The risk culture in financial institutions needs fixing, but how?

Goals are ambiguously defined, so finding the best way to reach them is not an easy task, writes Tommaso Palerm

Accountability and expertise in public sector risk management: a case study

This paper examines the adoption of a formal risk management framework in a large public sector organisation. The paper shows the relevance of risk management as an accountability tool, extended by means of disclosure to the scrutiny of distant others. The paper also reveals how the use of risk management is dependent on relational skills, knowledge of business activities and professional experience. Risk management can be seen as both a context-dependent device and as a technique abstracted from a context. The paper discusses how risk officers deal with this complexity, addressing the expectations of multiple organisational actors and external entities

Why airplanes take off and land safely despite all the risks

Tommaso Palermo discusses how culture is hardwired in safety processes and system

The dynamics of (dis)integration in enterprise risk management

When the word ‘integrated’ is associated to a business practice, an organisational environment, or a workplace, it is often good news. The term has a positive connotation in common language, expressing something that is ‘systematic’, ‘comprehensive’, ‘coherent’, ‘cohesive’ etc. Indeed, dictionary definitions leave no doubt. Something is integrated if ‘two or more things [are] combined in order to become more effective’ (emphasis added, see here). Organisational risk management processes are no exception. In the last two decades, a burgeoning number of consulting papers and professional guidance documents suggest that ‘integrated’ risk management, providing a holistic view of enterprise-wide risks, is key to success (see, for example, this). In short, the terms ‘integration’ and ‘integrated’ seem to possess a sacred quality that makes it difficult for a ‘rational’ person to be against them, just like other words such as ‘efficient’ and ‘transparent’

Risk and performance management: two sides of the same coin?

Academic research and practice literature show that risk and performance management are converging towards a common set of characteristics. On this basis, they are increasingly considered ‘two sides of the same coin’ (Van der Stede, 2009). But what is meant by ‘risk management’ and ‘performance management’? How can they be related? What are the implications of different approaches? This chapter reviews academic research, as well as a growing body of practice literature, to outline and discuss ways in which risk and performance management instruments and processes can be linked. The chapter starts by illustrating recent changes in the way in which risk and performance management are conceptualised. It then synthetizes existing literature to outline four different ways in which risk and performance issues can be addressed in an integrated way

Accounts of the future: a multiple-case study of scenarios in planning and management control processes

Purpose This paper examines the design and use of scenarios in planning and management control processes. Research approach The study is based on an exploratory case-study approach. Qualitative data has been collected between 2008 and 2011 from three energy companies operating in Italy. Findings The paper sheds light on three styles of designing and using scenarios. In the first (called ‘reactive’), scenarios provide a means for corporate actors to analyse past performance in the light of future expected performance. In the second (‘proactive’), scenarios contribute to envision different future states of the world. In the third (‘disciplined’), scenarios contribute to develop plausible, if not accurate, narratives about future outcomes. Research limitations/implications The study is comparative and exploratory. Possible areas for further work based on in depth-studies of scenarios within planning and control processes are identified. Practical implications The comparative analysis of the case-study material has implications for the ways in which flexible forms of management control can be mobilised by managers as a resource of action. It is shown that choices around the design and use of scenarios can mitigate some concerns with traditional planning and management control processes focused on the achievement of a single set of targets, but also raise new ones. Originality The paper sheds light on a scenario-based approach - called ‘disciplined flexibility’ - that avoids the restrictive nature of budgetary controls without losing the benefits of setting a plan and a target for the future. The paper outlines elements that may support the use of ‘disciplined flexibility’, but also its potential limitation

How to improve the risk cultures of financial institutions

Following the 2008 global financial crisis, official inquires, parliamentary reports, and the media frequently focused their attention on the flawed risk cultures of financial institutions. In their research, Michael Power, Simon Ashby, and Tommaso Palermo investigated how these risk cultures operate, evolve, and can be improved

The dynamics of (dis)integrated risk management: a comparative field study

Drawing on a comparative case study of enterprise risk management, and building on the literature on boundary objects, this study sheds light on the ‘dynamics of (dis)integrated risk management’. Our analysis of enterprise risk management in two large organisations reveals a set of pressures that undermine the ideals of enterprise risk management mobilised by practitioners and their promise for ‘integrated’ control practices. While the two cases show how enterprise risk management is shaped in different forms, in both cases the attempt to create a shared context for the identification and communication of enterprise-wide risks makes visible and active residual elements that contribute to generate dissatisfaction and calls for change to integrated risk management. The discussion of the dynamics of (dis)integrated risk management contributes to extending research that is critical of procedural forms of enterprise risk management, as well as recent work that draws attention to the role of ‘risk talk’ in enterprise risk management. We also suggest that our study of enterprise risk management sheds light on some key tensions of infrastructure formation, thus contributing to recent theory-building research that draws attention to the accretion of processes, roles, and governance structures into an infrastructure that enables the production of accounts of performance