The work is part of a drama that happened to a friend, who is not a stranger to the world of organizations who is also subject to constant risks and for which measures must be taken to avoid them or at least serve to minimize the impact of their effects.
Every organization as a living organism must know what risk factors it is exposed to. The risks to any organization once they occur are traumatic, as happened to my friend, and for the moment, just like it happened to him, he lost his ability to survive, maintain a strong position and a positive public image. In daily practice, it is impossible for the risk to be zero. Risk is something inherent in both personal and organizational life. That is why it becomes important to know how to identify the risks, what is the level of occurrence that is considered acceptable and what are its possible impacts. Taking these elements into account we can manage the risks to keep them within their limits.
MY TRIP TO AFRICA
Armando was 40 years old when we had the opportunity to take a trip to Africa. We went to teach a course each in his field and we really got to know each other better after we got on the plane.
The flight from Cuba to Africa lasted 16 hours in the type of ship we were traveling in, more than enough time to interact and get to know each other better.
The first part of the journey covered the distance between Cuba and the Sal Island of the Republic of Cape Verde, it was done in 9 hours and we talked about the divine and the human. We talk about our studies, our work, the family, the latest movies from the cinema and television. Obviously, we also solved the main political problems that the world is undergoing today. In short, each one narrated what he had in mind at the time and was of most interest to him.
As is known, every person speaks and highlights in a first contact everything that is of greatest interest to them. As I like to do an “active listening”, he was motivated to tell me, even more so when there was something of interest in the narrative for me, I induced him to speak and delve deeper into that topic.
We arrived at Isla Sal and we did not get off the plane for a one-hour technical stopover that would allow refueling to the ship and something for the caitiring, because we still had 7 hours to fly.
Stopping the ship and opening the doors, we went down quickly and quickly to stretch our legs a little and wash our faces, since we hadn't slept the night before. We arrived at the Havana airport at 6 in the morning, the plane took off at 9 and at that time it was already 6 in the afternoon, Cuba time, 12 at night, Isla Sal time.
Then, when we got off the plane, the destination was a direct flight to the bathroom. We went in, did our basic second-order needs, and washed our hands and face. But, surprise !, the water that circulated through the taps was salty.
A first, instantaneous reaction was to look at each other with strange faces, but then we laughed out loud. Sure, it was obvious, we were in Isla Sal, then the water had to be salty.
After this anecdote, we went out to drink drinking water, which is obviously imported, and coffee. Then we walked a little to get to know the facilities, which were once a NATO military base, and to see why this airport was one of the highest revenues in the country, its strategic position is essential, it is the place that serves as a link for establish communication between Africa and European and American countries.
Once again in the ship, after takeoff, we decided to rest a little and my friend slept about three hours, I, who sleep a little and do not know how to sleep on airplanes, slept something to rest the sight and the mind.
About 3:30 in the morning, African time, my friend Armando jumps in his seat and says something that I can't understand. To the surprise of the jump I wake him up and ask him what's wrong, Armando?
Having woke him up unexpectedly and asking him a question directly left my friend half stunned at first and then he said: "I was, I was dreaming and it seems I had a nightmare."
A silence gap of about 15 minutes remained between us, where Armando apparently tried to wake up or meditate on his nightmare. After that time, he turned to me and confessed the following:
"Do you know what happens? That right now I am under the effects of a tremendous love trauma. " Following my good advice to practice good listening, I frowned and said, “Yes? But what happened to you that this dream has apparently given you a strong nightmare?
“Look, 6 years ago I met a divorced woman who captivated me by her smile. After about a year of coming and going where looks, flirtations, emails and all the necessary words and gallantry prevailed, we realized that, according to her, we were soul mates.
In these five years we have lived the most beautiful relationship you can imagine, something never experienced by me in my 40 years of age. She is a bright, sweet, affectionate, loving woman, with a certain air of naivete, tender, passionate. In short, it meets certain conditions that captivate anyone. In fact, these five years have served to build a unique and very special couple relationship ”.
So I said to him, but come here buddy, if everything was so perfect, what happened between you two?
"Well, something that we could consider insignificant for this type of relationship, we had no place to live together, we had no home to live as a couple, we were fighting for a nest but it did not appear." I then said to him, "And…?
"Well, I had to go last February 27 abroad and when I returned I found that she had decided to rejoin her old husband, the father of her daughters, who did have a home" And what does she say? Asked. "That he will forgive her, that maybe it was a mistake on his part but that the loneliness of these three months made her fall into a void where perhaps she made a mistake but, in the end, that man is her first man and is the father of their daughters. "
"The separation for me, he told me, has been traumatic, that's why I'm going now to Africa, to work for a year and see if I forget that woman since I feel very bad about her memory in Cuba, wherever I go I remember her because I have walked with her throughout Havana. Now I ask you, my friend, you already know my case, given these facts, what conclusions do you draw from this experience and what could I systematize from it so that something similar does not happen to me again?
The truth is that I did not expect this sudden question and to answer it I had to grapple with the experience of the years that I have had and answer it for the moment with the following idea:
"Look to draw a conclusion for the experiences of another person is very difficult, I could tell you that she really did not love you but it would be a superficiality of mine. I do not know her, nor do I know deep down her thoughts. Nor do I know how she interpreted the relationship they had and what the real meaning was. So my criteria are from the outside and to give you a systematization that can help you.
The idea is the following; I do not know if you will remember the series that they put on the TV called "In silence it had to be". Well, in one chapter of that series there was a dialogue between the actress Coralita Velóz (as a psychologist at the service of the CIA) and the actor Sergio Corrieri (as a Cuban security agent who was imprisoned) where in that scene more or less like this "Excessive enthusiasm is a problem when facing disappointments."
I think that was what happened to you, you were very excited and did not take into account the possible risk of such an outcome. That is to say, you did not know how to identify the possible risk and the danger that it entailed before any contingency in that scenario or in the scenario of that relationship. In other words, excess enthusiasm without considering the risk has now led to a trauma that is somewhat difficult to remove.
What's going on? That she was given a contingency that you did not have in your mental scheme because of the faith you had in her, you believed in her virtues blindly, you relied excessively on her ideas, on her promises, in everything that happened between you. Obviously, you adored and revered her as a goddess.
But, my friend, the goddesses are celestial, there are no earthly goddesses and she is earthly, therefore her ideas fluctuate with contingencies and therefore it is always necessary to evaluate a% of probability for errors, a% that gives you the possible risk, because the risk is never zero and having a potential risk identified as reserve always helps to avoid an impact as strong as the one you just had ”.
LET'S CONSIDER THE RISK
Beyond the presentation of this drama that occurred to my friend Armando, we can say that the world of organizations is also subject to constant risks and for which measures must be taken to avoid them or at least serve to minimize the impact of their effects.
Every organization as a living organism must know what risk factors it is exposed to, both internal and external, in order to be able to determine in advance how to manage them and take the corresponding actions in time.
The risks for any organization once they occur are always traumatic, as happened to my friend, and for the moment, just as it happened to him, he lost the ability to survive, maintain a strong position and a positive public image..
It is widely demonstrated that in day-to-day practice, in daily practice, it is impossible for the risk to be zero. Risk is something inherent in both personal and organizational life. That is why it becomes important to know how to identify the risks, what is the level of occurrence that is considered acceptable and what are its possible impacts. Taking these elements into account we can manage the risks to keep them within their limits.
A good practice when considering risks is to associate them with a group of indicators so that the level of confidence of each one can be determined and thus be able to estimate the probability of their success. Working with risks offers the possibility of creating a new organizational attitude, a new culture, that allows knowing where there are opportunities derived from reserves that still exist in the organization by reducing or minimizing any adverse results. Working with risks is a powerful management tool and one of the keys that can make any entity's success a reality.
A clarification, it is vital that we have one thing clear in advance, we cannot evaluate the possible risks if we have not previously identified the objectives that we intend to achieve or what is the same, the results that we want to achieve. To achieve such results, it is necessary to manage the risks that may conspire against said results. Therefore, we can say that to manage risks it is a “sine quoi non” condition or a condition prior to the evaluation of any risk condition that the objectives or results that are intended to be achieved have been defined in advance.
RISK MANAGEMENT
A good risk management system must be properly planned and contemplate the different moments that must be taken into account. The first link in the value chain of all risk management is to have conceptual clarity that organizations in their operation may be subject to the occurrence of certain risks and therefore it is necessary to prepare for it.
Organizations cannot work to perform an autopsy of what happened, but must be clear that there may be factors that conspire against the achievement of the proposed objectives that must be foreseen and be prepared to avoid them or at least reduce the impact of their effects.
Managing risk is discovering in a planned way the reserves that still exist in the organization by trying to minimize leaks due to tangible and intangible losses that conspire against organizational success. It is having a management mechanism that allows turning threats into opportunities.
Obviously, a risk management approach invariably requires being able to have a process that allows us to define risk in a planned way, so we must have the logical and necessary procedures to systematically manage them.
The main steps for good risk management can be seen in the following diagram:
Necessary premises
If it is about managing risk, it is good to be aware that we can only achieve good risk management if we previously guarantee the premises that are a sine quoi non condition for such management to be effective. Among these premises we can find the following:
- Have the permanent permission of the corresponding levels to systematically study all the activities and processes of the organization, in order to find those factors that represent actual or potential leaks. It is necessary to highlight a systemic approach to risk management, to have instrumented mechanisms that allow identifying and dealing with risks on an ongoing basis, as well as having the necessary records that allow the creation of a database of them. clear and thorough understanding of the strategic and operational objectives established by the management levels with the participation of all. Each executive must have a strategic risk management plan.Be willing to create a belief system and own values to work and face the risks of each activity or process. Or what is the same, have a philosophy, practices and processes of risk management throughout the organization.Not seeing risk management as a separate activity, but integrated into the general management of the organization and where everyone is involved, therefore, the risk plan must be shared and communicated to all. Risk management is not a program or a slogan, but rather a process that is part of the entity's objectives and must therefore be systematically monitored and reviewed.but integrated into the general management of the organization and where everyone is involved, so it is necessary to share and communicate the risk plan to everyone. Risk management is not a program or a slogan but a process that is part of the objectives of the entity so it must be systematically monitored and reviewed.but integrated into the general management of the organization and where everyone is involved, so it is necessary to share and communicate the risk plan to everyone. Risk management is not a program or a slogan but a process that is part of the objectives of the entity so it must be systematically monitored and reviewed.
It should not be forgotten that the success of any organization can be found among others due to its ability to achieve the objectives, avoiding the risks that they may be subject to.
Identification of risks
Being clear about the objectives that an organization intends to achieve, as well as those objectives that its subordinate units set out to contribute to the overall objectives of the organization, a first moment in risk management is their identification. In this sense we can say that organizational risk factors can be present and affect both the organization as a whole and at the level of a specific type of activity and can be both internal and external.
To the same extent that the objectives of an entity seek a better positioning of the organization and therefore are of greater claims and reach the level of risk increases, since this makes the organization move away from its average behavior and factors of different kinds. begin to become risk factors.
Therefore, risk management must consider in advance all the factors that could potentially occur. It is vital in organizations to have the necessary capacity so that all the factors are identified and for this, integrating the identification of risks at the moment in which the strategic objectives of the organization are defined can be key.
Technology-related factors, customers, competition, suppliers, the emergence of new suppliers or new products, government policies, natural disasters, or economic changes arising from the level may be subject to external risks throughout the organization. of globalization prevailing at the moment.
The risks of an internal nature throughout the organization can also be many: factors associated with the technological problems of the computer systems networks, the competition of the workers, the labor climate, the rotation of the personnel, the absenteeism, the nature of the entity, the board of directors, the group of internal auditors and even the changes of directors, may be, among other internal risk factors.
If it is important to identify risks at the level of the entire organization, it is not less important to identify them at the level of each activity of the most important functions, since this is a significant contribution to maintaining an acceptable level of risk for the entity as a whole.. In this way, identifying the risks of storage, production, marketing, transportation, human resources and accounting as an example, is a great help to achieve the entity's strategic objectives.
In another level of analysis, risk areas can be considered both those aspects of a general nature of the organization, as well as those associated with specific management problems, situations related to markets, problems with financial operations or external conditions, as well as specific issues of the administration of human resources or with computer systems.
Finally, I can say, by way of example, that risk factors in organizations can be considered situations such as: not being able to achieve the strategic objectives of the organization, failing to care for and conserving tangible assets, customer dissatisfaction, poor publish and damage to the image of the company, implement policies, rules and procedures not aligned with the objectives of the organization, non-compliance with current legislation, use of resources ineffectively and inefficiently or loss of key personnel for the organization.
Risk assessment
Once the risks have been identified, their evaluation is not a purely theoretical activity, but rather the opposite, of a strong practical and essential nature for the achievement of the success of the entity where it is applied. The methods to use can vary, here I am going to explain one result of the work experience.
Past ideas made us think that risk is a "contingency or possibility of harm." However, this concept today has a new focus and the risk is seen as "the contingency of something happening that will have an impact on the objectives" and is measured in terms of a probability of occurrence and an assessment of its consequences.
Derived from the new approach to the concept of risk, the need to determine the probability of occurrence of any risk factor becomes evident. By virtue of this, we could apply different more or less exact criteria. Regularly, experience indicates that due to the knowledge that managers have of the activity with which they work, they can estimate the possible probability of the occurrence of certain factors, so the table that I present below could be used as reference elements:
PROBABILITY MEASURE
At the same time. The new concept of risk imposes on us the need to determine an assessment of the measure or magnitude that implies the consequences that can be derived from the occurrence of each of the risk factors. In this case, more or less exact criteria could be used. However, applying the same criteria as above, the assessment of managers as experts in the activity, the criteria set out in the following table could be used for such assessment:
CONSIDERATION OF CONSEQUENCES
Obviously, for these consequences it must be considered that they are determined in relation to the achievement of the objectives, that they can be expressed qualitatively or quantitatively and that they can have either a positive or negative meaning. No less important is to assess that for each risk factor there may be more than one for the same event or factor.
If the evaluations given in the previous tables are taken to a new matrix that allows us to evaluate the relationship between the probability of occurrence of a number of factors with the evaluation of the impact that could be derived from the consequences of the occurrence of the risk, we could have a table like the one I present below:
The reading of this new table is given because those risks that become Extreme Risks would fall, that is, with a high probability of occurrence or very high consequences. While brown spots are high risk because their probability is high and high they are also the consequences that follow. On the other hand, the yellow squares are of medium risk and the green ones of low irrigation.
Timely decisions
The actions to be taken can be varied, depending on the type of risk, but it follows from the table that those risk factors that are extreme or high require special treatment. Not so much the medium and low risk factors, but they should not be neglected either.
The decisions that can be derived according to the particular case could be framed in:
- Try to take the pertinent measures to reduce the probability of occurrence or the resulting consequences. In this case, it would be necessary to develop the required mechanisms, either with new procedures or with the allocation of resources that are necessary to minimize the probability of occurrence and with it the impact of the derived effects. risky activity. In this case we could be facing a risk factor that is probably low or perhaps medium and we are willing to renounce its consequences. There are no significant losses of resources or image, or we could be willing to take the risk and accept it without managing it. This case is similar to the previous one, but perhaps the risks can be medium or high,but of low probability and therefore we are willing to assume the risk and accept it without any management, its consequences are not significant. Finally, we could pass the risk to another party to share it to some extent. In this case, the decision may respond to having a certain receipt that allows it to be shared with another person or entity. For example, it is the case in which we could have the receipt of some type of insurance.
Alignment
To manage based on risks, it is necessary, above all, to realize that the starting point is a long-term strategic decision, where the leaders must convince themselves that they have to work for them to add value to the organization. Its success depends on all leaders acting according to a risk management system and this requires great will.
Furthermore, it is vital that each person in the organization knows what the expected risk system is and understands the way in which their individual actions in daily processes feed and support the entire risk management process and in this way promote the objectives and strategies of the organization.
Therefore, one of the things that must be done to use a risk management system is to take the defined risks and move them, they must be put into operation and this movement is done through a communicative process.
Working with a risk system is a people process, so you have to agree on them, share them and operate with them. Moving the risk system assumes that understanding and engagement among all participants in the organization increases.
The most important thing to manage using a risk management system is to make sure that everyone knows the importance of risks, so you have to find a way to harmonize them with strategic decisions and daily actions. But, this is only achieved if they have enough attractive power to act as a magnet to align each worker and people know that the risks of the organization are a guide for everyone's action.
Moving risks is developing a continuous and consistent communication process to train people in a commitment to reduce them. This alignment is a strategic move and must cascade as well as develop in multiple directions.
The processes to reach a consensus on the risks can be varied, but these regularly begin with meetings where the possible risks are made known to everyone in their areas.
Together with this meeting, copies must be distributed with the risks defined. It is very common to create murals where “stories” are reflected, which have allowed limiting risky events. These stories have to be shared, told and disclosed. Both success stories, as any other anecdote, must be published and disclosed so that they are known and serve as a stimulating and recognition element, both to direct actors and to groups already the entire organization as a whole.
Communicating is one step in this process and must achieve the necessary commitment and create both individual and collective awareness of the risk management system.
I would not like to end this part without stressing that creating a risk culture is not an easy process, invariably it is necessary to create a risk environment, which allows us to consciously limit them or at least minimize their occurrences and the impact of their effects.
But, good risk management, in addition to aligning people through an adequate communication process, requires that the necessary culture be fostered through a series of mechanisms that serve as administrative pieces capable of reducing the probability of occurrence and impact. of its effects. Such mechanisms may be associated with specific work procedures and the allocation of previously determined resources.
All the mechanisms that are used have to be interwoven with the sole purpose of aligning people around the risks and for this it is possible to use a Plan as an aid tool that allows having a global vision of how to interweave the different mechanisms between the different involved.
Supervision and adjustment
A final step in the development of this process is the supervision and adjustment of the risk system. To the same extent that the risk system becomes a criterion for guiding behavior, said system must be evaluated to achieve continuous improvement. For this reason, it is necessary to evaluate the differences that may exist between the assumed risk system and the daily processes at all levels of the organization. This confrontation of data is the real challenge of culture change and the use of risk management.
In this supervision, individual, group and organizational performance can be measured based on the results achieved. The only way to measure compliance is by evaluating performance based on the results achieved.
Such a measurement mechanism can be through an audit of the risk indicator system that serves to review its implementation and execution.
This audit should check if the established theoretical bases correspond to and are consistent with organizational practice. This type of audit is not for sanctioning, but rather an opportunity to add value and improve operations, which seeks to achieve consistency between discourse and action, as well as to consolidate commitment at all levels.
Complementary indicators of measurement in this case are the results achieved in the competitiveness, efficiency, effectiveness and effectiveness achieved by the organization as a whole. The result of such measurement may lead to adjustments to the designed risk management system.
A CASE: BANCO LUZDEAMERICA.
A typical case of a Latin American bank is the one I present below. The Board of Directors of this bank determined its main risk areas and structured them as follows:
From the group of proposed areas and in a group work they determined the 11 keys, which are listed in the table below, and each member of the Board gave them a value according to the importance of their consequences. Such assessment allowed us to see the specific weight of each factor, an aspect that was agreed upon in a debate subsequent to said assessment. Derived from the weights obtained in absolute values, the relative value was sought to determine a weighting factor from it.
Previously, the different risk issues to be audited had been determined by the audit management and they were assigned a value according to a probability of occurrence, which multiplied by the weighting factor determines the importance of the issue to be audited according to the risk factor of the area in question. The sum of all the indicators weighted by topic and area tells us which are the topics to be audited with the highest priority according to the risk to which they may be subject. This serves to make decisions as to what is the order or hierarchy of each risk issue and what is the team of auditors that must be agreed according to the importance of its consequences. It is assumed that a more hierarchical subject is assigned a team of auditors of a higher professional level and experience,since this shows the Central Bank what is the importance given to higher risk problems. An example of what we have just explained can be seen in the following table for a sample of five risk topics to be audited.
THE RETURN OF AFRICA
As a farewell and before making the conclusions of the article, I want to tell you that my friend Armando and I stayed in Africa 101 days together, which was what lasted my course and he stayed longer. We were neighbors on the same property and therefore during this time we continue talking about the divine and the human, as well as solving all the serious problems to which the world is subjected today.
On the 100th, the day before my return, we shared a toast and a farewell dinner, Our friendship had expanded significantly, rather it was already a brotherhood of struggle for survival in an environment that was a bit hostile to us due to the differences cultural. After dinner and on a desktop again Armando brought up his love trauma and more than asking me for criteria he gives me his conclusions of the case and tells me:
Look Carlos, after what I have learned from your talks in these 100 days I tell you the following. For me, that magnificent woman with whom I had very intimate relationships was in a situation of very strong intrapersonal conflict. She had a conflict of approach avoidance conflict where she needed something and wanted to avoid it because of her relationship with me. This conflict went through time through its different stages, first it was a pre-conflict, then it became latent and finally, with my separation for three months abroad, it was triggered to become manifest and pluff, the bomb exploded, went with her ex-husband.
What happened? Because of the type of relationship we had, I did not take into account certain premises: such as having a mechanism to identify and face possible risks and, furthermore, I did not even conceive of any risk, my faith was totally blind. In this sense, I did not know how to identify the risk nor was I able to evaluate it, so I did not realize that such a situation could have an 80% probability of occurring, that is, it was a fact that would probably occur, nor that the consequences could be greater, that is, they could take a value as high as 4, which is a loss considered as greater.
If I had been able to identify a possible risk and had these evaluations previously, I would have realized that my risk was tremendous, 3.2, so it became an extreme risk and I would have had to take the appropriate decisions into account. and create the necessary mechanisms to at least lower its probability of occurrence or try to reduce the impact of its effects.
Thus, I did not know how to make the right decisions and pluff, the conflict exploded and I was totally disarmed and heartless as I was totally unprotected. But well, ignorance of the laws does not exempt me from the causes. Today, with my first 100 days in Africa, I feel very relieved and in that relief your advice and teachings have been vital. At this moment he raised his glass and proposed a toast while saying "Thank you for everything." I had no choice but to wish him "Good luck in your stay in Africa, I hope you calculate the risk of being away for so long." We both laugh and put our glasses together.
Before the year, I received a letter from my friend Armando. He told me he married an African woman, that she was very well and that the first thing she said was to have a house as a factor to reduce the risk. I had no choice but to laugh and think that from now on my old friend will always keep in mind that everything in life has a risk.
CONCLUSIONS
It occurs to me that from what is explained in the body of the article some conclusions can be drawn such as the following:
- An adequate risk analysis must be closely linked with the strategic objectives of the organization so that these can be achieved. Risk factors become part of the protective shield that must allow achieving the objectives and with it success. Managing risks allows an organization to achieve the greatest efficiency, effectiveness and effectiveness as a result of its management. Risk management promotes the quality of work, since working to reduce risks is promoting the idea of adding value to the work done. The implementation of a risk management system contributes to an adequate division of labor and thus a better order of the delegation of delegated authority.Managing risks allows, on the one hand, to have elements when deciding when resources are scarce where to locate them and, on the other hand, to avoid superfluous expenses derived from waste. in the face of certain contingencies.Of course, risks occur that help to achieve the profitability and performance objectives demanded by the organization, as well as anticipatingOf course, the risks allow to help achieve the profitability and performance objectives demanded by the organization, as well as to foresee theOf course, the risks allow to help achieve the profitability and performance objectives demanded by the organization, as well as to foresee theLoss of resources that could exist. Likewise, a duly worked risk management process allows obtaining much more reliable information. Finally, risk management is implicit in the characteristic of guaranteeing a greater reinforcement of compliance with laws and regulations. established so that it must avoid or at least reduce the appearance of strong contingencies and detrimental effects on the reputation and image of the organization.
