Enterprise Risk Management | Thomas H. Stanton | TEDxJHUDC

TEDx Talks
20 Mar 201709:04

Summary

TLDRThis speech addresses the importance of Enterprise Risk Management (ERM) in navigating complex organizational environments. It highlights how poor information flow and failure to recognize major risks can lead to disasters, citing examples like the BP oil spill and the GM ignition switch issue. The speaker emphasizes the need for top-down support in ERM to foster a culture that identifies and mitigates significant risks early, allowing organizations to operate effectively and avoid crises. The analogy of a car with brakes to illustrate the necessity of risk management in enabling progress is a key takeaway.

Takeaways

  • 🌐 Complex world leads to unforeseen risks that can severely impact organizations.
  • 🛑 Examples of risk surprises include the BP Gulf oil spill, GM ignition switch issue, and Takata airbags, which resulted in CEO firings and business failures.
  • 🏥 Government organizations like the Veterans Administration and IRS also face risk management challenges, leading to dismissals and policy changes.
  • 🔮 The common issue is a disconnect between top management's perception of success and the actual problems faced at lower levels of the organization.
  • 🗣️ Effective communication of information from all levels is crucial for a company's success, as demonstrated by JP Morgan Chase and Goldman Sachs during the financial crisis.
  • 🚫 Enterprise Risk Management (ERM) is essential to identify and address major risks that could hinder an organization's mission.
  • 📋 ERM involves asking what the significant risks are and focusing on them rather than getting lost in minor details.
  • 🔑 Support from top management is vital for the success of ERM, as it helps to foster a culture of open communication about risks.
  • 🤝 Overcoming the 'no risks' mentality and encouraging departments to share their vulnerabilities is key to proactive risk management.
  • 🛑 Early identification and addressing of risks can prevent small issues from escalating into major problems.
  • 🚗 The purpose of ERM is not to create bureaucracy but to facilitate discussions on priorities and manage risks effectively for better organizational performance.

Q & A

  • What is the primary concern discussed in the script?

    -The primary concern is the complexity of modern organizations and how emerging risks can lead to significant disasters if not properly managed.

  • Can you give examples of major disasters mentioned that were caused by organizational complexities?

    -Examples include the BP Gulf oil spill, the GM ignition switch problem, and the Takata airbags issue.

  • What is a common response to these disasters in both private and public sectors?

    -A common response is firing top executives and other personnel, and sometimes making legislative changes to address the issues.

  • What issue was highlighted within the Veterans Administration (VA) hospitals?

    -The issue highlighted was long wait times for veterans, which were hidden due to pressure from the head of the VA to report that all were being dealt with within two weeks.

  • How does the script describe the flow of information in successful companies during the financial crisis?

    -In successful companies, there was a strong flow of information from the bottom to the top and across silos, allowing them to respond quickly to emerging risks.

  • What role does Enterprise Risk Management (ERM) play according to the script?

    -ERM helps organizations identify and manage major risks that could prevent them from achieving their mission, emphasizing the importance of addressing significant risks early.

  • How did JP Morgan Chase and Goldman Sachs handle the mortgage crisis differently from other companies?

    -JP Morgan Chase and Goldman Sachs quickly identified and responded to delinquencies in their mortgage portfolios, taking preemptive actions like hedging their subprime portfolios.

  • What is the key lesson about information flow in organizations as mentioned in the script?

    -The key lesson is that successful companies have a free flow of information from bottom to top and top to bottom, which helps in making informed decisions.

  • What example was given to illustrate the importance of good information flow?

    -The example given was Goldman Sachs, where the head of the mortgage desk ensured that the top executives were informed about the losses, leading to timely risk mitigation actions.

  • What is the main objective of Enterprise Risk Management as described?

    -The main objective of ERM is to help organizations identify and address major risks early, facilitating informed decision-making without creating additional bureaucracy.

  • What metaphor does John Reed use to describe the purpose of risk management?

    -John Reed uses the metaphor of car brakes, stating that brakes are necessary so a car can go fast. Similarly, risk management helps an organization move forward confidently by understanding and addressing risks.

Outlines

00:00

🚨 Risks in Complex Organizations

The speaker discusses the challenges of managing risks in complex organizations, using examples from both the private and public sectors. In the private sector, the BP Gulf oil spill and GM ignition switch problem are highlighted as consequences of unmanaged complexity, leading to CEO dismissals and significant company damage. The Takata airbag crisis is mentioned as an example where a company could potentially go out of business due to risk mismanagement. In the public sector, the speaker cites the Veterans Administration's failure to address long wait times for veterans' healthcare, which resulted in deaths and subsequent organizational shake-ups, including the removal of the VA secretary. The IRS scandal, where the agency was accused of targeting organizations with 'Tea Party' in their names, also led to top-level dismissals. The common issue in these cases is the disconnect between top management's perception of success and the actual problems faced at lower levels of the organization, which are often not communicated effectively.

05:02

🛡️ The Importance of Enterprise Risk Management

The speaker emphasizes the importance of Enterprise Risk Management (ERM) as a proactive approach to identifying and mitigating major risks that could hinder an organization's mission. The focus should be on significant risks rather than minor ones, which often distract organizations. The speaker shares insights from the financial crisis, where companies that successfully managed information flow and responded to warning signs, like JP Morgan Chase and Goldman Sachs, were able to navigate the crisis more effectively than those that failed to do so. The need for support from the top and the integration of ERM into an organization's culture is stressed, as it encourages open communication about risks and facilitates early problem-solving. The speaker concludes with a powerful analogy from John Reed, former head of Citigroup, likening brakes in a car to risk management in an organization, suggesting that understanding and managing risks allows for faster and safer progress. The goal of ERM is presented as a tool for better decision-making and problem-solving, rather than creating additional bureaucracy.

Mindmap

Keywords

💡Complexity

Complexity refers to the state of being intricately composed, involving many interrelated parts. In the video's context, it denotes the multifaceted nature of modern organizations that can lead to unforeseen risks and challenges. The speaker uses the term to illustrate how organizations like BP and GM were caught off guard by the complexities that led to significant disasters.

💡Risks

Risks are potential threats or hazards that could negatively impact an organization or its objectives. The video emphasizes the importance of identifying and managing risks, particularly in complex environments. Examples from the script include the BP Gulf oil spill and the GM ignition switch problem, where risks were not adequately managed, leading to severe consequences.

💡Enterprise Risk Management (ERM)

Enterprise Risk Management is a strategic approach to identifying, assessing, and managing potential risks to an organization's capital and earnings. The video highlights ERM as a crucial tool for understanding and addressing major risks that could impede an organization's mission. The speaker discusses how successful companies like JP Morgan Chase and Goldman Sachs used ERM to navigate the financial crisis.

💡Information Flow

Information flow is the process by which data and insights move within an organization, from bottom to top and across departments. The video emphasizes the importance of open and efficient information flow for successful risk management. The speaker contrasts companies that failed due to poor information flow with those that succeeded by ensuring that concerns and insights were communicated effectively.

💡Disaster

A disaster, in the context of the video, refers to a catastrophic event that causes significant harm or damage to an organization. The speaker cites the BP Gulf oil spill and the Massey mining disaster as examples of situations where a lack of risk awareness and management led to disastrous outcomes.

💡Veterans Administration (VA)

The Veterans Administration is a U.S. government agency responsible for providing services to military veterans. The video uses the VA as an example of a government organization that faced a crisis due to poor management and communication, leading to long wait times for veterans' healthcare and, in some cases, preventable deaths.

💡Internal Controls

Internal controls are the policies and procedures put in place within an organization to ensure that it operates effectively and efficiently, and to mitigate risks. The video discusses how internal controls can fail, as in the case of the VA, where a lack of proper controls and oversight contributed to the healthcare crisis.

💡Chief Risk Officer (CRO)

A Chief Risk Officer is a senior executive responsible for overseeing an organization's risk management strategy. The video suggests that the role of the CRO is not to create bureaucracy but to facilitate discussions about risk priorities and to ensure that the organization can operate effectively while being aware of potential risks.

💡Culture

In the context of the video, culture refers to the shared values, beliefs, and practices that characterize an organization. The speaker argues that fostering a culture of open communication about risks is essential for effective risk management. The video describes how changing the culture within an organization can help it become more resilient to risks.

💡Reputational Risk

Reputational risk is the risk of damage to an organization's reputation, which can negatively impact its brand, trustworthiness, and stakeholder relationships. The video mentions that in today's complex world, all organizations face reputational risks, emphasizing the need for collective action and risk management to protect against such threats.

💡Brakes

The metaphor of 'brakes' is used in the video to illustrate the importance of risk management in enabling an organization to move forward confidently and at speed. The speaker quotes John Reed, former head of Citigroup, who likens brakes to risk management tools that allow an organization to understand potential problems and proceed with caution, thereby enabling faster and more effective progress.

Highlights

The complexity of the modern world often catches organizations off-guard with emerging risks that can lead to significant disasters.

Examples of private sector failures include the BP Gulf oil spill and GM ignition switch problem, which resulted in CEOs being fired and serious company damage.

In the case of Takata airbags, the risk of failure led to a company potentially going out of business.

Government organizations face similar issues, as seen with the Veterans Administration and the IRS scandals, leading to high-level dismissals and policy changes.

A common issue is the disconnect between top-level executives who believe everything is fine and lower-level employees who are aware of serious problems.

Successful companies, like JP Morgan Chase and Goldman Sachs, effectively managed risks by ensuring information flow from all levels of the organization.

Enterprise Risk Management (ERM) is a key strategy for identifying and addressing major risks that could impede an organization's mission.

ERM encourages a culture that focuses on significant risks rather than getting lost in minor details.

The importance of open communication and the role of the chief risk officer in facilitating discussions about risk priorities.

Early identification and addressing of risks can prevent small problems from escalating into larger crises.

The need for top-level support to make ERM effective and to foster a culture of risk awareness and problem-solving.

ERM is not about creating additional bureaucracy but about enabling better decision-making through informed risk conversations.

The analogy of a car with brakes to illustrate the importance of risk management in allowing an organization to move forward confidently and at speed.

John Reed's quote from the Financial Crisis Inquiry Commission emphasizes the role of understanding and managing risks for organizational advancement.

The speaker's personal experience on the Financial Crisis Inquiry Commission and the insights gained about the differences between successful and unsuccessful companies in crisis management.

The importance of recognizing and addressing warning signs in risk management, as seen in post-mortem analyses of various disasters.

The role of the chief credit officer in identifying and communicating pricing issues with mortgages, leading to proactive risk management.

The head of Goldman Sachs' mortgage desk emphasized the importance of reporting bad news to top management for informed decision-making.

Transcripts

play00:00

[Applause]

play00:01

that's right

play00:03

thank you we live in an increasingly

play00:08

complex world and one of the results of

play00:11

that complexity is that a number of

play00:14

organizations are surprised when risks

play00:18

emerge that actually take them down on

play00:21

the private sector side you can think of

play00:23

the BP Gulf oil spill where complexities

play00:27

led to a huge disaster in the Gulf of

play00:31

Mexico you can think of the GM ignition

play00:36

switch problem and in those cases of

play00:38

course people fire the CEOs they fire

play00:41

people companies are hurt seriously in

play00:45

the case of the Takata airbags you may

play00:48

actually see a company go out of

play00:50

business on the government side you see

play00:53

the same problem the Veterans

play00:55

Administration had a series of Veterans

play00:58

Hospitals and it turned out that over

play01:02

stretched hospitals have long wait times

play01:05

but the head of the VA had let it be

play01:08

known he didn't want to hear about long

play01:12

wait times he wanted to hear that

play01:14

everybody was being dealt with within

play01:16

two weeks so if you tell me that's what

play01:19

I got to say that's what I'll say and it

play01:22

turned out that VA hospitals in fact had

play01:26

such long wait times that veterans were

play01:28

dying before they got their health care

play01:30

and when that finally came to light once

play01:34

again they fired the secretary they

play01:37

fired people down the organization and

play01:39

Congress started to do surgery on civil

play01:42

service protections in the VA the same

play01:46

thing happened with the IRS where people

play01:48

were looking at exempt organizations and

play01:52

decided not very bright to look at

play01:56

organizations that all had the name Tea

play01:59

Party in it when that came to light the

play02:02

resulting explosion led to firing people

play02:05

from top of the organization down and

play02:08

Congress again did surgery on the ir

play02:12

the common element and all of this is

play02:14

the people at the top sit there thinking

play02:18

that everything is great and if you were

play02:21

to talk to people down in the

play02:23

organization what you'd find is gee we

play02:26

got problems we got problems but there

play02:28

seems to be a layer of cork that stops

play02:31

the information from rising from the

play02:34

bottom to the top I first learned about

play02:37

this when I was on the staff of the

play02:39

Financial Crisis Inquiry Commission and

play02:41

we would have all these officials from

play02:45

failed companies telling us how nobody

play02:48

could foresee the drop in housing prices

play02:50

well it turned out in the midst of all

play02:53

the companies that failed there were a

play02:55

number of companies that navigated the

play02:57

crisis and I began to understand the

play03:00

difference between successful companies

play03:03

and unsuccessful companies and the

play03:06

answer in my mind had to do with

play03:09

information flow that in the successful

play03:12

companies you had a flow of information

play03:14

from bottom to top and top to bottom and

play03:17

across the silos so the Baron's would

play03:20

talk to each other so in in JP Morgan

play03:24

Chase all of a sudden their mortgage

play03:27

side realized that they were having

play03:30

serious delinquencies and the news

play03:33

immediately went up to the operating

play03:35

committee at the very top of this multi

play03:38

trillion dollar organization and there

play03:40

was a food fight among the executives

play03:42

what's going on here and they realized

play03:44

their delinquencies were better than

play03:46

their competitors delinquencies so the

play03:48

instructions went down get rid of

play03:51

subprime mortgages and that was in

play03:53

October of oh six well before the crisis

play03:56

the same thing happened with Goldman

play03:58

Sachs in December of oh six where

play04:02

somebody reported the head of their

play04:04

mortgage desk reported that they where

play04:07

their models said they were supposed to

play04:08

make money for two weeks they had lost

play04:11

money immediately the news went up and

play04:13

Goldman hedged their subprime portfolio

play04:17

those were the successful companies so

play04:20

the lessons I took for them from that

play04:22

or that information flow is essential

play04:25

but also warning signs or the air if you

play04:29

look at the post-mortem on the BP Gulf

play04:32

oil spill or on Massey mining where 29

play04:35

miners were killed or any number of

play04:38

disasters the NASA Space Shuttle

play04:40

disasters

play04:42

it is so clear in retrospect that

play04:44

there's a problem Enterprise Risk

play04:47

Management is a way to deal with that

play04:50

and it asks a simple question what are

play04:54

the major risks that could stop us from

play04:57

achieving our mission and the whole

play04:59

point is you want to look at the big

play05:01

risks government particularly but also

play05:04

the private sector are always distracted

play05:07

by all these little risks that they're

play05:09

worried about that they tie up in red

play05:11

tape and in fact what you want to look

play05:14

at are the really big risks and if you

play05:17

can build that into your culture you can

play05:20

have a much more robust capacity to

play05:26

understand the vulnerabilities that

play05:28

you're otherwise going to run into

play05:30

without appreciating them so one of the

play05:33

failed companies and the financial

play05:35

crisis the chief credit officer went to

play05:38

his executive vice president and said we

play05:42

got problems we're not pricing for the

play05:44

mortgages were buying and the executive

play05:46

vice president said how come you're the

play05:48

only person in the company who believes

play05:51

in your models well that was really

play05:53

stupid by the way the chief credit

play05:55

officer is still there and the executive

play05:57

vice president is long gone but in the

play06:00

case of goldman sachs when we

play06:02

interviewed the head of the mortgage

play06:03

desk we said why did you report the bad

play06:06

news to the top and he said part of my

play06:09

job is to make sure that the people at

play06:11

the top of the organization know what

play06:14

they need to know to make good decisions

play06:16

and that was a successful company so

play06:20

what you need to make enterprise risk

play06:23

management work is first of all support

play06:26

from the top

play06:28

I've just been inserted into a

play06:30

government agency actually about six

play06:32

months ago was supportive and under

play06:34

secretary

play06:35

and she had us gather all of the senior

play06:37

executives and talked to them talk about

play06:40

the big risks and what you've got to do

play06:43

is overcome the tendency of barons to

play06:46

say there are no risks I run a good

play06:49

department and instead to understand

play06:51

everybody's got risks we're not blaming

play06:54

you what we want to do is solve problems

play06:57

and if we can hear about these risks

play06:59

early we can deal with them before

play07:01

rather than after something bad happens

play07:04

in the earlier you hear about it the

play07:07

easier it is to deal with an emerging

play07:10

risk and what we did over time was

play07:14

infuse the culture of the organization

play07:18

so people understood we're not playing

play07:20

gotcha what we're trying to do is help

play07:23

you solve problems that otherwise may be

play07:27

too big for you and by the way we're all

play07:29

in this together in today's complex

play07:32

world with the kind of reputational risk

play07:35

that beset Sall organizations were all

play07:38

in this together

play07:39

and we had better work on it together so

play07:42

that's Enterprise Risk Management and I

play07:44

really hope you look into it because it

play07:46

is a really powerful management tool I'd

play07:50

like to finish with one of the actually

play07:53

the best quote from the whole Financial

play07:55

Crisis Inquiry Commission study and

play07:58

that's from a guy named John Reed who

play08:01

was head of Citigroup back in 2000 and

play08:04

was eased out at that point before

play08:07

Citigroup got into all of its trouble

play08:10

and he asked the question why does a car

play08:13

have brakes a car has brakes so it can

play08:18

go fast if you didn't have brakes

play08:21

you'd creep around at two miles an hour

play08:24

if you've got brakes you understand what

play08:28

the problems are and you can really go

play08:31

forward at 65 miles an hour and the

play08:34

whole point of enterprise risk

play08:35

management is not to create another

play08:38

layer of bureaucracy but rather to have

play08:41

your chief risk officer facilitate the

play08:45

conversations and then the discussions

play08:47

about priorities

play08:49

one of the really big risks we've got a

play08:51

grapple with it's a very powerful

play08:53

management tool and I hope you all have

play08:56

a chance to take a look thank you

play08:59

[Applause]

Browse More Related Video

015 What goes into risk assessment What are expectations

Living in and coping with world risk society - 42nd St. Gallen Symposium

How to use SharePoint Online for Knowledge Management - Microsoft 365

Risk Management for Individuals – Part III (2024 Level III CFA® Program – Reading 22)

What is Crisis management? What is Crisis? Crisis Management Plans.

Risk Management & Position Sizing Strategy for Trading

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Risk ManagementOrganizational CultureEnterprise StrategyCrisis NavigationLeadership InsightsInformation FlowBusiness ResilienceRisk IdentificationStrategic PlanningCorporate Governance