50 years of interdisciplinary risk management

It seems complex to mitigate any risks - to find the right management approach between given structures and new situations. For example, a WEF report ("Global Risks 2015") warns of multi-layered disasters and conflicts. There are probabilities like floods of the century on the one hand, interstate constructs on the other. Most managers are less alarmed about internal man-made disasters as long as they can insure their companies against damage.

However, there are also events that evoke high revenue losses for management. When the ash cloud from the Eyjafjallajökull volcano temporarily blocked European flight operations in 2010, the airlines were left with the heavy burden of having to bear the operating costs themselves. In addition to such loss events, other hazards also have their almost uninsurable impact.

"Confidentiality of risk information is justified in some cases to protect national security or avoid public panic."

Whether it's the euro crisis, gaps in IT security, industrial espionage or unstable services: A majority of Swiss companies (with more than 50 employees) operate an integral risk management system in order to "create transparency about the risk situation", according to a recent survey. However, according to Funk Insurance Brokers AG, risk management does not bring any visible added value for around a third of the Swiss companies surveyed.

Apart from economic parameters, there are certainly also different regional views and definitions of how risk potentials interact for Swiss companies.

Changing confidentiality

In the publicly available "Federal Risk Management Handbook" (version of 29.04.2013), Appendix 9 under "Stumbling blocks in risk management" states: "Confidentiality (and thus lack of communication) of risk information is justified in some cases to protect national security or to avoid public panic. Lack of transparency regarding risks, on the other hand, may reduce confidence in risk management and, because of a lack of information, may result in some risks not being given the urgency needed to address them because of this. »

(Editor's note: The peculiarity under the phrase "too big to fail" briefly presented here is further elaborated in the IRGC's report "Risk governance deficits ").

The fact is that even Swiss companies cannot avoid implementing control and standardization systems that are gradually becoming more technological. Management advantages such as securing or even increasing productivity capacities are evident; nevertheless, system adaptations usually also lead to increased external pressure.

Independent organizations such as the International Risk Council IRGC have been highlighting for years that corporate communications could be impacted by social media posts.

The economic reality, see price adjustments, and stricter, regulatory laws can exert such a high pressure that the company management, at least its affiliated controlling and legal departments, feel it directly. If the "day-to-day business" is still caught off guard by non-calculated crises, it could be possible that those responsible only hear about shocking breakdowns and far-reaching losses via social media.

Therefore, risk management integrates, in addition to the personnel certificate ONR 49003 and the application ISO 31000, the adapted concrete handling in emergency, crisis and continuity management.

Stumbling Stone Events

For the most part, a risk manager certified by the SAQ (Swiss Association for Quality) is in a position to identify the worst potentials, define specifications and principles for processes, comply with laws, calculate and report on loss events. Dealing with unforeseen stumbling blocks or so-called "Black Swan" events is and remains a demanding balancing act between the interdisciplinary areas of "Governance ", "Control" and "Risk", and more recently also "Resilience ". Jens Meissner, lecturer and project manager for organization and innovation and co-director of the Masters of Advanced Studies in Risk Management at the Lucerne University of Applied Sciences and Arts, explains: "You have to imagine that a top manager would have hundreds of problems to solve every day. Which problems actually become the order of the day is a highly focused selection and depends on what the organization is partly responsible for."

Jens Meissner from the HSLU continues: In the area of operating results, this is usually "crystal clear". However, when it comes to normative and especially ethical issues, smaller companies quickly reach their limits, see also foundation scandals. Once damage becomes public knowledge, as in the case of the sinking of BP's Deepwater Horizon oil rig in the Gulf of Mexico in 2010, reputational, image and market losses can never be repaid or whitewashed. From today's perspective, confirm Swiss financial and risk managers, the new threats lie in intangible assets such as knowledge (as well as brands/trademarks), in IT and communication areas. Prof. Meissner of the HSLU: "The corporate focus in risk identification and management today must increasingly be placed on the area of business risks (= speculative risks and strategic market and financial risks) and not only on the traditionally most insurable operational risks. "Finally, it is a question of determining what still belongs to the company and "what does not". Nowadays, interdisciplinary risk management has less to do with individual models and processes than with the correct corporate demarcation and moderation between internal and external.

The SAQ was significantly involved in risk management training. With the revision of the standard (ISO 9001:2015) in September of this year, the requirements for risk and opportunity management, for example, are increasing. You can find a brief overview of important milestones and standards on the way to integrated risk management on p. 32.