Updated: Sep 10, 2020
How to visualise and manage your full scope of #risks
No organisation today has full control over every aspect of its operations or reputation. It can however work to identify the connections between different aspects of the organisation, both internal and external to the business. By monitoring these connections, and understanding that there will always be relationships which have not been identified, the complex world of the 'extended enterprise' can begun to be understood.
The Institute of Risk Management included input from Satarla in their recently published guide to the Extended Enterprise. This guide includes an introduction to the extended enterprise; assurance for the extended enterprise; questions for the Board; Supply Chains; How to build trust across the extended enterprise.
Building your model of extended enterprise risk management, be you a multinational company, department within that multinational company or a single person startup follows the same three simple steps:
1) What is the full value chain in which your organization operates? This should include all of the inputs to and outputs from your organisation however focus on what you know (the gaps can be filled in later). Draw these steps in a linear set of steps across the middle of your page.
2) Where do you sit in that value chain? It is unlikely that your organisation will encompass the full value chain so mark on your value chain with a large circle where your business is positioned. Divide your circle into segments by departments or focus areas.
3) The external environment wraps around both your organization and your value chain. Impacts on your value chain, even outside the boundaries of your business can impact you. Who and what does this external environment consist of? This may include governments, industry partners, NGOs, climatic factors, regulatory changes, etc. Mark off segments around the edge of your piece of paper for each of these impactors. This picture is your extended enterprise. Now you can begin populating it with risks, controls and monitors, and where necessary, delving down into the detail in specific relationships.
This model can be used as a dialogue table, constantly being reshaped and moulded by those who contribute to it. It provides a central platform on which different perspectives of which risks are important to an organization can be discussed in the full context of the business. It also provides a mechanism through which to share good practice and areas which are of a concern which need to be addressed. If this exercise is being performed for a large organisation, the value chain should remain fairly static. By performing a version of step (1) at the beginning of every workshops, it can help to ensure that all workshop participants are in the same mindset as those who may have attended other workshops.
The information collected through the use of the Satarla extended enterprise risk model can be presented in any format necessary for internal and external compliance, however the visual format utilised by the model makes the information interesting and more engaging for the users. It also allows the user to a) see where they fit within an organisation, b) allows others to see where the users fit into an organisation, c) provides transparency between users, d) gives the CEO that overarching dashboard so critical to any organisation, e) is in line with project and process management techniques allowing clear flow between detailed metrics used at process level and those required at enterprise level within a business, f) the constant evolution of the model provides ongoing training to all users as to how the business is performing in an integrated manner.
Link to IRM paper on the Extended Enterprise.