The meetings, both constructive and confrontational, are not intended to inhibit the project team from pursuing highly ambitious missions and designs. But they force engineers to think in advance about how they will describe and defend their design decisions and whether they have sufficiently considered likely failures and defects. At JPL, the risk review board not only promotes vigorous debate about project risks but also has authority over budgets. The board establishes cost and time reserves to be set aside for each project component according to its degree of innovativeness.
The reserves ensure that when problems inevitably arise, the project team has access to the money and time needed to resolve them without jeopardizing the launch date.
Consulting Interview Process & Preparation | Practice Cases | BCG Careers
JPL takes the estimates seriously; projects have been deferred or canceled if funds were insufficient to cover recommended reserves. Many organizations, such as traditional energy and water utilities, operate in stable technological and market environments, with relatively predictable customer demand.
In these situations risks stem largely from seemingly unrelated operational choices across a complex organization that accumulate gradually and can remain hidden for a long time. Since no single staff group has the knowledge to perform operational-level risk management across diverse functions, firms may deploy a relatively small central risk-management group that collects information from operating managers. We observed this model in action at Hydro One, the Canadian electricity company.
Employees use an anonymous voting technology to rate each risk, on a scale of 1 to 5, in terms of its impact, the likelihood of occurrence, and the strength of existing controls. The rankings are discussed in the workshops, and employees are empowered to voice and debate their risk perceptions. Hydro One strengthens accountability by linking capital allocation and budgeting decisions to identified risks.
The corporate-level capital-planning process allocates hundreds of millions of dollars, principally to projects that reduce risk effectively and efficiently. At the annual capital allocation meeting, line managers have to defend their proposals in front of their peers and top executives. Managers want their projects to attract funding in the risk-based capital planning process, so they learn to overcome their bias to hide or minimize the risks in their areas of accountability.
The financial services industry poses a unique challenge because of the volatile dynamics of asset markets and the potential impact of decisions made by decentralized traders and investment managers. JP Morgan Private Bank adopted this model in , at the onset of the global financial crisis. Risk managers, embedded within the line organization, report to both line executives and a centralized, independent risk-management function. Risk managers assess how proposed trades affect the risk of the entire investment portfolio, not only under normal circumstances but also under times of extreme stress, when the correlations of returns across different asset classes escalate.
Even if managers have a system that promotes rich discussions about risk, a second cognitive-behavioral trap awaits them. Because many strategy risks and some external risks are quite predictable—even familiar—companies tend to label and compartmentalize them, especially along business function lines. The risks that companies face fall into three categories, each of which requires a different risk-management approach. Preventable risks, arising from within an organization, are monitored and controlled through rules, values, and standard compliance tools.
In contrast, strategy risks and external risks require distinct processes that encourage managers to openly discuss risks and find cost-effective ways to reduce the likelihood of risk events or mitigate their consequences. Such organizational silos disperse both information and responsibility for effective risk management. They inhibit discussion of how different risks interact. Good risk discussions must be not only confrontational but also integrative.
Businesses can be derailed by a combination of small events that reinforce one another in unanticipated ways.
- Existence and regularity of minimal surfaces on Riemannian manifolds.
- Reconceptualising Evaluative Practices in HE: The Practice Turn (SAP).
- Dont Get Too Comfortable: The Indignities of Coach Class, The Torments of Low Thread Count, The Never-Ending Quest for Artisanal Olive Oil, and Other First World Problems!
Managers can develop a companywide risk perspective by anchoring their discussions in strategic planning, the one integrative process that most well-run companies already have. For example, Infosys, the Indian IT services company, generates risk discussions from the Balanced Scorecard, its management tool for strategy measurement and communication.
In looking at the goal and the performance metrics together, management realized that its strategy had introduced a new risk factor: client default. Infosys began to monitor the credit default swap rate of every large client as a leading indicator of the likelihood of default. To take another example, consider Volkswagen do Brasil subsequently abbreviated as VW , the Brazilian subsidiary of the German carmaker. For each objective on the map, the group identifies the risk events that could cause VW to fall short of that objective.
The team then generates a Risk Event Card for each risk on the map, listing the practical effects of the event on operations, the probability of occurrence, leading indicators, and potential actions for mitigation. It also identifies who has primary accountability for managing the risk. VW do Brasil uses risk event cards to assess its strategy risks.
VW do Brasil summarizes its strategy risks on a Risk Report Card organized by strategic objectives excerpt below. Managers can see at a glance how many of the identified risks for each objective are critical and require attention or mitigation. Managers can also monitor progress on risk management across the company.
Beyond introducing a systematic process for identifying and mitigating strategy risks, companies also need a risk oversight structure. Infosys uses a dual structure: a central risk team that identifies general strategy risks and establishes central policy, and specialized functional teams that design and monitor policies and controls in consultation with local business teams. The decentralized teams have the authority and expertise to help the business lines respond to threats and changes in their risk profiles, escalating only the exceptions to the central risk team for review.
For example, if a client relationship manager wants to give a longer credit period to a company whose credit risk parameters are high, the functional risk manager can send the case to the central team for review. These examples show that the size and scope of the risk function are not dictated by the size of the organization. Hydro One, a large company, has a relatively small risk group to generate risk awareness and communication throughout the firm and to advise the executive team on risk-based resource allocations. By contrast, relatively small companies or units, such as JPL or JP Morgan Private Bank, need multiple project-level review boards or teams of embedded risk managers to apply domain expertise to assess the risk of business decisions.
And Infosys, a large company with broad operational and strategic scope, requires a strong centralized risk-management function as well as dispersed risk managers who support local business decisions and facilitate the exchange of information with the centralized risk group. External risks, the third category of risk, cannot typically be reduced or avoided through the approaches used for managing preventable and strategy risks.
Some external risk events are sufficiently imminent that managers can manage them as they do their strategy risks. For example, during the economic slowdown after the global financial crisis, Infosys identified a new risk related to its objective of developing a global workforce: an upsurge in protectionism, which could lead to tight restrictions on work visas and permits for foreign nationals in several OECD countries where Infosys had large client engagements.
Infosys therefore put in place recruiting and retention policies that mitigate the consequences of this external risk event. Most external risk events, however, require a different analytic approach either because their probability of occurrence is very low or because managers find it difficult to envision them during their normal strategy processes.
We have identified several different sources of external risks:. When their Asia-Pacific division needed a future-ready platform, they upgraded to Magento, launching five different stores on one platform. Launch Full Case Study. Their digital transformation took shape and produced tangible profitable results. B2B Sigma Beauty With Magento Commerce, Sigma Beauty created an improved customer experience that keeps shoppers engaged with curated content, special offers, and free samples. D2C Tom Dixon Tom Dixon needed an eCommerce platform to sell furniture online that could visually express the brand while delivering an immersive customer experience.
Digital Transformation Zumiez A leading retailer of specialty apparel and footwear, Zumiez has enjoyed a long relationship with Magento. See Case Studies. How Can We Help You. Schedule a free demo.
In the meantime, you may want to check out What's New in eCommerce. As robots get more affordable and accessible for a wider range of companies, logistics providers are finding…. Principles Life and Work. Women Kind. The Project Book The complete guide to consistently delivering g And Others Negotiation Genius.
View Wishlist. Our Awards Booktopia's Charities. Are you sure you would like to remove these items from your wishlist? Remove From Wishlist Cancel.