Accendo Reliability

Your Reliability Engineering Professional Development Site

  • Home
  • About
    • Contributors
  • Reliability.fm
    • Speaking Of Reliability
    • Rooted in Reliability: The Plant Performance Podcast
    • Quality during Design
    • Way of the Quality Warrior
    • Critical Talks
    • Dare to Know
    • Maintenance Disrupted
    • Metal Conversations
    • The Leadership Connection
    • Practical Reliability Podcast
    • Reliability Matters
    • Reliability it Matters
    • Maintenance Mavericks Podcast
    • Women in Maintenance
    • Accendo Reliability Webinar Series
  • Articles
    • CRE Preparation Notes
    • on Leadership & Career
      • Advanced Engineering Culture
      • Engineering Leadership
      • Managing in the 2000s
      • Product Development and Process Improvement
    • on Maintenance Reliability
      • Aasan Asset Management
      • AI & Predictive Maintenance
      • Asset Management in the Mining Industry
      • CMMS and Reliability
      • Conscious Asset
      • EAM & CMMS
      • Everyday RCM
      • History of Maintenance Management
      • Life Cycle Asset Management
      • Maintenance and Reliability
      • Maintenance Management
      • Plant Maintenance
      • Process Plant Reliability Engineering
      • ReliabilityXperience
      • RCM Blitz®
      • Rob’s Reliability Project
      • The Intelligent Transformer Blog
      • The People Side of Maintenance
      • The Reliability Mindset
    • on Product Reliability
      • Accelerated Reliability
      • Achieving the Benefits of Reliability
      • Apex Ridge
      • Metals Engineering and Product Reliability
      • Musings on Reliability and Maintenance Topics
      • Product Validation
      • Reliability Engineering Insights
      • Reliability in Emerging Technology
    • on Risk & Safety
      • CERM® Risk Insights
      • Equipment Risk and Reliability in Downhole Applications
      • Operational Risk Process Safety
    • on Systems Thinking
      • Communicating with FINESSE
      • The RCA
    • on Tools & Techniques
      • Big Data & Analytics
      • Experimental Design for NPD
      • Innovative Thinking in Reliability and Durability
      • Inside and Beyond HALT
      • Inside FMEA
      • Integral Concepts
      • Learning from Failures
      • Progress in Field Reliability?
      • R for Engineering
      • Reliability Engineering Using Python
      • Reliability Reflections
      • Testing 1 2 3
      • The Manufacturing Academy
  • eBooks
  • Resources
    • Accendo Authors
    • FMEA Resources
    • Feed Forward Publications
    • Openings
    • Books
    • Webinars
    • Journals
    • Higher Education
    • Podcasts
  • Courses
    • 14 Ways to Acquire Reliability Engineering Knowledge
    • Reliability Analysis Methods online course
    • Measurement System Assessment
    • SPC-Process Capability Course
    • Design of Experiments
    • Foundations of RCM online course
    • Quality during Design Journey
    • Reliability Engineering Statistics
    • Quality Engineering Statistics
    • An Introduction to Reliability Engineering
    • Reliability Engineering for Heavy Industry
    • An Introduction to Quality Engineering
    • Process Capability Analysis course
    • Root Cause Analysis and the 8D Corrective Action Process course
    • Return on Investment online course
    • CRE Preparation Online Course
    • Quondam Courses
  • Webinars
    • Upcoming Live Events
  • Calendar
    • Call for Papers Listing
    • Upcoming Webinars
    • Webinar Calendar
  • Login
    • Member Home

by Greg Hutchins 2 Comments

The Future of Enterprise Risk Management in the 2020’s

The Future of Enterprise Risk Management in the 2020’s

Guest Post by Greg Caroll (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

The 2009 release of ISO 31000 was the first step across the threshold into 21st century risk management. Unfortunately the industry that has developed around it has firmly grabbed the doorway and won’t let go.  Although the latest revisions make references to decision making and integration into functional purpose, it totally misses the point of risk management, which is to assist navigating a complex world.

Enterprise Risk Management by definition is the integration of an organisation’s risks for the purpose of assisting it achieve its mission.  Linking risk registers to objectives does little more than focus management’s thinking on the outcomes of their decisions.   As mentioned in the previous article “Risk 2018 & the missed opportunities of 2017“, implementing Controls is an expected compliance activity, not risk management. A ships’ pilot heeds channel markers, but it’s their skill is in reading the water and weather in choosing the most effective course, that decides winners and losers.  And even the most sophistication GPS navigation systems have yet to replace the navigator on a Volvo Ocean Race yacht.

Picture1I started this article by detailing the failure of current risk methodologies but then realized I was one of my pet hates of focusing on the problem (like current risk management), not the solution. After a severe talking to myself I drafted out my vision of what risk management should look like in the 21st century.  This goes beyond what I listed in my 2013 book “Mastering 21st Century Risk Management” which obviously needs to be updated.

Why we need to rethink Risk Management

The World Economy Forum’s 2018 Global Risks Report it succinctly observed:

“Humanity has become remarkably adept at understanding how to mitigate conventional risks that can be relatively easily isolated and managed with standard risk-management approaches. But we are much less competent when it comes to dealing with complex risks in the interconnected systems that underpin our world, such as organizations, economies, societies and the environment. There are signs of strain in many of these systems: our accelerating pace of change is testing the absorptive capacities of institutions, communities and individuals.

In a world of complex and interconnected systems, feedback loops, threshold effects and cascading disruptions can lead to sudden and dramatic breakdowns.”

Further, in one of the best insightful articles l’ve read in years, Oxford fellow Roland Kupers’ “Resilience in complex organizations” identifies the central issue that:

“In a deeply interconnected world, stresses and shocks propagate across systems in ways that evade forecasting. Climate change is linked to the Syrian civil war, which is connected to heightened concern over immigration, which precipitated Brexit.”

And the WEF report concludes:

“One of the aims of the Global Risks Report is to encourage individuals and organizations to think critically and creatively about how they can respond to a rapidly evolving risks landscape.”

The purpose of Risk Management in 2020’s

From these comments we can acknowledge that:

  1. Acute risks evade forecasting
  2. We need to be able to identify evolving risks
  3. We need to be able to relate them to other areas of risk
  4. The purpose of Risk Management is identifying how to respond rapidly to evolving risks
  5. Critically and creatively responses require operational decision making
  6. We need systems to enable rapid response to complex situations i.e. AI – Artificial Intelligence

This leads to the inevitable conclusion that risk management can only be Enterprise Risk Management since all risks interact with each other to alter their status.  This makes a mockery of the concept of static risk registers and risk matrix ratings.  This form of forecasting, in addition to being subjective (a guess), is out of date by the time it is recorded.

If the purpose of risk management is to enable the rapid response to evolving risks, we need real-time systems for identifying and assessing risks, not periodic risk reviews.  Being rapidly evolving, but the time a risk control is developed and implemented the risk has most likely become an operational incident. You are better served by providing operational management with a range of 5 possible scenarios that will assist them with identifying both the direction of the risk evolving and possible courses of action.

It should be self-evident that with the complexity of today’s business environment risk management needs to sit firmly in operational decision making.  If you accept this is the case then the only solution is to implement AI – Artificial Intelligence computer solutions that can advise operational management in real-time on cause and effect of changes in the physical, social and business environments.

The Role of Risk Management Units

In this new paradigm the role of Risk Management Units in organization should be the creation, evolution, calibration, and auditing of scenarios and decision making models, identifying and creating systems to monitor risk influences and drivers (which includes behaviour), and training operational management in modern decision making tools and framework (including bias and games theory).   In the 21st century, risk registers, use of arbitrary heat-maps, and devising impractical or unrequired risk controls to ward off threats, smacks of superstitious witch doctor hocus pocus.

In upcoming articles I will go into the practical ways of applying modern technologies to achieve these 21st century risk management tenets, covering how to:

  1. Setup scenario analysis systems to provide operational management with decision marking collateral,
  2. Using Big Data to identify trends and evolving risk,
  3. Create Neural Networks to identify and map interrelationships,
  4. Implement IoT to monitor changes in environmental factors in real-time,
  5. Exploit Machine Learning to monitor customer and staff sentiment, etc.,
  6. Use predictive analytics to set up threat management & preventive action programs,
  7. Explore how Blockchain trust systems could be used to obsolete Cybersecurity & Supply Chain risk
  8. Harnessing Virtual Reality to gain a quantum leap in staff training and awareness,
  9. Replace laborious and inaccurate risk assessments & risk reviews with Automated Processes.

This will be the shape of risk management in the 2020s!

Bio:

Greg Carroll 
- Founder & Technical Director, Fast Track Australia Pty Ltd.  Greg Carroll has 30 years’ experience addressing risk management systems in life-and-death environments like the Australian Department of Defence and the Victorian Infectious Diseases Laboratories among others. He has also worked for decades with top tier multinationals like Motorola, Fosters and Serco.

In 1981 he founded Fast Track (www.fasttrack365.com) which specialises in regulatory compliance and enterprise risk management for medium and large organisations. The company deploys enterprise-wide solutions for Quality, Risk, Environmental, OHS, Supplier, and Innovation Management.

His book “Mastering 21st Century Risk Management” is available from the www.fasttrack365.com website.

Filed Under: Articles, CERM® Risk Insights, on Risk & Safety

About Greg Hutchins

Greg Hutchins PE CERM is the evangelist of Future of Quality: Risk®. He has been involved in quality since 1985 when he set up the first quality program in North America based on Mil Q 9858 for the natural gas industry. Mil Q became ISO 9001 in 1987

He is the author of more than 30 books. ISO 31000: ERM is the best-selling and highest-rated ISO risk book on Amazon (4.8 stars). Value Added Auditing (4th edition) is the first ISO risk-based auditing book.

« Electric Motor Variable Speed Drives Operation
The 7 Requirements of an Asset Management System »

Comments

  1. johfert Bristomm says

    December 16, 2020 at 2:17 AM

    I really appreciated your article related to enterprise risk management and what are the benefits and what the purpose of enterprise risk management is so well to explain.
    Compliance management in Pakistan

    Reply
    • Greg Hutchins says

      December 17, 2020 at 7:36 AM

      Hi Johfert.

      Good day. Thank you for the kind words. We appreciate them.

      ERM is becoming a common element of ‘good to great’ management.

      We hear that Aga Khan Hospital has a good/great ERM program. Check them out.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

CERM® Risk Insights series Article by Greg Hutchins, Editor and noted guest authors

Join Accendo

Receive information and updates about articles and many other resources offered by Accendo Reliability by becoming a member.

It’s free and only takes a minute.

Join Today

Recent Articles

  • test
  • test
  • test
  • Your Most Important Business Equation
  • Your Suppliers Can Be a Risk to Your Project

© 2025 FMS Reliability · Privacy Policy · Terms of Service · Cookies Policy