Partner, RSD Solutions Inc.
Introduction
(Note to Reader: This Introduction is a repeat of the Introduction to part 1 of this four part blog. If you have already read this introduction, skip to the exam question below)
I teach a course in Enterprise Risk Management (ERM) in the MBA program at Dalhousie University in Halifax Canada. Although I am a big fan of ERM, I also believe that it is a bit of a weird course to teach at a Business School.
The reasons why I think that ERM is a bit of an out-of-place course in an MBA program are many. To begin, ERM as a subject area is really quite trivial and probably not worthy of a Masters Level degree (of course that same criticism could be leveled against 90% of a typical MBA curriculum). While there are many aspects and techniques to learn about ERM, each one of them is quite trivial, or based on obvious common sense (yes – I know that there is nothing common about common sense!) What is NOT trivial about ERM are the implementation issues. Implementing ERM is hard and requires great creativity, business insight and a PORTFOLIO of skills and techniques that few mangers or management teams possess. The difficulty of teaching ERM to MBA students is that while they may have learned a diverse portfolio of techniques, that is a far cry from having a portfolio of SKILLS and also a far cry from having sufficient business insight.
A second issue that arises when teaching ERM in the context of an MBA program is the issue of whether or not ERM is a separate subject from strategy. In a way it is analogous to the humorous Shreddies commercial when they talk about the “new” diagonal shaped Shreddies as opposed to the “old” square shaped Shreddies. In a lot of ways ERM class looks like a business strategy class. Perhaps that is not a bad thing as it reflects my bias that ERM should be critically tied to and inseparable from the strategy function within a firm.
A third issue is that ERM is still a young field academically. That is, there is not a lot of academic research of note that has produced testable theories about good and bad practices of ERM. Perhaps that is just as well, as I am not sure that business academic research is all that valuable. (How much time do you think practitioners spend reading and digesting academic business journals?)
A final issue (there are many more, but I want to get to the real purpose of this blog) is that ERM studies do not have a natural home within the traditional silos of business schools. Is ERM a quantitative subject or a qualitative subject? Is ERM Finance, Statistics, Operations, Strategy, Organizational Behaviour, Accounting, or some other field? In my mind, ERM has components of all of the above. This bias of mine about ERM was the basis of my earlier comment that ERM requires a portfolio of skills and techniques. However, business schools, in their striving for academic respectability are taking specialization to the extremes. This of course implies that there simply is no time – nor is there any respect - for any subject matter that is not “pure” in an academic sense.
Despite all of these shortcomings, I – in my stupidity and naïveté – attempt to teach ERM to MBA students. To make up for the shortcomings I try to teach it as much as possible as a seminar class. That is, students are given a weekly set of readings, as well as an open ended set of questions or issues, and then we discuss the questions and issues in the following class. The class is taught by the Socratic method, and I attempt to get as much debate as possible generated. Students are challenged to be creative, and perhaps most importantly to peel back the “layers of the onion” to see the issues behind the issues and the issues behind implementation. As stated earlier, my belief is that ERM as a subject (taken at its face level) is trivial. It is only when you think about the consequences of techniques and the implementation issues that it becomes interesting and a challenge.
Thus we get to the purpose of this blog – namely, how should I structure an exam for this class? In this, and the following three blogs I am going to put forth my exam questions, and why I asked each exam question. I welcome reader’s comments and thoughts on my questions. Each of the questions has been designed with my biases (as stated above) in mind. In the very first meeting with the students I outline my biases and give them plenty of time to find a “real” class that they can take in place of ERM for the semester. For some strange reason most of the students do not drop the class. (I wish they would – it would mean less marking for me.)
In any case, I hope you enjoy this set of blogs – and I truly would like to hear not only your comments about my questions, but also what you might suggest as answers.
Question 3: If you were to set up an ERM training course for a financial institution, how would you structure the training? What would be the components of the course, what elements would you train on, what training or education methods would you use, and what structures would you put in place for continuous learning? In other words, what are the most important elements of ERM that would have to be learned by the employees, and how would you go about having them learn these key elements?
This may be considered to be a trick question. Can the skills needed for ERM be achieved through training? There are certainly many tools and techniques that can be taught, but there is much more to successful ERM implementation than tools and techniques. It brings up the old joke about how many psychologists does it take to change a light bulb? Answer: Only one, but the light bulb has to want to change. Likewise a successful ERM implementation requires that the organization wants to have a successful risk makeover, and that desire cannot be brought about through training alone.
Having said that, there are several items that can be thought of as necessary components of ERM training. The first, and perhaps most important component is to develop understanding (note – understanding, rather than simple knowledge of the facts) of some key terms and terminology. The most basic, yet most contentious definition is that of the definition of the word “risk”. I have blogged before on the definition of risk, and my experience has been that gaining a common understanding of the term is quite difficult for most corporations.
Another upfront component is to introduce the various frameworks for ERM. I have also blogged and presented before on the topic of “Risk Frameworks are Evil”. It is obvious that I am not a fan of simply picking a risk framework off of the shelf and applying it to an organization. However knowledge of the various frameworks, as well as a critical examination of the pros and cons of the different frameworks helps an organization better understand the ERM tasks before them.
There are a variety of various topics and tools that need to be covered as well, including but not limited to:
- statistical measures for risk management (the obvious first choice, but in my experience one of the least useful topics to cover)
- VAR, EAR, CFAR etc.
- risk maps
- design of risk dashboards
- developing a flexible and useful taxonomy of risks
- risk identification and quantification techniques such as the Delphi Method
- risk philosophies
- the various types of responses to risk
- best practices of ERM
- worst practices of ERM
The important part in my opinion is how the risk knowledge is to be gained. As stated previously in the Introduction, my philosophy is that ERM is easy to learn, but very difficult to implement. Thus it is only through working through the implementation issues that the training becomes effective. (An analogy I like to use harkens back to my previous career as a tennis teaching pro. You can watch all of the tapes, and read all the books about tennis, and that will make you quite knowledgeable about the sport, and about what to do, and what not to do. However, until you actually go out onto the court and try to hit the ball, you are clueless about how to play tennis.)
I believe that ERM training is only effective if it is done in a hands-on workshop style using real case studies and real organizational problems. This implies that the trainer not only has to be the knowledge expert and facilitator, but they also have to be a coach, a consultant, a cheerleader, and be able to deal with on-the-spot ambiguity in the training. This requires experience, flexibility, creativity and a whole lot of energy.
The typical “three-ring-binder” style of training will not be effective for ERM implementation. ERM is about doing and not about knowing. Unfortunately, most workshops focus on the knowing and not on the doing.
A final component that I am a strong believer in is that of continuous learning. Many organizations create an extensive training program, and upon completion they think the job is done! ERM is not like that. ERM is evolving knowledge. For an organization to be successful they must develop ongoing training and workshops. People’s ideas and understanding of ERM issues evolves through experience. The organizational learning evolves through experience. What was a set of risks (good or bad) becomes dealt with so naturally that it opens up opportunities for new risks to be managed. These new risks and opportunities present new challenges for learning and development. ERM learning should always be ongoing to a certain extent.
No comments:
Post a Comment