Introduction to Systemic Risk Management

Systemic Risk Management

the new generation of risk management thinking and practice

Process-based risk management approaches are widely accepted as best practice. They are attractive to leaders because they are easily understood and applied, and because they provide a set of prioritised risks together with suggested treatments. They are also held in place by professional associations and Government endorsed Standards.

However the latest research proves beyond doubt something we already ought to know from experience. Process-based approaches are grossly inadequate when dealing with risks that are sensitive, subtle, complex, inter-related, or intangible. Unfortunately, these same types of risk are common in organisations. They cause constant churn and inefficiency and are the root causes of almost all avoidable organisational disasters.

Current risk management methods are ineffective when dealing with some critical yet common kinds of risk that leaders experience every day: – complex, inter-related risks – – sensitive risks, especially relating to people – – emergent, subtle risks that may only be obvious in hindsight –

Consequently, most key business decisions are based on partial risk information and on a poor understanding of the root causes of systemic organisational risks.
Churn, crises and fire-fighting are common. Avoidable disasters still happen without warning, even though their causes are ‘obvious in hindsight’.

Powerful new ‘systems thinking’ approaches have been developed for dealing with complex, messy, organisational problems. Unfortunately, they require intensive effort and are difficult to apply in real time. Even now, there are few truly practical ways for leaders to find, analyse and manage complex, systemic organisational risks.

‘Systemic Risk Management’ provides hands-on practical methods for finding, representing, analysing, and treating complex, inter-related risks.  Using this new approach, it is possible to find and manage previously hidden risks and to prioritise and optimise risk effort as a systemic whole rather than risk-by-risk. Systemic risk analysis can also be used to drive organisational development work and as a vehicle for assessing the effectiveness of governance as a whole.

Systemic Risk Management offers the ability to find and manage even the most complex, subtle risks and to manage the root causes of disasters before they happen.
It also offers a new and powerful way of driving organisational development and can be used to assess the effectiveness of governance from first principles.

Although managing strategic risks is very important, the most critical risk management role of executive leaders is not the management of key risks but is to build their organisation’s awareness, responsiveness, agility and resilience.  Since these characteristics are driven by complex, subtle factors including the way in which the leaders themselves operate, to do their work well executive leaders must be personally capable of recognising and accepting complexity and of applying action-learning principles.  It also requires that they have the courage and determination to deal with root-causes that are often difficult or uncomfortable.



Examples of systemic risk concepts, approaches and tools

Systemic Risk Management Capability Model   Systemic risk management requires working on multiple facets of organisation, rather than a focus on process. In that context, building risk management capability is the key risk work of senior leader.


Systemic Risk Management Framework
Risk management exists to support decision making, and needs to be managed in that context. Risk-specific processes are necessary, but should be the exception in an effective risk management framework.


Systemic Risk Analysis
Systemic risks are by nature pervasive. Even when subtle, complex and inter-related they can be identified and understood through patterns in symptomatic risk data. This provides leaders with an evidence-based understanding of the underlying drivers of organisational performance and of the operational and strategic risks to sustained success.


Risk Maps


Organisational risks are often complex, with inter-related factors that many be subjective, subtle or sensitive to acknowledge.  They require an action-learning approach, using risk maps that can be shared, challenged and adapted by risk stakeholders.  Risks maps are also a powerful way to record both the risk being managed, and possible systemic treatment actions.





Risk Treatment Pattern Analysis

Treatment actions for individual risks are pointers to the causes of those risks.  When a pattern is identified in the treatment of multiple risks, it indicates a root cause that is systemic and pervasive.  Rather than working on individual risks, leaders can focus on systemic risk causes to optimise their risk management effort and to achieve a sustained reduction in the total risk faced.


Risk Relationships Matrix

Risk interrelationships can have a major impact upon how risks are best managed.  Understanding those inter-relationships makes it possible to prioritise as a whole rather than risk by risk.  The risk relationships matrix is a tool for prioritising complex interrelated organisational risks.