The international risk management standard (ISO 31000) has a different definition of risk than the financial risk management - Risk is the effect of uncertainty on objectives. The effects can be positive (opportunities) or negative (threats). Sustainability is great at creating positive effects, but does not know how to use them to offset the threats. Sustainability also helps organizations to set "responsible" objectives. The risk management standard has eleven principles, a framework and a (risk assessment) process. Unlike the financial folks that typically restrict risk "management" (actually risk assessment) to the negative risks, the international risk management standard had many tools to enable the inclusion of the opportunities. The biggest problem with the sustainability people is that they tend to operate in isolation of operations - a separate silo. This is not consistent with the principle that all risk management (and sustainability ) must be firmly embedded in the framework (i.e. management system) and the decisions cannot be managed separately from that framework. Most CSR/Sustainability programs have their own separate objectives/goals, separate "green teams," and separate report. They just do not appear to want to be part of the way an organization operates. This has to change. I believe that ISO 31000 actually provides a good framework for embedding sustainability into the core business no matter what sector or size of the business. Unfortunately the sustainability people resist this idea even when they say they are embedding sustainability into the framework. We have a long way to go to introduce the financial enterprise risk management people and the sustainability people to the high level concept of working with opportunities and threats to create the sustainable business. Silos can work together if they are attached to the principles, framework and process of risk management as stated in ISO 31000. The International Federation of Accountants (IFAC) is pushing this concept to the CFO's and many are listening. I think we will see some big changes in the months to come when the CFO's learn about the international standard.
Alex you are right, new ISO 31000 presents risk management principles and if you look thoroughly into it, you will find out great resemblance....The question is how can we combine Risk management and Sustainability management to get better results
Shami interesting question. I think risk is often negllected by those who work on sustainability management. It will be high time to take risk management for the most sustainable option as well.
To me the reverse question is more interesting: how can sustainability (management) be used for risk management? If 'sustainable companies' have a lower risk profile then banks will be more willing to offer loans at lower interest rates.
@Mr. Qazi: having worked as a CSR-manager for a bank, my perception of risk is related to financial risk. In banking 'risk' generally refers to 'default risk', i.e. the risk that the client will not pay back the (complete) loan + interests. If the cost level (per unit of product or service) of a sustainable company is higher than the cost level of a non-sustainable company and clients are not willing to pay this difference then the sustainable company has - at first sight - a higher default risk in financial terms. This means that a polluting company or a company that can offer lower prices as a result of production in sweat shops can have more money available for paying back its financiers than sustainable companies. The duration of most loans is limited to a few years so if no problems are expected during this period (e.g. significant fines for pollution imposed by government) then the default risk of a non-sustainable company may be lower than the default-risk of a sustainable company. Things are changing in banking, but one has to take this counter-intuitive fact of (financial) life into account. From a financiers' perspective it would be interesting to demonstrate that sustainable behavior leads to lower financial risks, for instance because a social/sustainable organization anticipates market trends better, maintains better relationship with governments (=> less fines and legal costs) and more motivated personnel (=> higher productivity per fte). These are intuitive arguments often used by CSR-advocates, but the evidence is still meagre. That was the background of my remark..
Thank you Mr Spaink for explaining in a such a great detail. Certainly it makes a lot sense. I had never looked into this from finance perspective. Thank you.!!!!
The international risk management standard (ISO 31000) has a different definition of risk than the financial risk management - Risk is the effect of uncertainty on objectives. The effects can be positive (opportunities) or negative (threats). Sustainability is great at creating positive effects, but does not know how to use them to offset the threats. Sustainability also helps organizations to set "responsible" objectives. The risk management standard has eleven principles, a framework and a (risk assessment) process. Unlike the financial folks that typically restrict risk "management" (actually risk assessment) to the negative risks, the international risk management standard had many tools to enable the inclusion of the opportunities. The biggest problem with the sustainability people is that they tend to operate in isolation of operations - a separate silo. This is not consistent with the principle that all risk management (and sustainability ) must be firmly embedded in the framework (i.e. management system) and the decisions cannot be managed separately from that framework. Most CSR/Sustainability programs have their own separate objectives/goals, separate "green teams," and separate report. They just do not appear to want to be part of the way an organization operates. This has to change. I believe that ISO 31000 actually provides a good framework for embedding sustainability into the core business no matter what sector or size of the business. Unfortunately the sustainability people resist this idea even when they say they are embedding sustainability into the framework. We have a long way to go to introduce the financial enterprise risk management people and the sustainability people to the high level concept of working with opportunities and threats to create the sustainable business. Silos can work together if they are attached to the principles, framework and process of risk management as stated in ISO 31000. The International Federation of Accountants (IFAC) is pushing this concept to the CFO's and many are listening. I think we will see some big changes in the months to come when the CFO's learn about the international standard.
Risk is relative ... following Hessel Abbink Spaink there is the well known, as i would call it, direct related financial risk - e.g. from the debt capital financing perspective.
Obviously there is a net of risks accompanying any decision. Failure needs not only to have direct effects correlated with finanancial institutions.
For example the insecure positioning of the emergency Electric Generators at the Fukushima Daini Atomic Power Plant finally led to the catastrophy Japan and the Fukushima region are currently experiencing. Looking backward it would not have taken a huge investment to build the emergency units in safer places even though IAEA certified all systems approx. 6 months prior to 2011-03-11.
So I absolutely agree with Robert Pojasek and would like to add that direct/financial risk may be a key issue in our "materialistic" society at present but it should be enlarged into a much wider area, which turns out to be a wonderful scientific playground :)
Risk Management is becoming a key factor within organiza- tions since it can minimize the probability and impact of IT project threats and capture the opportunities that could occur during the IT project life cycle. IT projects management is not free from risks which are created from various sources of the environment. Thus a comprehensive understanding of these possible risks and creating strategic policies to confront them are one of the fundamental requirements for successful implementation of IT projects.
what do you think about RM for IT projects since IT is everywhere in the business