate the
conversations and then the discussions
about priorities
one of the really big risks we've got a
grapple with it's a very powerful
management tool and I hope you all have
a chance to take a look thank you
[Applause]
Browse More Related Video
015 What goes into risk assessment What are expectations
Living in and coping with world risk society - 42nd St. Gallen Symposium
How to use SharePoint Online for Knowledge Management - Microsoft 365
Risk Management for Individuals – Part III (2024 Level III CFA® Program – Reading 22)
What is Crisis management? What is Crisis? Crisis Management Plans.
Risk Management & Position Sizing Strategy for Trading
5.0 / 5 (0 votes)