Risk in work unit business planning: Start point for risk experts

About the how-to guide What’s different about it

Risk specialists Version 3.

Risk has to be considered in business planning. Work unit managers in large organisations submit annual business plans.

If you’re one of those managers, and you are looking for some help on the risk side of business planning, you’re in the right place. There is a detailed how-to guide just for you.

The rest of this article is for risk specialists more than for unit managers.

About the how-to guide

The how-to guide is framed specifically for unit managers challenged to understand risk in their annual business plan. The guide does not mention other applications of risk management.

It gives steps for managers to take. It assumes that the manager knows the business, and does not give advice on risks applicable to specific types of business and activity.

A generalised version of the underlying risk management process has been published on LinkedIn. The LinkedIn version is directed to risk specialists. It generalises beyond business planning to ERM and to project risk management. It also discusses risk appetite and tolerances directly.

What’s different about it

In the Clear Lines on Audit and Risk,

  • risk is the effect of uncertainty on objectives (not so different), and
  • the effect on objectives is a defined difference in outcomes, usually at a named future date.

Popular risk practices understand something different by risk ‘consequences’, usually in the nature of setbacks or events that might be thought to affect objectives somehow. There is a long-standing culture of consequence scales that put the focus on a word like ‘high’, or a number like ‘3’, and not on a defined difference in an outcome.

Formal standards are consistent with understanding the ‘effect on objectives’ as a difference in outcomes, but never spell out that interpretation so clearly as in the Clear Lines on Audit and Risk.

Interpreting the ‘effect on objectives’ explicitly as an outcome difference is the trademark feature of the Clear Lines approach to risk management. In line with this feature, the Clear Lines put a lot of emphasis on understanding objectives, and on understanding outcomes other than planned achievement of objectives.

Debate aspects of the Clear Lines interpretation of ‘effect on objectives’ as an outcome difference at a defined future date

Beyond that core principle, there are other differences in the approach.

  • The Clear Lines recommend that potential outcomes are compelling pictures, rather than debatable metrics shown as numbers.
  • The Clear Lines have a fresh explanation of risk appetite and tolerances, based on the trademark interpretation of ‘effect on objectives’ as outcome differences. The fresh interpretation is consistent with the ISO and COSO interpretations, though not necessarily with regulators’ interpretations.
  • In the Clear Lines, likelihood is defined as the likelihood of a specific difference in outcomes. That is different from the likelihood of an unplanned event, and usually much less. (This detail is supported explicitly by HB 436, in the ISO 31000 family.) Likelihood is estimated both for separate risks (understood as pathways to an outcome), and for reaching a given outcome (by any pathway).

These are other important features of the how-to guide for managers on risk in work unit business planning.

  • It is about middle managers’ real-world experience with business planning and risk. It is not a grand vision for Enterprise Risk Management, in which the majority of middle managers are left behind. It can support Enterprise Risk Management, as long as Enterprise Risk Management is not just code for ‘standard scales’ and a power shift to risk specialists.
  • It deals with risk in business planning as something separate from the other kinds of risk management in which the same readers may be involved, such as health and safety, security, projects and so on (as well as ERM).
  • The steps in the how-to guide are for middle managers, who need not rely on a risk expert.
  • It assumes that risk is being managed for the right reason. The right reason is to assure protection of stakeholder interests. For middle managers, stakeholders are represented by a boss. The boss is a real person who can be seen across a desk. The approach to risk is not about fulfilling the dreams of risk experts, consultants, or risk software vendors. If the boss doesn’t cooperate by representing stakeholder interests, those interests are still important. The manager is well advised to discover and anticipate those interests, even if there is no help from the boss.

In short, the approach is all about real managers. It is about the important effects of uncertainty in the work that they do. It is not ‘doing risk management’ for compliance or other less compelling reasons. Those are the wrong reasons to manage risk.

You will first want to know if this is a safe place to send your clients. Even before that, you want to know if this stuff is worth reading at all. To help you answer those critical questions, there is a fast-track summary of the process for your quick evaluation. The fast-track summary for risk specialists is written in a compact style for experts. It includes references.

The how-to guide for unit managers is in a different style. Everything is explained fully. It does not assume any knowledge of risk management. There are worked examples and models. There are no templates that can be separated from explanations and hard questions. Unthinking reliance on templates has been a near-fatal cancer within risk management.

You can refer your unit managers to the how-to guide directly. You can also create your own guidelines reflecting the ideas in this guide.

Most of all, you can comment on every article in the guide, as can unit managers. The Clear Lines on Audit and Risk will promote good alternative views and methods, consistent with the fundamental principles.

Drill-down articles

Risk in work unit business planning: Fast track for risk experts

Risk is managed by managers, not specialists. The manager identifies a range of potential outcomes on each objective, pathways to each outcome, and the likelihood of each pathway and outcome. The process is in the spirit, and letter, of ISO 31000 applied to a work unit. It creates a single view of forecast outcomes that includes ‘risk’. Risk specialists work for managers. Managers don’t work for risk specialists. Work unit risk management contributes to Enterprise Risk Management.

Risk specialists Version 3.0 Beta

Drill-down articles

Risk management and middle management, Part 1: What and why

Blog post Version 1.0 Alpha

Risk management and middle management, Part 2: Where you come in

Blog post Version 1.0

Risk is the uncertainty of outcomes

Blog post Version 1.0

Risk impact scale vs. achievement of objectives

Blog post Version 1.0

Risk consequences and enterprise success

‘Consequence criteria’ ‘Objectives’ Choices about consequence criteria Representing ‘all’ dimensions of success in consequence types Ignoring success in consequence types Conclusion Reasons for ignoring success Representing selected success dimensions other than the main purpose Representing only the unique purpose in consequence types Consequence types that carefully step around the main purpose

Blog post Version 1.0

When do the consequences follow from a risk event?

The standard view: Consequences follow at the end of the risk scenario Another view: Consequences follow at the end of the planning period Consequence scales in each view Other ways that the view matters Conclusion Question for experts

Blog post Version 1.0

Worst case analysis: When, why, and how

What is the reasonable worst case? Consequence and likelihood for the reasonable worst case Acceptability of the reasonable worst case Acceptability of other cases Question for risk experts

Blog post Version 1.0

Main article on Risk in work unit business planning

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments are moderated from a sea of spam, so may not be published immediately. Email contact may get a quicker response.