In a study currently under review, I investigated whether knowledge risks should also be included in Enterprise Risk Management (ERM) risk classes. What do you think about?
Dear Maura, In my view, all kinds of risks organizations are exposed to should be included in ERM risk classes, and knowledge risks form a significant risk group that cannot be neglected in this regard. So your activities can only be welcomed. Best regards, Susanne
Thank you very much for your answer dear Susanne, said by you that were among the first to study and make known knowledge risks to the scientific community, it is a confirmation that I am proceeding on the right path.
There are a variety of interpretations of what is meant by "Enterprise Risk Management." I consider it as portfolio management of all risks across the organization, with the emphasis on the word "portfolio." From that perspective, it is not about the specific functional or programmatic areas of risk, but the processes and governance structures to ensure key risks and their interrelationships are understood relevant to the overall success of the enterprise.
Using this definition, there are no specific risk areas that should be taught, but rather how ALL risks need to be evaluated relative to the enterprise. A listing of specific risk areas is dangerous in that it suggests risks not on the list need not be considered in ERM...which could be a serious mistake. As a generalization, I consider risks from an ERM perspective to be: (1) a risk that has causes arising from multiple functions/programs/suborganizations, (2) risk that has consequences impacting multiple functions/programs/suborganizations, or (3) a risk that may be confined to a specific function, program or suborganization, but whose failure to adequately manage could have significant enterprise-level impacts. In these cases, the traditional risk management approach of managing risks strictly within functional or sub-organizational silos may prove to be inadequate not meet the needs of the enterprise.
Teaching management of specific types of risks in an ERM class will certainly add to the knowledge of the student, but it misses the key element of what constitutes ERM as I use the term.
See also my papers posted here (and their references) concerning the use of the Human Factors Analysis and Classification System (HFACS) as a critical way to include human understanding and knowledge in the assessment of risks and consequences. "Knowledge Risks" are one of the fundamental reasons for subsequent failures, but often ignored in Root Cause Analyses.
Thank you all for your responses, I hope this debate will continue with other interesting contributions like these.
Dear Mura - In case the "Knowledge Risks" that you referring are the risks related to "Competency" of the critical roles in the organization, the answer is "Yes".
Bonjour Maura,
Dès qu'il y a une intervention humaine, lié à une situation dangereuse, la possibilité d'une erreur, générer un écart, une non-conformité, l'évaluation du risque par le filtre de la formation et de la compétence est indispensable. Cela englobe la connaissance d'un sujet.
Cependant c'est aussi un domaine complexe. Car la connaissance élevé d'un sujet entraine souvent des biais cognitifs, et de l'excès de confiance. Dans mes recherches et études, 75 à 85% des accidents mortels arrivent à des experts ou confirmés.
L'humain fait des erreurs, et plus le risque est élevé, plus la protection face à ce risque doit l'être aussi. La connaissance d'un sujet doit permettre d'identifier où et quand il faut mettre des protections supplémentaires.
Ex : la checklist du pilote d'avion. Le pilote peut avoir 50000h de vol et faire systématiquement sa checklist avant de décoller.
Bonne étude.
Pascal
- Badges
- Science topic
- Similar topics
- Philosophy
- Philosophy Of Science
- Reasoning