Home English

Risks of a lean superduper

risks of lean

A lean management concept is based upon the elimination of everything that does not bring added value to the respective product or service from the supply, production and sale process. And… please accept my deepest apologies for this simplification, Dear lean management experts, or whoever is reading this article…

Firstly, Toyota

Normally, as the best benchmark of a successful lean implementation, proponents of this idea point out the TPS or Toyota Production System. Lean processes are constantly excelled in the Toyota Corporation resulting in the well-known reliability of this company’s products. Of course, we can also mention other roots of a lean idea. These are the organisational improvements and inventions of Henry Ford, the father of the modern automotive industry and mass production in general.
I must confess here and now, that I am not an expert in lean management, but only in risk management. Thus, when a discussion titled “defects of lean management” appeared on my “radar screen” some time ago, my attention was drawn to the word “defects”. From “defects” (I thought) there is just one step to “risks”, and, after all, that’s what tigers do best!
Firstly, I dare say that at least some protagonists of a lean approach I have seen believe that this System (or solution, or idea, or managerial philosophy, whatever you call it) has a risk management component already included. Lean is so perfect and all-problem-solving super-duper, that no separate risk management is needed. Fact?


News about ideal risk-free circumstances is always good news because, for a risk manager, as Donald Rumsfeld, the once US former Secretary of Defence remarked in his ironic speech: “There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don’t know. But there are also unknown unknowns. There are things we don’t know we don’t know.” And, we could also quote here another famous thinker: “…the more he looked inside, the more Piglet wasn’t there.
And here you are! Even before considering the known and unknown advantages of lean management, just some simple research of easily available sources such as The Financial Times or The WSJ shows that… The risk is still there and, what a surprise! The best example is indeed the Toyota Production System itself!
Sources indicate, for example, that the slimming of the supply chains of the world’s largest auto maker that embrace the elimination of an “excessive” number of suppliers results in a simultaneous increase of a “classic” supply chain risk. That relationship was dramatically demonstrated during the tragic tsunami in Japan in 2014.

Another manifestation of “lean” philosophy is a specific approach to product design, which allows automakers to use the same elements in different car models. By the way, this is indeed a global trend, because all cars lookalike, don’t they?
Of course, from the point of view of production and cost efficiency, lean is good and brings profits but assume that something dramatic happens with a “lean” supplier of a very small but very important part and in a moment, production of all Toyota models Yaris, Corolla, Lexus is affected. Well, maybe, not Lexus and Yaris together, apologies for simplifying (as a lean management and Lexus non-expert).

These long chains

Unfortunately, a nasty and hidden risks of lean management not only creates a threat of supply chain interruption (or even total business interruption) but also immediately sets off a reputational risk. Every journalist appreciates the good news of bad news coming from top business names, as Toyota is. And carmakers are undoubtedly on the top of their “Breaking news” agenda.
Of course, the competition, politicians and other risk “stakeholders” are not going to miss an opportunity. Just think about the scandal of alleged “self-accelerating” Toyotas. Incidentally, the case appeared to be faked and simply not true. It was finally explained in favour of Toyota but… who remembers it today, in a world of an electronic public opinion, mindless social media bringing a verdict of “guilty” in seconds?
Another “lean related” risk, that is common and important for business today, not only just manufacturing, is product recall. This is again a big headache for the automotive industry – see the “Das Auto” problem. Of course, product recall threat is well known everywhere, so we can repeatedly read about electrocuting hair dryers, contaminated infant food and lethal toys.

Only human

Last but not least, a risk related to lean management arises from a “human” factor. There are sociological studies pointing out that lean, as the most modern approach to work organisation, also brings de-humanisation of labour. Within global lean production chains employees can be perceived as another “brick in the wall” sacrificed for the sake of growing “value added” optimisation. Remember Charlie Chaplin in “Modern times”? Lean is king, so stay in line and produce, produce, produce…
Thus, even a quick review of the lean risk landscape shows that there are a number of not so “lean” risks related or even created by lean management itself. That is, on the other hand, no surprise because risk is everywhere and usually man-made. And for the protagonists and lovers of “clean” lean management, without a separate risk management process we can recommend Toyota’s corporate web page, where you can easily find a dedicated and separate risk management framework. As well as such typical ERM functions like CRO, Chief Risk Officer and Board Risk Committee. Because each new, even more sophisticated management solution in addition to new opportunities creates new risks of lean to manage.

risks of lean   risks of lean    risk of lean   risks of lean   risks of lean

Terrorism risk

terrorism risk

How can we protect ourselves against home grown terrorism ? (video source)

Subscribe us with email.

terrorism risk, terrorism risk, terrorism risk,

Risk Management show killers.

Risk Management

Though this be madness, yet there’s method in’t.

There are two tools of Enterprise Risk Management that gain incredible popularity in  business nowadays: the first one is a risk
map (heat map) and the second one is a risk register. Describing a risk register in simple words – it is a tabular statement of identified business risks, their causes and effects, risk dimensions (Probability multiplied by Effect of an event) plus description of risk controls. There are project, departmental, corporate risk registers; even attempts to put together governmental risk registers can be found.

A risk map is, let me remind you, a visualisation of identified risks in a coordinate system (P and E). It looks convincing and appropriate for a Power Point presentation for your board of directors, but…just one important remark: a risk map is only a graphic “visualization” of the risk identified before in a risk register. It is not a tool for risk identification and analysis itself!
In fact, the existence of an active risk register simply proves that an organisation systematically manages its risks. However, the boards often declare management of risk while the answer to a simple question about a risk register is negative.
Creation of risk records, either in a form of a risk map or a risk register is certainly not a sufficient condition for effective risk management. Moreover, creation of such maps and registers
often becomes destructive and turns into a classical show killer of enterprise risk management implementation. Are you lost already? Let me explain it to you then.
A classical model of a risk management process, either described in ISO 31000 or COSOII standards, provides  for at least a few basic steps. They are: establishing the context – risk assessment
(including identification, analysis and evaluation) – risk treatment. That’s enough about theory. In practice companies begin their risk management adventure by taking first crack at an exploratory, promising, but labour-intensive task of risk
identification and description. This is done in accordance with the art of risk management and best practice, but… how often such art turns into art for art’s sake!
Typically, as a result of dozens risk identification workshops lengthy lists of risks containing hundreds of threats to the business are created, whereas their creators are not able to control them anymore! It is also a regular occurrence that a risk identification process lasts months longer than initially
planned (if there was any plan) and as a result risks that had been identified at the beginning of the process simply become history, unimportant rubbish in today’s fast changing business environment. Thousands of office hours were spent, hundreds of donuts (or, if you prefer, precels) consumed and litres of coffee drunk. Was it all worth it?  On the other hand, such big records, even if their creators are eventually very proud of them, bring
horror to management and co-workers. “How will we be able to manage five hundred risks?”, they think desperately.
Well, the lesson learned for Risk Management is: your risk register should be built prudently. And what quantity of risks “should” your company identify is another story for the next column.
The bad news is that falling into bureaucratic identification of risks, only aimed at recording and updating, is not the only peril on a risk manager’s path. The biggest challenge, and numerous surveys prove it, is a real life use of a risk register in decision taking. It is surprising how often, even open-minded managers that used to be promoters of the risk management implementation process take even strategic decisions in complete isolation from what can be concluded from risk registers and maps. And when a company fails people say that risk management has failed. Wrong!
Systematic management (and any type of management) requires regularity and determination. It is also true that managers simply do not have time to dig through large, sluggish risk management
registers. This is the way risk registers live their own life and boards live their own and only among those who were involved in risk identification frustration is growing. “What was the purpose of our efforts?”, they ask themselves.
Thus, there is another lesson to be learned: risk identification is one thing, evaluation the other, but taking risky decisions is a
completely different, much bigger challenge.


Megaprojects! Why do they fail?


Why do Megaprojects fail? A short but a very interesting study on causes of biggest project failures with an excellent example of Seattle tunnel drilling.
Worth seeing as it briefly analyse root causes of typical Mega failures, unfortunately very typical and easy to predict…

Megaprojects ! Should we start them at all ?

Speedy risk management

speedy risk

Speedy risk management – for English readers.

We are not lacking occasions to manage risks these days… in the end we live in a risk society, but often either no one manages risk or only a few try to manage too little, too late.

Quite a long time ago risk managers observed that although we evaluated a risk in two dimensions (just to remind you), i.e. the likelihood and consequences of a “risky” event multiplied by itself (not added to each other, because such ideas do happen!), there are other dimensions of risk.

Thus, today we will describe the speed of materialization of a risk or in other words, the time that remains from risk identification until its occurrence.

Speedy risk and TTI

There are different terms that are related to the speed of a risk, such as: risk velocity, risk clock speed and Time To Impact (TTI). Relatively, the topic is quite poorly perceived by managers, although empirically-tested by each one of us when we come into the office Monday morning, refreshed and eager to work hard, then we check our email box and … boom!

Exactly. There is no doubt today, that the world has really accelerated and every day, apat from the old, traditional risks, completely new risks appear: political, cyber, fraud, reputational. Luckily there are both threats and opportunities, but… do not be deceived by a world of technological innovations: a time in which the most massive, “traditional” risk can materialize does not necessarily result from an implementation of new discoveries by eggheads. Just for example it is enough that our valued legislators fall into the new idea of new regulations, and like a bolt from the blue, we have a problem.

That is why those who manage risk recommend adding that third dimension, spreed of materialization, risk velocity to the size of a risk during risk analysis. Of course, according to the rules of risk management, it would be good to quantify this additional risk dimension. The best in “days”, because it would probably be too late to do it in “hours” (we should note however, that it could be a part of so called Business Impact Analysis, BIA, that is the cornerstone of BCM).

Out of the blue

So, there are risks that materialize quickly (fast clock speed risk) and require immediate reaction and those that can wait. Because we always have to consider the allocation of our resources in the most effective and appropriate way. In the end there will also be risks of a „boom” – type, completely out of the blue, in other words classic black swans or like hawks falling on peacefully-grazing corporate partridges. Speedy risk.

Giving up these ornithological comparisons we need to mention that the concept of the “speed” of a risk raises some controversy. Some people even believe that this idea undermines the very essence of the concept of a risk, which “by definition” is connected with uncertainty. For if we had the ability to estimate when an event would take place “in days”, “hours”, or even in “years” (for strategic risks).. where would the uncertainty be then?

Others argue that the speed of a risk is already included in our estimation of the likelihood of an event. In other words, if the likelihood of a specific risk is greater than the likelihood of another risk it is also because we (sub)consciously took into account the shorter time in which it can materialize.

The issue remains debatable and, for example, in the standards of a risk management we do not find clear guidelines on how to proceed although the well-known Committee of Sponsoring Organizations (COSO) in its interesting guidance “Risk assessment in practice” proposes an assessment of “the speed of onset” or just “velocity of risk”.

Speedy risk: technically speaking

It seems, however, that at least at the level of preparation of a corporate risk profile, this classic risk management report for C-level management, it would be a shame to give up information about estimated “time to impact” (TTI). Technically speaking, some suggest that TTI multiplied by probability and effects will give us a new line up of identified risks, precisely taking into account the “clock” dimension. Of course we should previously establish our criteria for a risk assessment, and therefore the benchmark for a risk measurement.

As in the case of impact and probability each of the “small” or “large” TTI means something different. Probably for manufacturers of computer games, risk velocity is measured in months, and in the case of heavy industry in years, but … are you sure today?

As always you need to carefully consider the criteria by which we measure anything, especially the scale of probability. It is indeed a typical mistake made during risk mapping and repeated in many companies with a strange stubbornness.

The issue of risk velocity becomes particularly important given the increasing regulatory requirements for risk management. Regulations, like Solvency or Basel, or issued by local market regulators, impose construction of heavy, shiftless, static risk management systems, and writing of lengthy disclosures on topics that had become (pre)history yesterday. Today a drastically changing horizon of new events continually brings us new risks. We need solutions that are lightweight, agile, and responsive to the upcoming opportunities and threats, agile risk management.

Słuchanie o ryzyku i nie tylko

słuchanie o ryzyku

Słuchanie o ryzyku i nie tylko >>>

Zbliża się weekend i być może co najmniej niektórzy z P.T. Czytelników Ryzykonomii będą mieli trochę czasu aby uzupełnić swoją wiedzę o ryzyku i nietylko.

My, Redakcja Ryzykonomii uzupełniamy nieustannie i czasami już nawet nam głowa od tego pęka i od myśli jacy to mądrzy już jesteśmy i jak świat tego (w dostatecznym stopniu) nie dostrzega.

No więc  dzisiaj polecimy cykl 3 niezwykle ciekawych wykładów, które wysluchaliśmy niedawno via Internet. Wykładów profesora Jeffreya Sachsa, znanego skądinąd onegdaj w Polsce. Wykładów z London School of Economics gdzie niezwykle ciekawie rysuje on obraz historii i wyzwań, które stoją dzisiaj przed jakże praktyczną nauką ekonomii. My rozumiemy, że są to oczywiście także wyzwania związane z zarządzaniem ryzykiem. I choć between the lines jest to w gruncie rzeczy wykład o szansach i zagrożeniach naszego świata.

Gorąco polecamy, bo wartom nawet jeżeli nie wszyscy sie ze wszystkim zgodzą. Nam w Polsce niezwykle brakuje merytorycznej dyskusji na takim poziomie, ale ostatecznie możemy przecież skorzystać z rekomendacji Redakcji Ryzykonomii.

Dość więc, dla zainteresownych luni poniżej. A polecamy tez słuchanie wykładów z LSE w podcastach na smartfonach dh w apllowych i androidowych aplikacjach.

Wykłady są między innymi o wartościach ekonomii, globalizacji i perspektywach i wielu innych kwestiach ważnych dla ekonomii i biznesu. I tego aby po nas coś wartościowego oprócz zapisów księgowych pozostało.