Enterprise Compliance Today

Brexit and the failure of ERM

Posted by Greg Carroll on Mon, Jun 27, 2016 @ 02:27 PM

I have often written on my view that there is an over emphasis these days on Black Swans in risk management. The Brexit vote on Thursday not only shot shockwaves through financial markets but has created a whole new paradigm to world economic stability both short and long term.  And if Risk is defined as uncertainty then as of today, this must be one of our greatest risks.



So what happened? I would say complacency amongst the middle classes and business community was the main culprit.


Have a look how FastTrack uses predictive analytics in ERM to keep you one step ahead of the curve in these volatile times:ERM


So what happened with Brexit, after all it was a 50/50 risk!  It was an enormous accident. No one really thought it would happen. Just look at the graphic to the right to see what the odds bookies were offering that the UK would Stay!  Even I bought shares on Thursday, discounting the vote as a non-event.  From the petitions now circulating in the UK, I would say complacency amongst the middle classes and business community was the main culprit.  The same complacency to “nutter” politics may end up voting Donald Trump in, and world economic stability will worsen further. (as shown by the absurdity of his “congratulation on taking your country back” comment when landing in SCOTLAND!)

So where to from here?

My "guess" is that the UK will exit the EU well before the 2 year deadline.  This will be followed by a Thatcherite period of recession, social unrest and economic restructuring, which like its namesake, will leave UK stronger.  Ireland will boom as the new English speaking base for European access, and the EU will devolve back to its roots plus maybe the Czech Republic.

This event also raises a number of issues for modern enterprise risk management.  Firstly, is your effort in identifying emerging risk really cost justifiable? Secondly, how does it add to your risk resilience?  And finally, can your ERM tell you where you stand now, AFTER the event has occurred?  If you cannot answer these 3 questions then your ERM is a failure.


1. Dreaming of Black Swans

The fixation with Emerging Risks

Whether or not my "guesses" about the future are right or wrong, an ERM is meant to be a navigation tool not a crystal ball. Invariably, our biggest disruptions are generally sudden, momentous, and for which we are not prepared. 

Instead of occupying our time and effort on trying to predict the future, risk management functions would be better served building business resilience to handle major disruptive events. It should empower us to identify the best course when there is a unexpected change in the weather and highlight any possible threats or obstacles.  Yes keep one eye on the horizon but make sure your navigation system is operational.


2. Risk Resilience in complex systems

The trap of the Risk Matrix and Heat Maps

The first necessary requirement for resilience is awareness. Awareness of how different aspects affect your processes and objectives is one of the foundations of risk management. Like a 1980's entrepreneur, the EU has been fixated on expansion (a historical trait for Germany) at all costs.  Most of these 1980's entrepreneur companies ended up unravelling but some restructured back to core business and survived.  So I see the only way of survival for the EU and ERM.

Sadly, ERM's over-concentration on risk heat-maps and dashboards, has created a false sense of security that has distracted from the effort needed to develop interactive risk models that allow senior management to understand and manage disruption.  Just as the EU has been hijacked from its original "economic" purpose, so I see ERM being hijacked from its original intent to strengthen organizational resilience.


3. ERM as a Decision Making Tool

Delivering value

The Brexit vote was result of the majority of UK voters not believing that EU membership was delivering value.  So is the likely future of ERM unless it can start delivering more value than just as an information sink.  It has the possibility of providing invaluable decision making support for management, which is sorely needed in these turbulent and disruptive times.

I have seen very few ERM systems that have any aspect of being a decision making tool.  I'm not even talking about scenario analysis or “what if” capabilities.  I mean having the simple ability to ask "will a change in XYZ affect our viability?".  Adding more and more to our risk registers is a waste of time unless they are structured to model how they affect the business.

And sorry, but listing an objective against a risk doesn't cut it either.  It does nothing to inform on how the objective will be affected by a risk event.  This requires technical expertise in the subject matter to identify the influences and drivers and how their movement will affect an objective then monitoring the measurement of their movement. This has to be an automated, decentralized and interactive process.



For an ERM to work, it needs to be Enterprise (i.e. integrating all influences over the whole organization), Risk (i.e. model the interrelationships that cause uncertainty), Management (i.e. be a decision making tool for those who actually run the business). 

Yes I declare my bias as FastTrack is commonly passed over for cheaper glorified spreadsheet (cloud) systems with pretty heat-maps and dashboards.  But if you can’t answer the above 3 questions you have to seriously ask yourself “What is the real value of our ERM?”


Related articles you may be interested in:


ERMRisk Management Data Sheet
How Fast Track provides truly proactive ERM


FastTrack 3min ERM Demo
Shows FastTrack's Enterprise Risk management (ERM) software delivers a comprehensive real time ISO 31000 solution for large enterprises.

hero-productguide-180x172.pngFastTrack Product Guide
Technical specifications, pricing, and more.

Tags: corporate governance, risk identification, risk management