Concepts and Methods
RACG Concepts
Our approach departs radically from legacy risk thinking, which has not addressed the alarming risk failures of the last 25 years. Unlike the majority of others in Risk, do not put the systems first, we put the thinking first. Here are three of our twelve "big concepts" that drive our practice and systems.
Straight Through Unified Risk
Our focus is on an end to end View of Enterprise Risk integrated across all risk types. We define an Enterprise loosely as the legal entities of a set of interconnected stakeholders. The
historical approach focuses in depth on one risk type with
sophisticated quantification, modeling and other analytics, is short
sighted. From evolutionary standpoint it has painted itself into a
corner. If one takes an Event Risk approach there are two key benefits:
- can apply a common risk framework at any enterprise grain
- can apply informatics and analytics specific to a particular risk type
Commoditization of Risk
We commoditize the Risk Management of a set of interconnected Enterprises, at any level of grain. To commoditize risk means to make risk an externally evaluated component of each action for every stakeholder in the system.
Risk Architecture provides a methodology, framework and integrated processes for generating enterprise risk blueprints.
When implemented properly the end product is a Enterprise risk knowledge base. This drives a risk management dashboard reporting the risk state of the Enterprise activity in near real time.
In any global environment, this is the ‘holy grail’ of risk management.
Transparency as a Key Risk Indicator for the Enterprise
The goal of Risk Architecture is to support the enterprise achieve it’s goal of “end-to-end” Risk transparency through blueprints that deliver the right information to the right stakeholders at the right time.
The foundations of Risk Architecture are based on three underlying conceptual models: an Enterprise Reference Model, a Risk Reference Model and an Architecture Framework which provide definition for the Reference Models. These are defined for each case, and integrated.
The integrated view is sliced into seven layers. These layers are a consistent theme throughout our blueprints. From an information viewpoint, the seven layers are part of a process that transforms raw data into information and then into risk knowledge. These transformations involve changes of data granularity from a business line to the enterprise level to stakeholder risk views.
By approaching this with reference models we are able to include management of other key enterprise initiatives within our risk architecture, such as productivity, performance measurement, process re-engineering, change management, IT infrastructure security and assurance and IT architecture management.
This approach allows for interoperable risk management. In so doing it also makes value drivers of the business more transparent.
Some RACG Methods
- End-to-end stakeholder communication (internal and external)
- End-to-end reporting
- Stakeholder assessments are incorporated as metrics into the unified risk scorings.
- Verification of quantitative models at work analyzing the existing risk of a given risk category.
- Establishing a standard for achieving cross industry and cross-domain transparency, including external transparency.
- Collaborative assessment rather than heuristic historical data plus internal limited assessments.
- Providing a mechanism for sharing risk assessment across industry functions.
- Taking a unified risk reference model approach and within architectural framework.
- Provide a mechanism for the commoditization of this approach in every aspect of the enterprise
Some Architecture Components
- Unified Risk Blueprint
- Enterprise Blueprints
- Risk Maturity Models
- Stakeholder Assessment
- Risk Metrics
- Risk Technical Framework
- Cost of Risk
- Risk Metadata and Risk Rule Repository
- Risk Definition and Markup Language
- Riskbots [tm] and Risk Framelets [tm]
- Risk Management Dashboard components