This post originally appeared on citopbroker.com
Every business should have a system for both defining and employing proper risk management measures.
This not only protects your company, but also ensures customers and investors are willing to trust you and your practices.
Rob Quail, director of enterprise risk management (ERM) at Hydro One, is gearing up to speak about how to effectively manage corporate hazards at the 2nd Annual Enterprise Risk Management Canada Conference in Toronto.
So, Top Broker caught up with him to find out how he defines and deals with risk at his company.
Q: What is your definition of risk tolerance?
A: I’m not a believer in risk tolerance as a limit. The idea that you say, “Our risk tolerance for financial risk is $50,” doesn’t make sense. I know that some companies express risk tolerances in terms of absolute limits against key performance indicators (KPI). I’m not sure this makes sense in practice.
We have a scale of one-to-five for each one of the KPIs that is an expression of our attitude toward that extent of failure, ranging from minor to catastrophic. So, in evaluating risk, one of the key things taken into consideration is where it sits on that scale.
Read: Risk management lessons
Q: Why is it important for an organization to have clearly defined risk tolerances? And how can that aid decision makers?
A: Ideally you want all decision makers, within the limits of their authority, making decisions that are consistent with the company’s expectations for risk, or the company’s attitude toward risk. You don’t want overly conservative risk taking behaviour because that can cause the company to fail at meeting its most basic goals.
That’s what leads to what people see as very bureaucratic, slow-moving, unresponsive organizations that miss out on opportunities. On the other hand, you don’t want cowboys running all over the place making unrestrained decisions.
Q: What are the practical ways organizations should be employing risk tolerances?
A: They should be used in every risk assessment. Whether or not the company has an approach like ours—we use risk workshops quite heavily—they should be applying risk tolerances and evaluating the significance of risks on a regular basis.
We also have a process at Hydro One that’s known in the marketplace as AIP: Asset Investment Prioritization. All of our asset investments, all the relative ranking of those things, and all the business cases for those investments are all justified in part by their potential to mitigate risk.