The Active Risk Blog


Risk Chart 1

‘Black Swan’ is a recognized theory within risk management, originally developed by Nassim Nicholas Taleb. For those of you that have ever wondered, the term ‘Black Swan’ originates from the belief that all swans are white because these were the only ones accounted for. However, when black swans were discovered during the 17th century in Australia, this unexpected event in scientific history profoundly changed zoology. After the black swan was discovered it seemed obvious that black swans had to exist just as other animals with varying colors were known to exist. Taleb made his financial trading reputation out of targeting the impact of highly improbably events.   The importance of the metaphor is that it describes an event that is highly unlikely to materialize but if it did, would have a substantial impact. In traditional enterprise risk methodologies the assessment of this ...  



Risk Management

On July 15th 2016 the Office of Management and Budget, an Executive Office for the President, released a major revision to OMB A-123. Now entitled ‘Management’s Responsibility for Enterprise Risk Management and Internal Control’ the new version underlines the importance of the relationship between Internal Controls and Enterprise Risk Management (ERM). This is the next step following the introduction of ‘risk based thinking’ in ISO9001:2015.   To our minds, we are seeing a natural progression as organizations worldwide look to improve performance by operating at higher levels of risk maturity which integrate ERM, Internal Controls, and Governance in a closed-loop process.  

  In OMB A-123, the administration emphasizes the importance of having appropriate risk management processes and systems in place to identify challenges early, to bring them to the attention of agency leadership and to develop solutions.   It also states that implementation of this policy ...  



We’ve been working with the folks at GRC20/20, and in particular, with Michael Rasmussen, the father of the term GRC which he created when he was the Lead Research Fellow at Forrester in 2003.   Together we’ve produced a paper about providing 360˚ contextual awareness of risk. Michael’s industry research has shown that in many organisations, it is the case that risk management still takes place in silos. Distributed business units maintain their own risk data, spreadsheets, analytics, modelling, frameworks and assumptions. And while organizations are keen to improve risk management, this standalone approach for each area poses a major challenge.   When an organization runs risk in a piecemeal fashion with information held in silos, there is little collaboration, and therefore no opportunity to build intelligence as individual risks intersect and compound. This approach makes it all but impossible to ...  



23 June was not just the day that UK citizens voted on the EU Referendum, it was also the day that our series of Global Conferences went to London.   This was the largest of our conferences to date, and we were delighted to welcome record numbers of attendees, despite traffic chaos caused by heavy rain.   Our two keynote speakers, Sir Ranulph Fiennes, the renowned adventurer and polar explorer and Michael White, Assistant Editor of the Guardian and broadcaster were both were extremely entertaining. Ran told numerous anecdotes of hair-raising near-disaster in polar expeditions, with plenty of grizzly photos. He also talked about his earlier military career, and about reducing risk in warfare – particularly reducing the number of deaths of soldiers. His final comment was that nature isn’t out to get you, but in business, your competitors ...  



  The other day I came across an EY white paper called Turning Risk into Results that I first read a couple of years ago. What struck me is just how on the button the paper was, and we are certainly seeing many of the trends discussed reflected in our own customer base currently.   The paper is all about how leading companies use risk management to improve business performance. The original research was based on a global, quantitative survey (with 576 interviews and a review of over 2,750 analyst and company reports), that assessed the level of risk maturity and its relationship with financial performance.   It highlights some stark contrasts between the top performing companies (in terms of risk maturity) and those at the bottom. For example, companies in the top 20% of risk maturity generated three times the level ...