Professional Documents
Culture Documents
This article outlines the need for advanced risk management approaches, for operational managers, risk managers, practitioners in business process design and Six Sigma black belts. The distributed process or complex process organization have become a reality with the availability of Internet, outstanding models, region specific specialization in goods and services.
Risk assessment
Risk assessments are required when evaluating performance because they indicate potential operational failures. Traditionally, there are two schools of thought on risk management. The first school had a negative connotation of the word risk and discouraged employees from openly specifying the probability of a risk arising, thereby eliminating all possibilities of mitigation measures being adopted. However, the members of the second school issued risk management as a means of avoiding failure, thereby accepting risk mitigation measures. Currently, a third school of thought is emerging, where the managers neither ignore the risk altogether nor do they view it as a means to avoiding failure. Instead they view risk management as a way to position themselves for success by taking a holistic view of risk and finding the means to integrate information on the various types of risks such as process, security and inter operability risks. They
require a single risk profile that provides an insight into a broad range of risk factors.
The distributed work process (synonymous to business process, workflow and process for this article) is the flow of work as it crosses organizational boundaries, connecting several smaller processes into a larger more complex process, and includes all tasks, procedures, organizations, people, technologies, tools, data, inputs and outputs required to achieve desired objectives. In this scenario, the hierarchy of missions can be visualized in the diagram below:
Organisations mission
Work process mission (Hierarchy of missions) Since outsourcing and collaboration one widely accepted business models, the hierarchy of missions can include multiple organizations. Though many risks affect business (speculation, business etc.) it the operational risks that affect mission failures the most, as far as managers are concerned. A definition of operational risk borrowed and modified from the Basel Committee on Banking Supervision could read as operational risk is the potential failure to achieve mission objectives. The definition included both uncertainty (potential failure) as well as loss (inability to achieve the mission goals).
A2 A1 A3 A4
In the diagram above there are four activities (A1.A4). Activity A1 kicks off the process, its output feeds activities A2 and A3 which are performed in parallel and their combined outputs are sent to activity A4, which is the final activity A4, which is the final activity in the process. If all activities are performed correctly, the mission is accomplished.
In the next diagram below the process consisting of activities A1 to A4 become a part of a larger process that consists of four district sub-processes.
In the diagram above four organizations have pooled their resources to complete the mission, thereby creating a distributed business process. Contractual relationships define the relationships among all the participating organizations. No single management has the authority over the end-to-end workflow; instead each organisations management controls its piece of the overall process. Most contracts do not mandate a common approach for managing, risk, resulting in a lack of uniform operational risk tolerance in most distributed processes. The operational risk affecting an activity in a distributed process influences the risk affecting all subsequent activities. Therefore, it is necessary for
managers to be aware of the risk they inherit from upstream activities and, in turn, impose on downstream activities. In the diagram n organization Cs management does not have a detailed knowledge of the inner workings of the processes and practices of its partners. Organization Cs largest risk will be the amount of organizational risk it inherits from organization A and organization C cannot establish an accurate risk profile without knowing the extent of the risk they are inheriting. Similarly organization C imposes a degree of operational risk on all its downstream activities, which is a combination of the risk inherited from the upstream activities and the amount of the risk generated locally. This high lights the fact that operational risk is a dynamic property of any work process because it changes as it flows from one activity to the next. A threat to an activity triggers a risk to the work process mission. However, this linear relationship does not track inherited and imposed risk, which makes it unsuitable to analyse complex work processes. Instead the risks can be visualized as shown below. T1 T2 T3 C1 C2 Threats and Controls
R1
Risk
In considering the threats the controls that affect the threat also have to be considered [Controls (as derived from COBIT) include policies, procedures, practices, conditions and organizational structures designed to provide reasonable assurance that a mission will be achieved and undesired events will be prevented, detected and corrected] Extending this visualization to an end-to-end process
Controls can also include experience of the staff (which reduces the threat from lack of documentation) or all the personnel in the organization understanding the mission (which reduces the threat from inherited risks).
REFERENCES
Mission Assurance Analysis Protocol (MAAP): Assessing Risk in Complex Environments - Christopher J. Alberts and Audrey J. Dorofee 2. Risk and opportunity management hettp://www.sei.cmu.edu/risk 3. Sei/cmu/edu/library/assets/presentations/Re thinking Risk Management Tutorial.pdf 4. http://www.frnglobal.com/pdfs/Chain Supply.pdf 5. contentdm.bb.byu.edu/ETD/image/etd1770.pdf Some recent cases in India would bear evidence to this phenomenon. Hondas India Unit will halve production because of a shortage of components following the March (2011) Tsunami in Japan, while Toyota Motor Corp. is cutting production by 70% The much awaited Honda Bro which was to be show cased on March 17 (2011) has been delayed indefinitely by Honda Siel India. Toyotas second plant inauguration in Bidadi, Bangalore postphoned. (Investment 3,200 crores) 1.
1. 2. 3. 4. 5.
APRTC - 200 crores Singarani Collieries - 600 crores + 120 crores wages during strike period Power purchase from other states 250 crores Active pharmaceutical ingredients 500 crores Industry and Trade Loss 2500 crores