Skip to main content
Enterprise Risk Management - Blog Header.jpg
27 February 2017

Culture is King! What I (re)learnt yesterday about Enterprise Risk Management... S.I.G

By Stephen McCabe

Yesterday afternoon I sat down to watch the movie "Deepwater Horizon" - I hadn't watched it until now, as I have always been quite conscious when disasters are commercialised (especially such recent as April 2010). After reading the report into the range of circumstances, communication breakdowns and blind spots that lead to the events occurring, I was interested in how this had been depicted in Hollywood terms - hoping for accuracy and respect.

In my current role, we are trusted advisers and providers of risk and safety management software (GRC tools) to many household names, so this (combined with the fact I served as a voluntary police officer and in the past worked in offshore safety training) has meant that safety, communication and risks always tend to score highly on my agenda.

I paused the film mid-way through to grab a coffee and decided to search through my options in terms of expanding my formal knowledge of "What is Enterprise Risk?" and what this means in a practical / case study context. After searching for a while, I came across a free introductory course with Columbia University in the City of New York on 'Five Killer Risks of Enterprise Risk Management', after browsing the content, I enrolled. The Five Killer Risks are: Arrogance, Rainmaker, Mastermind, Internal Communications and Combination Punches.

Captain Scarlet - ERM Blog Content.jpg

The course content emphasised many things that I probably already knew, but had become blase toward. One point that I was reminded of in terms of risk, is that we can often be pulled into the mindset of assuming that risk is negative, but risk can also be positive - we often tend to focus on the ugly side of risk and forget this.

The delivery by Sim Segal was thought-provoking, with each module triggering examples in my brain of when I had seen similar scenarios in major superbrands, major names, MNCs, and companies that I had worked for in the past - Nokia, Apple, Fukushima, Yahoo!, B&Q, Goldman Sachs, BlackBerry etc etc etc.

A major concept that has stuck with me throughout my career to date is that of "organisational indestructibility" (see the header image) or "Arrogance" as it is referred to within the course, whereby companies get dragged into the belief that they are winning the game and take their foot off the gas and become overly insular in terms of strategy (Superbowl fans will have experienced this during 2017's history-making final). The world is more competitive than ever at the moment, with the power of marketing, emerging economies and recent success stories (such as Airbnb, Uber) the physical proof of technology and idea-driven external threats.

Internal communications was another aspect that featured within this short course, I know Bob Hoskins told us that "it's good to talk" but when safety management is concerned "it's vital to communciate" - this was again reiterated when I switched the movie back on. There are a number of cliches I could flag here in terms of communication, but I won't bore you... we all understand and appreciate the importance of this (especially in global multinationals and in companies with significant supply chains and robust customer bases).

Seamless reporting is vitally important from the grassroots upwards towards senior management within organisations - making companies more information-driven, helping to better understand areas of exposure and therefore speeding up incident recognition times.

"Combination Punches" is the theory that by testing of Event X as a risk in isolation, and not in combination with other impact factors, is a major blind spot and heightens probability of occurrence considerably. This domino effect has resulted in a number of near-misses and incidents in recent years - the Fukushima Daiichi nuclear disaster being a major one (it had been tested for impacts by earthquake and tsunamis individually, but not with both forces together).

Culture is King! Anyone who has worked in the oil and gas industry will understand that safety is pumped into your DNA from day one and almost becomes subconscious response within the brain. I experienced this when moving to the Central Belt and interviewing for roles - before one interview, I witnessed someone walking down the stairs towards me holding two cups of tea and not holding a handrail - my reaction was immediate and I did help the person before searching for the Stop Card!

The course also sparked the belief that by staying safe and organisationally vigilant, companies can stay clear of FIRM impact factors (Financial, Infrastructure, Reputation and Marketplace). Safety management is in the end of the day, the sum of all its parts and only as good as what is fed in (garbage in garbage out, gold in gold out) and by listening to staff, logging incidents and capturing emerging risks, companies can aspire to climb the risk maturity model.

The course was very much the first small step in scaling Mount Everest, in terms of achieving the holy grail of ISO31000, but it was a useful re-charge for my thoughts. I appreciate that I have only scraped the surface here, but it has whetted my appetite to learn more - if you have any tips on courses, I would appreciate your input.

S.I.G - Spectrum is Green / Safety is Global.

All the best for now (stay safe!)


*My deepest respects to all those who were lost on the Deepwater Horizon

Contact Us

Back To Top