Roads to Resilience

Olympic Delivery Authority (ODA)

The Technology Partnership (TTP)

Virgin Atlantic

Zurich Insurance Group

• common format for risk reporting • effective communication with suppliers and assessment of their financial robustness • focus on ‘de-risking’ time: ‘two, four, one’ (two years to plan, four years for construction, one year to solve final issues) • government risk register reported back specifically to the politicians

• know operating at the boundaries of technology is high risk • business risks, eg investment decisions are risk assessed • portfolio of projects assessed to mediate risk • less focus on tools and techniques for risk management, more on being able to react fast

• prefer leasing aircraft to buying them – to give flexibility • strong awareness and regular reporting of issues • focus on fast recognition and communication as issues develop • risk management training programme • divisional areas have their risk assessment and reporting structure • Safety and Security

• strategic and

economic focus of risk management

• enterprise risk

management built into the structure of the organisation

• ‘Total Risk Profiling’ of all investment decisions • extensive research on risks in new markets

board: consider operational and emerging risks across the business

• three lines of defence: line management, programme assurance, and risk and audit team • strong relationship

• AGM and EGM

• senior management is intimately involved in the business • formal and informal

• management visible and regularly involved with operations • hotlines for communication (including ‘whistle- blowing’) • NEDs provided with risk management training

provide corporate risk governance

meetings consider all aspects of risk

between Chief Risk Officer and the CEO

169

Roads to Resilience: Building dynamic approaches to risk to achieve future success