why corporate culture affects operational risk
TRANSCRIPT
Why corporate culture affects Operational Risk
Christian Ott founder of Altervision GmbH Roger Busch founder of busch-consulting GmbH
Global Association of Risk Professionals
March 2015
2
The views expressed in the following material are the author’s and do not
necessarily represent the views of the Global Association of Risk
Professionals (GARP), its Membership or its Management.
We all know that the human factor is one of most difficult parts to manage in every company.
Why corporate culture affects Operational Risk
Artefact = f (Culture)
Any artefact inherits the DNA of the system of origin.
An artefact is always a function of culture
Operational Risk:
People Processes Systems External events
Focus on People Risk
Operational Risk
The culture of a social system influences the behaviour of each member far more than processes, directives, management and IT-infrastructure ever will do.
The four main forces used today to manage People Risk
Managing People Risk today
© altervision gmbh, zurich
Structured Context Analysis is used to understand how the unaware cultural level influences the level of daily business
Level of shared reality vs. cultural level
© altervision gmbh, zurich
© altervision gmbh, zurich
organisation
environment
level of
declaration
The level of declaration defines how the business is supposed to work in a «perfect world»
The four forces are part of the level of declaration
© altervision gmbh, zurich
© altervision gmbh, zurich
© altervision gmbh, zurich
organisation
environment
level of
declaration
Knowing the rules (defined in the level of declaration) doesn’t ensure that the individual also behaves according to it
People Risk: How does an individual react in reality?
People risk arises from the uncertainty of individuals reactions in specific situations or contexts.
© altervision gmbh, zurich
© altervision gmbh, zurich
© altervision gmbh, zurich
?!
collectiv unconsciousness
Σ (declaration; experiance; knowledge)
organisation
environment
level of
declaration
These are the rules the
organisation is based on
The rules can be described and found in revers-engineering artefacts of the culture in a structured manner
Cultural rules determine the behavior of individuals
Since each culture consists of millions of rules we need to define a context for the examination.
© altervision gmbh, zurich
© altervision gmbh, zurich
© altervision gmbh, zurich
© altervision gmbh, zurich
This is the risk
The difference between
the real life of an
organisation and the
level of declaration
If we know the differences between the real organisational life and the level of declaration we know the risk
Difference between ‘declaration’ and ‘reality’ defines the risk
© altervision gmbh, zurich
© altervision gmbh, zurich
© altervision gmbh, zurich
© altervision gmbh, zurich
Context: «Handling sensitive data in the organisation»
Examining artefacts to a specific context in 3 subsystems
daily routine
How does the organisation handle
«sensitive data» in the daily business
and how do employees talk about it?
nature of the organisation
What does «handling of sensitive data»
mean to the organisation?
identity and laws
What stories are told regarding
the context «handling of sensitive data»?
1
2
3
cultural subsystem
social subsystem
instrumental subsystem
© altervision gmbh, zurich
© altervision gmbh, zurich
© altervision gmbh, zurich
© altervision gmbh, zurich
Massnahmen:
-
-
-
nature daily routineIdentity & law
structured
context
analysis
structured
context
analysis
structured
context
analysis
Measures:
-
-
-declarationcultural
difference
synthesis
cultural subsystem social subsystem instrumental subsystem
Determination of the cultural difference
This is an example of what you get The Visiogram shows reaction chains and the severity of a theme on different levels of the organisation
C r e a t i n g a c u l t u r e o f
r i s k a w a r e n e s s ®
Global Association of
Risk Professionals
111 Town Square Place
14th Floor
Jersey City, New Jersey 07310
U.S.A.
+ 1 201.719.7210
2nd FloorBengal Wing9A Devonshire SquareLondon, EC2M 4YNU.K.+ 44 (0) 20 7397 9630
www.garp.org
About GARP | The Global Association of Risk Professionals (GARP) is a not-for-profit global membership organization dedicated to preparing professionals and organizations to make better informed risk decisions. Membership represents over
150,000 risk management practitioners and researchers from banks, investment management firms, government agencies, academic institutions, and corporations from more than 195 countries and territories. GARP administers the Financial Risk
Manager (FRM®) and the Energy Risk Professional (ERP®) Exams; certifications recognized by risk professionals worldwide. GARP also helps advance the role of risk management via comprehensive professional education and training for
professionals of all levels. www.garp.org.
16 | © 2014 Global Association of Risk Professionals. All rights reserved.