The focus of the discussion this week we will revisit the Hurricane Scenario from earlier but not the focus is on the function of governance. Governance is summarized in sections Eight and Nine of the "A Risk Management Standard" document.

Key concepts related to risk management are that risk management:

• Does not seek to eliminate risk completely.
• Develops systems/processes that identify key risks.
• Takes steps to manage those identified risks in appropriate ways.
• Facilitates more stable operation of the organization and increases the likelihood of continual goal/outcome achievement.

One of the key responsibilities of those in governance roles is to ensure that reasonable steps have been taken within the organization to identify, evaluate, mitigate and react to risk related events. To enable this process leaders must establish policies and procedures related to risk related situations which help those in operational roles respond appropriately to a risk event. They must also ensure that the proper systems are in place to not only monitor risk event likelihood but to also ensure that the affected stakeholders are adequately trained to effectively react to a risky event and achieve the desired outcomes.

Those in risk management governance positions set the intended risk related direction of the organization and then make sure that the proper steps are taken within the organization to increase the likelihood of organizational risk related outcome achievement. In a typical organization, the details of how to achieve governance outcomes would best be handled by the organization operational personnel and it is a governance function to evaluate the verification systems in place to ensure risk management objectives are adequately addressed.

Key topic areas for a risk management program include:

• Setting the "tone at the top" of the organization: how seriously does leadership take its risk management function?
• Communicating desired risk management goals and outcomes in an effective way.
• Determining how much risk the organization is willing to take.
• Weighing the cost of evaluating and planning for a risk event against the benefits received from controlling the risk event.
• Evaluating the planned organizational response to risk events.
• Evaluating the monitoring and control activities related to risk events to ensure readiness.

The details associated with doing all of this for an organization can get complicated very quickly so it is important that those in governance roles not lose track of the overall goals while also doing reality checks that the details are adequately covered to ensure overall organizational readiness for risk events.

Discussion for This Week

You job for this week is to establish BOTH the overall governance direction and the operational details necessary to address a few of the risks highlighted in the earlier Puerto Rico Hurricane Season readiness discussion. The intent is for you to briefly review the risks and uncertainties you are most concerned about (you covered these in the earlier assignment), the persons responsible for dealing with risks and event, the actions you want taken by affected persons, how you will educate these persons about their desired actions and how you will verify their readiness. IMPORTANT: This assignment is not to restate what you wrote for the earlier hurricane analysis assignment. It is to add the governance piece to that scenario so that you ensure that those affected act appropriately to achieve you desired outcomes.

In particular, you should discuss the following for each indicated desired outcome:

• Describe the risks and events you are evaluating.
• Determine your organization's (family's) level of risk tolerance related to the risk impact.
• Determine the desired outcome(s)/goal(s) from the risk management process and the method(s) by which you will measure if it is achieved.
• Determine what steps need to be taken by affected persons to achieve the desired outcomes.
• Describe your plan for verifying your organization's overall level of readiness for addressing critical risks/events and achieving desired outcomes. This will include training and also verification of readiness.
• In a few sentences describe how you feel the evaluation process for this assignment applies to (or does not apply to) risk management in a larger organization. (See comment below.)

If you think about this week's scenario it is pretty simple compared to performing this risk management process for a larger organization. In the case of your family, the specific risks involved are few, limited in scope and you have direct control and influence with those involved. In the case of a large organization, you might be dealing with thousands of people, across multiple continents and through many tiers of management. The point of this week's assignment is to have you think all the way through the process from general concept to verified detailed readiness execution plan. The thought process is similar to that for a larger organization although the scope and details will be much different.