Risk Management Maturity (RMM)
Presented by Dr Arthur Linke, University of Stellenbosch Business School, turricula risk advisory and member of the IRMSA Risk Intelligence Committee
Thank you very much Arthur for your enlightening presentation at our BarnOwl info sharing event held at the BarnOwl offices in Bryanston on the 11 April 2019.
In the BarnOwl Info Sharing Session on the 11th April 2019, Dr Arthur Linke of the University of Stellenbosch Business School, turricula risk advisory and member of the IRMSA Risk Intelligence Committee presented on Enterprise Risk Management (ERM) and Risk Management Maturity (RMM). Based on Arthur’s experience with these topics in industry and academia, Arthur covered the concept of risk maturity and expounded on several risk maturity models. The session utilised the “Titanic” as a familiar theme and case study for examples of low risk management maturity and the detrimental and even catastrophic effects low risk management maturity can have on an organisation and its stakeholders.
ERM frameworks and RMM models
After providing a background on what ERM is and discussing the updates to the ISO 31000 (2018) (http://www.theirm.org/media/3513119/IRM-Report-ISO-31000-2018-v3.pdf) and COSO (2017) (https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf) ERM frameworks, Arthur gave examples of critical success factors for risk management maturity within ERM framework themes, for example, risk culture (https://www.theirm.org/media/885907/Risk_Culture_A5_WEB15_Oct_2012.pdf). Within risk assessment, there was an example of guessing the speed of the fastest steam train to demonstrate the role of biases in risk quantification, such as over-confidence, which can be averted by calibration and the use of risk experts (for example, see the work of Hubbard – https://www.hubbardresearch.com) . Furthermore a Risk Management Information System (RMIS) comprised of a software suite which mirrors the ERM framework allows for tools to drive systematic and enhanced risk maturity. Examples of RMM models examined in the session include the RIMS risk maturity model (https://www.rims.org/resources/erm/pages/riskmaturitymodel.aspx) which is also being used by IRMSA and the RMM model that Arthur developed locally as part of his PhD (http://scholar.sun.ac.za/handle/10019.1/103651) .
In summary, an organisation’s Risk Management Maturity is one of the most critical aspects of its overall risk management programme, because the organisation’s entire risk management implementation is assessed and reported on holistically, based on best practice and the critical success factors of each aspect of the programme. RMM assessments cover the ERM framework of the organisation holistically, and ultimately give direction to specific, tailored interventions to fine-tune and improve the organisation’s risk management programme and risk culture.
Top Ten Risk Maturity Critical Success Factors:
- Tone at the top
- Clearly defined and communicated objectives
- Understanding of internal & external context
- Portfolio view of organisation – no silos
- Appropriate calibration and use of experts for risk identification / assessment and mitigation
- BCM in place – Scenario planning
- Effective KRIs and Action Plans
- Clear lines of accountability and escalation
- All employees take accountability for risk and continual improvement
- Holistic – the organisation is only as good as its weakest link
Presentation and Video links:
The following are useful links relevant to Arthur’s presentation:
The role of the risk manager brings many challenges and opportunities. In Arthur’s recent thought piece on risk maturity in the Institute of Risk Management of South Africa (IRMSA) 2019 Risk Report (https://www.irmsa.org.za/page/2019_Risk_Report?&hhsearchterms=%22riskreport%22 ), Arthur and other contributors such as Minister Pravin Gordhan, highlighted the critical importance of improving risk maturity within industry, our country and our profession – ‘connecting the dots’ and ‘thinking big’ which represents a key facet within IRMSA’s initiative towards a year of risk activism – ‘#impact’. All risk managers can commit to this initiative and develop themselves in the required competencies presented. There were a number of good questions at the end of the session regarding these issues, for example, around how a risk manager can deal with challenges from inside the organisation.
Once again thank you Arthur for your time and for your informative presentation and thank you to all those who attended our info sharing session. We look forward to seeing you at our next info sharing session.
Director – BarnOwl GRC and Audit software
About Dr. Arthur Linke:
2018 – Present: Managing Principal turricula risk advisory – Focus areas: ERM, risk maturity, strategy, due diligence, telecoms
Academic qualifications and associations
- PhD in Enterprise Risk Management University of Stellenbosch Business School (USB), South Africa – 2018
- MBA in International Management (Risk Specialisation) Thunderbird School of Global Management (ASU), Arizona, USA – 2002
- BA (Cum Laude) University of New Hampshire, USA – 1995
- Associate Member of the Institute of Risk Management South Africa (IRMSA) since 2013
- Member of the Institute of Directors Southern Africa (IoDSA) since 2018
- Member of RIMS since 2019
- Lecturer, facilitator and designer of management courses including Enterprise Risk Management, Perspectives of African Frontiers, General Management, Strategy, Price Theory, Doing Business In Africa, Country & Political Risk Analysis and International Management at universities including Thunderbird (ASU), the University of Ghana, Stellenbosch University (USB) and the University of Cape Town (GSB) at Master’s level.
- Supervisor of Master’s theses: University of Stellenbosch and University of Cape Town
- Research Fellow at the USB; research topics include risk management, international management, technology and digitalisation
Arthur is highly experienced in global business, client and sales management having developed this capability through roles encompassing leadership of > R1 billion capital value telecoms portfolios at companies such as Aurecon and Ericsson. Risk management responsibility was one of the many aspects addressed in these roles encapsulating business unit / client management with P&L accountability. Clients represented feature in various sectors and include large multinational companies such as Ericsson, Huawei, MTN, France Telecom/Orange, Vodafone, the SPAR Group, Transnet, Lafarge and Vale. In managing executive C– Level relationships within these clients, a consultative approach is critical, and Arthur is intimately involved in developing strategy and building business cases involving all functions within the client organisation including marketing, finance, operations and technical. A strong interest in technology, specifically topics comprising digitalisation, IOT, Industry 4.0 and Digital Cities, has been applied in the telecoms and engineering sectors where Arthur has spent much of his career. This side of Arthur’s professional experience provides a contrast to his Enterprise Risk Management (ERM) consulting and academic experience. In the classroom, Arthur brings his practical experience to the fore, utilising case studies and facilitating an interactive learning approach to lectures.
Arthur believes having contributed at all sides of the table with regards to risk mitigation of the downside perspective, addressing governance & compliance issues, whilst also driving the upside and strategic advantage gives him special insight into the relationship between risk and reward. Arthur is a certified trainer of risk management facilitators and works with a number of organisations to assist them in developing their risk management strategies and risk maturity as well as risk culture. This role is an embodiment of a long-term interest in risk management piqued during his MBA studies, carried forth through experience in the mining, aggregate, telecoms and other industries, and culminating in his PhD and consulting in ERM.
Arthur has travelled extensively in Africa, visiting almost every country on the continent during the course of his client engagements, and also having taken a long-term assignment of two years in Ghana, West Africa to lead and develop a client’s telecommunications portfolio in the region. Whilst in Ghana he also lectured at the University of Ghana Business School. These experiences have given him plenty of first-hand understanding of the Continent and all categories of risk in the African context. The concept of “Integrated Thinking”, linking strategy, ERM, performance management and Integrated Reporting as presented within the King Codes of Governance is a personal interest of Arthur’s, and he has several client and academic engagements around these topics.
Aside from work, Arthur enjoys family life with his wife son and two daughters. He played rugby for many years and his hobbies include mountain biking, golf and sailing. He and his family are based in the Boland, Western Cape.
BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by over 200 organisations in Africa, Australasia, Europe and the UK. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework.
Please see www.barnowl.co.za for more information.