Roads to Resilience

Business Enablers

AIG

Drax

InterContinental Hotels Group (IHG)

Jaguar Land Rover

Strategy, Tactics and Operations

• analyse strategic (business) risks • have a defined risk appetite • conduct pilots in new markets to mediate risk • use vulnerability identification scheme (VID) – a survey of thousands of people in the organisation • near-miss reporting • assess ‘accumulated risk’ (consolidated across all businesses) • scenario planning with rdss (realistic disaster scenarios)

• analyse strategic (business) risks: upside and downside • project risks analysed through a risk ranking • clients’ financial risks analysed • risk scenarios and

• analyse risk at the strategic, project and

• portfolio approach to risk management • enterprise risk management is integrated with the strategic plan • trigger point standard scenario planning) to assess business risk looks at technical, regulatory, and competitor developments and the risks they pose • risk management of supplier base • multi-track R&D analysis (more advanced that

operational levels (including financial performance)

• extremely high levels of risk awareness (eg intelligence is constantly monitored) • extensive risk-

the necessary response are identified responses are practised

related training for staff (more than 100 training packages) • crisis teams include a ‘Crisis Owner’ with the right authority, specialists and communication experts

• risk reporting includes: risk assessment

matrices and near- miss reporting (with photographs) • operational ‘golden rules’ to minimise operational risk • ‘controlled anxiety’ • behavioural aspects of risk are always considered • contractors integrated into risk thinking • president in risk meetings • management’s operational experience and focus recognised throughout the organisation • deliberate steps to prevent hierarchical barriers • managers not given short-term bonuses

Leadership and Governance

• open reporting and strong communications • audit committee checks that NEDs play an effective role on the board • review committees for risk governance and achieving resilience

• focus on managing risks to protect reputation • managers know the front-line • executive committee strongly involved with risk management • management visible at the operational level • NEDs trained in risk management

• open door policy of top management and a regular presence at the operational level • bi-annual ‘top 150 leaders’ meeting reviews existing and emerging risks,

and the control mechanisms to address these

168

Appendix B: Details of Methodology