Clive Moffatt describes the intranet's role in bringing quality risk information to the decision-maker's desktop.

More managers are finding it essential to acquire risk management skills. Clive Moffatt describes the intranet's role in bringing quality risk information to the decision-maker's desktop.

Success iii business depends on taking calculated risks and placing high priority on the quality and rapidity of your response to existing and anticipated market needs. Managers at all levels face increasing pressure to take more day-to-day decisions that impact on all aspects of the organisation.

Hasy access to knowledge and expertise is essential for effective strategic and operational decision-making. The intranet gives large organisations an opportunity to huild a cost-effective, interactive communications platform to facilitate effective management and monitoring of business risks. Since the days of Adam Smith, the division ol labour has been hailed as the cornerstone of economic progress. With each of us focusing on what we do best, the argument runs, the operation of the invisible hand ol the free market will create the wealth necessary to maximise the greatest happiness o! the greatest number of people.

In business, the application of this principle has led to the creation and frequent re-engineering of various line and support structures. The result has often been complicated formal systems for routing-decisions for advice or approval, together with a myriad of informal communication lines, such as ad hoc personal arrangements which operate outside the formal system. There is now a growing recognition that splitting tasks into specialised processes may work on a production line, but can inhibit effective strategic and tactical decision-making at all management levels.

Knowledge linked to people and processes is the principal corporate asset. You can only streamline and empower individual business units and minimize head office functions if there is effective transfer of "corporate knowledge" within your business. The knowledge and expertise required to take effective strategic and operational decisions need to reside within individual managers rather than being locked away within remote specialist departments.

Trends are already developing towards removing functional barriers and a wider sharing of knowledge and expertise. They include:

  • removing formal job descriptions
  • moving managers regularly between different functions (eg strategy, marketing and operations)
  • creating short-term, multi-skilled units to develop opportunities and tackle particular problems.

    Nowhere is the need for greater fluidity more pressing than in risk management. Here, you can gain significant competitive advantage from enabling managers to examine more systematically the likely implications ol decisions they make.

    As the author of The Turnbull Report on UK Corporate Governance noted: "All employees have some responsibility for internal control. Collectively they should have the necessary knowledge, skills, information and authority to operate and monitor the internal control system. Communication between different levels of the organisation and across departments plays a pivotal role in a successful risk management system."

    Changing role and status
    Early specialisation, based on mitigating (via pre-ventative measures) and/or transferring the cost of "pure" risks (eg losses occurring from property damage or liability claims) to insurers, characterised traditional risk management. Recent years have seen a shift to a more comprehensive view of risks and their management.

    Our recent research among 150 international organisations in the UK, USA and Europe suggests the following general conclusions:

  • The traditional risk manager's function is a target for outsourcing because senior management does not view insurance administration as a "mainstream" activity
  • At the same time, corporate governance and competitive pressures are forcing boards to recognise the need to integrate internal approaches to strategic, commercial, financial and operational risks
  • Departmental disputes about the ownership of the concept and practice of risk management and bad communications are major obstacles to progress.

    Most large organisations have systems for collecting and analysing data for insurance purposes, and briefing procedures (mainly manuals) covering pure risks. Less than a third of them have an integrated risk management strategy.

    The penultimate figure of 32% is probably an overestimation. A recent series of focus groups that we conducted indicated that, even where there is a strategy, it does not, at present, amount to much more than a mere statement of objectives and intentions.

    Criteria for success
    We conducted a detailed market research and recent benchmarking study, involving BAE Systems, Northrop Grumman, Microsoft, Gillette, Fluor and Schlumberger. This showed that in those organisations, such as Microsoft and Schlumberger, which have made significant progress in implementing an effective communications platform for integrated management of business risks, there are five critical criteria for success:

  • Secure main board support and CEO commitment to the objectives of the exercise, the process involved and the cultural changes required to achieve success
  • Avoid cumbersome databases and processing, as well as over elaborate prescriptive models which seek to quantify predicted outcomes
  • Focus on identifying those strategic and tactical decisions which impact on a number of significant risks and create a set of guidelines to raise awareness and enable the management of the decision-making process
  • Adopt a cross-functional approach to building an enabling platform, which involves operations, risk management, audit, legal and strategy in a co-operative process.
  • Do not attempt to do too much too quickly. Identify a target audience and/or area(s) of risk (eg environmental, health and safety) and then test and demonstrate the benefits before moving on.

    In summary, you should address the following key issues:

  • Have you assessed and prioritised risks and reviewed current decision-making guidelines?
  • What co-ordination exists between line management and support functions? Who leads the integration process?
  • What internal information and "enabling" processes and systems do you need to promote and support the effective management of business risks?

    Building a communications platform
    We have developed a three-stage approach to building an intranet-based communication platform to facilitate effective business risk management. These stages involve the client and consultant working as a team to develop the content, structure, navigation and design of a risk management platform.

    In stage one, the first step is establishing the distribution of risks across functions, using research and consultation.

    The second step is establishing the degree of overlap and dependency between different functions and areas of risk.

    The third step is mapping and prioritising the risk implications of various strategic and operational management decisions.

    Typically, the output from stage one would be a matrix of priority decision areas and risks, giving a basis for preparing a series of high level, detailed guidelines, templates and checklists in stage two. This second stage involves creating "enabling" risk navigation guidelines relating to specific types of strategic and operational decisions.

    In building an effective intranet platform (stage three), the key things to remember are that it must:

  • be interactive
  • be easy to use
  • have features that allow development of simple measures of awareness levels and how particular risk exposures at a functional or cross-functional level are being managed over time
  • be promoted off-line to all members of the target audience as part of a campaign to secure management buy-in and maximise usage.

    Business benefits
    Our experience indicates that companies can derive significant efficiency improvements from introducing an effective intranet-based risk management platform. The most obvious are savings in management time, and savings in documentation.

    More importantly, the platform provides a mechanism to enable faster and more effective decision-making, as well as helping facilitate the achievement of the desired corporate balance between risk and opportunity. Key potential benefits are: »internal consensus on scope and priorities

  • higher and more sustainable awareness of risk
  • consistent navigational aids for managing risk
  • knowledge transfer and its effective management
  • increased coverage, impact and interaction
  • measures for monitoring risk management.

    Balancing risk and opportunity will always be more of an art than a science. People will continue to take risks and behave in an unpredictable manner. However, the chances of business success are greater and the scope for excuses after a loss-making event are reduced, if there is ready on-line access to a framework that enables decisions to be taken with knowledge rather than in ignorance.
    Clive Moffatt is managing partner of specialist management and e-business solutions consultancy Moffatt Associates. He will be hosting a workshop entitled "We're all risk managers now" at the IRM Annual Conference, 21/22 September 2000, Queen's College, Cambridge.