David Hillson and I organised the event and as chair of the actual event I have some personal key messages that I am taking away from the event that I am happy to share with you.
Dr Will Jennings of University of Southampton: Risk-based decision-making in Olympic Games past and present. Will said that risk came of age in the Calgary 1988 Winter Olympics which about coincided with the creation of the apm Risk SIG and my personal roles in risk management. It was Vancouver in 2010 when risk management was first undertaken from the top down and the bottom up and it was integrated within an ERM (Enterprise Risk Management), which is recognised now as best practice. Will indicated that different types of risk (e.g. political, reputational) are managed in different ways.
Derek Hardman of Fujitsu: Countering Olympic business disruption risks. Derek talked about how they used their standard risk process and techniques to understand the risks to the continuing operation of his company and supporting their customers during the 100 day Olympics period. It was an approach co-ordinated and driven by HQ but understood and implemented by the businesses. He explained it was so important for Fujitsu to maintain their reputation in supporting their customers through this very demanding time. They considered the risk threats and risk opportunities posed by the Olympics. The attendees were asked to complete a survey and it was good to see that most of the risks had been understood by them but a few missed the cyber crime threat.
Steve James of BT: BT London 2012: From celebration to implementation. Steve explained the challenges to deploying BTs products and services to all 90+ venues. He also majored on the importance of managing the risk impact to BTs brand/reputation. Steve talked about their risk approach (not a process!) which was to ensure the optimum chance of success by:
Invest to de-risk
Have a risk mindset
Spend equal time on opportunity management
Steve explained how if a risk threat rose to >50% probability, they took the threat into the baseline and created a risk opportunity to try to stop the threat. That provoked some discussion!
Russell Newman of Mace and the ODA: Managing Olympic risk - View from the centre. What a mammoth task! They had 3 lines of defence:
Individual project risk management
ODA Programme Assurance
Consistency guaranteed through Audit
One reason for this was that the Government was concerned about its reputation. They had a usual risk process and ERM. They persuaded, guided, enforced all parties to adopt and follow the same risk process. They used quantitative analysis to calculate contingency. Contingency was held and approved at 3 levels.
I perceived some standard themes across the presenters:
Have a standard process and apply it consistently
Manage risk threats and risk opportunities
Ensure the risks are managed at the most appropriate level within the ERM
The importance of reputation risk to companies and the Government
In the email chat after the event between the presenters and organisers, Russell said I found Steves approach of including the full value of risks in the budget and working back from there to make savings really interesting. What I found interesting was that BT had recognised that reputation was their biggest risk and that if it occurred it would not occur by half, and made a conscious, brave decision to mitigate it. I think this was right and the lesson it has reinforced with me is that there is not a single method or technique that is always correct and that our first thoughts ought to be how are we going to manage our risk and not rush for the manual.
Overall a very interesting and thought-provoking event.
The pesentations can be downloaded below.