"Dr. Redinger provides a framework for dealing with integrated risk as well as the processes and tools to help and guide your successful strategy. If risk management is important to you, then I would recommend this book."
- Malcolm Staves, Global Vice President Health & Safety, L’Oréal
"Dr. Redinger’s framing within a risk management context provides a vital contribution to public policy and organizational governance now and in the future. The book's Risk Matrix is a brilliant effort in evolving how we can see and work with the diversity of impact-dependency pathways between an organization, and human, social, and natural capitals. A must-read for the risk professionals ready to shape the future.
- Natalie Nicholles, Executive Director, Capitals Coalition
A hands-on roadmap to creating a risk management platform that integrates leading standards, improves decision-making, and increases organizational resilience
Organizational Risk Management delivers an incisive and practical method for the development, implementation, and maintenance of an integrated risk management system (RMS) that is integrated with ISO 31000:2018, ISO’s high-level management system structure (HLS), and COSO's ERM.
The book explains how organizational risk management offers a platform and process through which organizational values and culture can be evaluated and reevaluated, which encourages positive organizational change, value creation, and increases in resilience and fulfilment. Readers will find an approach to risk management that involves the latest advances in cognitive and organizational science, as well as institutional theory, and that generates a culture of health and learning.
The book also offers:
- Thorough discussions of the social aspects of organizational risk management, with links to evolving Environmental, Social, and Governance norms and practices
- Detailed frameworks and systems for the measurement and management of risk management
- Insightful explanations of industry standards, including COSO’s ERM and ISO’s risk management standards
Perfect for practicing occupational and environmental health and safety professionals, risk managers, and Chief Risk Officers, Organizational Risk Management will also earn a place in the libraries of students and researchers of OEHS-EHS/S programs, as well as ESG practitioners.
Table of Contents
Foreword xvii
Preface xix
Acknowledgments xxv
Acronyms xxix
1 Introduction: Leverage to Create 1
Imperatives 3
Becoming Aware 5
Postulates and Design Principles 5
Who You Are 7
What You Will Learn 7
1.1 A New Era 8
1.1.1 Value and Purpose 8
1.1.2 Social- Human Dimension of Risk 9
1.1.3 Environmental, Social, and Governance 10
1.1.4 Diversity, Equity, and Inclusion 11
1.1.5 Health - Organizational and Human 11
1.2 Leverage 12
1.2.1 Levine’s Lever 12
1.2.2 A → B, Current Reality and Where You Want to Go 14
1.2.3 Thinking in Systems 15
1.2.4 Shifts 15
1.2.4.1 Expanding Perspective and Awareness 16
1.2.4.2 Language as Currency 17
1.2.4.3 Integrated Capitals Perspective 18
1.2.5 Frameworks and Structures 19
1.2.6 Metrics and Indicators 20
1.3 Integration 20
1.3.1 Integrating What? 21
1.3.2 Integrated Thinking 22
1.3.3 Integrated Risk Management 22
1.4 Culture of Health 24
1.5 Leadership and Seat at the Table 25
1.5.1 Motive Force and Organizational Energy 26
1.5.2 The Table 26
1.6 Finding Leverage 27
1.6.1 Your A → B 27
1.6.2 Developing a Playbook 28
1.6.3 Creating a Project 28
1.7 Book Logic and Chapter Summaries 29
1.7.1 Chapter Flow and Book Logic 29
1.7.2 Chapter Summaries 30
1.7.2.1 Chapter 2 -Risk Logics 30
1.7.2.2 Chapter 3 - Frameworks 30
1.7.2.3 Chapter 4 - Conformity Assessment and Measurement 31
1.7.2.4 Chapter 5 - Awareness in Risk Management 31
1.7.2.5 Chapter 6 - Field Leadership 32
1.7.2.6 Chapter 7 - Decision- Making 32
1.7.2.7 Chapter 8 - Risk Matrix - An Integrated Framework 33
1.7.2.8 Chapter 9 - Matrix in Action 33
1.7.2.9 Chapter 10 - Escalate Impact 33
Suggested Reading 34
Part I Foundations 35
2 Risk Logics 37
Defining Risk Logics 39
Core Logic 39
Premises 41
Uncertainty 41
2.1 Contexts, Drivers, Orientations 42
2.1.1 Evolutions 43
2.1.1.1 EHSS Management: Compliance, Performance, Impact 44
2.1.1.2 Frameworks: Process, Program, System, Field 45
2.1.1.3 Sustainability: ESG, Materiality, Double Materiality, Value, Capitals 46
2.1.1.4 Object/Foci: Shareholder, People/Workers, Stakeholders 46
2.1.1.5 Organizational Risk Management: Four Generations - Insurance, Regulatory Compliance, Consensus Standards, and Value and Purpose 47
2.1.2 Corporate Governance - Purpose and Value Creation/ Protection 47
2.1.3 Esg 51
2.1.4 Social and Human Capital 52
2.1.5 Culture of Health 53
2.2 Defining Risk 54
2.2.1 Risk to Whom? 54
2.2.2 Definitions 55
2.2.3 Risk- Reward and Opportunity 56
2.2.4 Fourth- Generation Risk Management 57
2.3 Core Concepts 58
2.3.1 Analysis, Assessment, Communication, and Management 58
2.3.2 Risk Profile 59
2.3.3 Owner - Risk Owner, Generator, and Source 59
2.3.4 Acceptability - Acceptable Risk and Risk Appetite 60
2.3.5 Tolerance - Risk Tolerance 60
2.3.6 Transfer - Risk Transfer 62
2.3.7 Risk- Based Thinking 62
2.4 Conformity Assessment 63
2.5 Systems Perspective 64
2.5.1 Systems Thinking 65
2.5.2 System Dynamics Iceberg 66
2.5.3 Deeper Levels 68
2.6 Risk Field 68
2.6.1 Field Background 70
2.6.2 Characterizing an Organizational Field 71
2.6.3 Operationalization - Risk Field → Risk Matrix 74
Suggested Reading 74
3 Frameworks 77
Power of Structure 79
Expanding Perspective → Expanding Awareness 79
Learning Context 80
“Next Generation” Frameworks - Evolution and Integration 80
3.1 Types of Frameworks 80
3.1.1 Regulatory 81
3.1.2 Consensus Standards 81
3.1.3 Evolved Organizational and Professional Practices 82
3.1.4 Tailoring 82
3.2 National Academy of Sciences and EPA: Risk Decision- Making Anchors 83
3.3 International Organization for Standardization (ISO) 86
3.3.1 Background 86
3.3.2 Risk Management Evolution at ISO 86
3.3.3 ISO 31000 Overview 87
3.3.4 ISO 37000 - Risk Governance, Principle 6.9 89
3.4 ISO Management System Standards 90
3.4.1 High- Level Structure 91
3.4.2 ISO MSS Demonstrative - Occupational Health and Safety (iso 45001:2018) 92
3.4.2.1 Scope (1) 94
3.4.2.2 Terms and Definitions (3) 96
3.4.2.3 Context of the Organization (4) 96
3.4.2.4 Leadership and Worker Participation (5) 97
3.4.2.5 Planning (6) 100
3.4.2.6 Support (7) 103
3.4.2.7 Operation (8) 105
3.4.2.8 Performance Evaluation (9) 109
3.4.2.9 Improvement (10) 111
3.5 COSO Enterprise Risk Management Framework 113
3.5.1 Evolution 113
3.5.2 Overview - 2017 Version 114
3.6 Environmental, Social, and Governance 117
3.6.1 Overview and Terminology 117
3.6.1.1 Sustainability 117
3.6.1.2 Environmental, Social, and Governance 117
3.6.1.3 Corporate Social Responsibility 118
3.6.1.4 Materiality 118
3.6.1.5 Materiality Beyond Financial Reporting - Double/ Impact Materiality 120
3.6.2 Human Capital 121
3.6.3 Reporting and Performance Criteria 123
3.6.4 Global Reporting Initiative (GRI) 124
3.6.5 International Sustainability Standards Board 125
3.6.6 Value Reporting Foundation, IIRC, SASB 126
3.7 Transcending Paradigms 128
3.7.1 NIOSH Total Worker Health 129
3.7.2 Culture Health for Business (COH4B) 130
3.7.3 Capitals Coalition 131
3.A ISO 3100:2018 Principles 133
3.B COSO ERM (2017) Principles 134
Suggested Reading 136
4 Conformity Assessment and Measurement 137
4.1 Frameworks and Guidelines 139
4.1.1 National Research Council 139
4.1.2 ISO Committee on Conformity Assessment (CASCO) 140
4.1.3 Inference Guidelines and Decision- Making Currency 140
4.2 Measurement 141
4.3 Auditing 143
4.3.1 Historical Background 143
4.3.2 Types of Audits 144
4.3.2.1 First Party - Internal Audits 144
4.3.2.2 Second- and Third- Party External Audits 145
4.3.2.3 Hybrid Approaches 145
Suggested Reading 146
Part II Leverage 147
5 Awareness in Risk Management 149
5.1 Origins and Development 152
5.1.1 Genesis and Fourth- Generation Risk Management 152
5.1.2 Early Years, 1999- 2018 152
5.1.2.1 Integrated Model 153
5.1.2.2 Second- Order Change 153
5.1.2.3 360 Perspective 155
5.1.2.4 Stakeholder Domains 155
5.1.3 Current Iteration Risk Field → Risk Matrix (ABRM v.2) 155
5.2 Defining Awareness 156
5.2.1 Standards and Frameworks 157
5.2.2 Paying Attention 159
5.3 Orientations, Perspectives, and Mental Models 160
5.3.1 Decision-Making Prequel - Bias and Heuristics 161
5.3.2 Being- Doing 162
5.4 Leverage and Seven Risk Awareness Elements 162
5.4.1 Awareness 163
5.4.2 Internal State 163
5.4.3 Risk 164
5.4.4 Purpose 164
5.4.5 Value Creation and Preservation 164
5.4.6 Decision- Making Processes 165
5.4.7 Generative Field 165
5.5 Language as Currency 165
5.5.1 Future- Based Language 167
5.5.2 Carriers of Meaning 168
5.6 Shifting Mindset and Paradigms 169
5.6.1 Revisiting A → B 170
5.6.2 A Learning Context 171
5.6.2.1 Organizational Learning 171
5.6.2.2 Double Loop Learning 172
5.6.2.3 Transformational Learning 173
5.6.3 Capitals Coalition’s Four Shifts Model 175
5.6.4 Anatomy and Physiology of Shifts 176
Suggested Reading 176
6 Field Leadership - Motive Force 179
6.1 Motive Force 181
6.1.1 Organizational Energy 181
6.1.1.1 People 183
6.1.1.2 Structures 183
6.1.1.3 Contexts/Drivers 183
6.1.2 Culture of Health 183
6.2 Field “Actors” - Individuals, Teams/Departments, Enterprise, Community 184
6.2.1 Interiority, Accountability 185
6.2.2 The Hats You Wear - Designer, Builder, Operator, Participant 185
6.3 Creating Value 186
6.3.1 Why This Is Important 186
6.3.2 ISO 31000:2018 and COSO’s ERM Framework 186
6.3.3 ISO 37000:2021, Section 6.2 - Value Generation 187
6.3.4 Capitals 188
6.3.4.1 Defining Capitals 188
6.3.4.2 Capitals Coalition and Value 190
6.4 Leadership and Participation in Frameworks 191
6.4.1 Iso 37000:2021 191
6.4.2 COSO’s Enterprise Risk Management 193
6.4.3 Iso 31000:2018 194
6.4.4 ISO MSS Examples - ISO 14001:2015 and ISO 45001:2018 195
6.5 Emerging Leadership Paradigms 196
6.5.1 System Leadership - Senge, Hamilton, Kania 196
6.5.2 Responsible Leadership - Accenture, World Economic Forum 197
Suggested Reading 198
7 Decision- Making - Expanding Perspective 201
Awareness - Process, Paradox, and Tension 203
Types of Decisions 204
Organizational Learning 204
Expanded Platform 204
7.1 Background and Anchors 205
7.1.1 Decision Science 205
7.1.2 The Human 206
7.1.2.1 Two- system Brain 207
7.1.2.2 Perception 208
7.1.2.3 Brain Function 209
7.2 Systems Perspective 211
7.2.1 Systems 101 212
7.2.2 Inputs and Processes 214
7.2.2.1 Data and Measurement Consideration 214
7.2.3 Output, Outcome, and Impact 215
7.2.4 Feedback 216
7.2.5 Stocks and Flows 216
7.2.6 Impact- Dependency Pathways 218
7.3 Frameworks 219
7.3.1 ISO 37000:2021, Governance of Organizations - Guidance 219
7.3.2 ISO 31000:2018, Risk Management - Guidelines 220
7.3.3 COSO Enterprise Risk Management - Integrating with Strategy and Performance 222
7.3.4 ISO Management System Standards 222
7.4 Key Considerations 222
7.4.1 Carriers of Meaning 223
7.4.2 Context, Framing, and Narrative - Or Is it the Number? 223
7.4.3 Defining Risk 224
7.4.4 Decision- Making Currency 224
7.4.4.1 Inference Guidelines 225
7.4.4.2 Residual and Acceptable Risk 225
7.4.4.3 Materiality, Value, and Purpose 226
7.4.5 Rates, Cycles, and Time Horizon 226
7.4.6 Delays and Buffers 227
7.5 Risk Decision- Making Kernel 227
Suggested Reading 228
Part III Integrating Eras 229
8 Risk Matrix: An Integrated Framework 231
Generating Organizational Energy - The Engine 232
New Language and Dimensionality 233
Tailoring 233
8.1 Risk Field to Risk Matrix 234
8.2 Matrix Structure 236
8.2.1 Nomenclature 236
8.2.2 Cells, Rows, and Columns 238
8.3 Contexts/Drivers (y- Axis) 239
8.3.1 Regulatory/Technical 240
8.3.2 Organizational 240
8.3.3 Social-Human 240
8.4 Actors/Motive Force (z- Axis) 240
8.4.1 Individual 242
8.4.2 Team/Department 242
8.4.3 Enterprise/Company 242
8.4.4 Community 242
8.5 Risk Management Elements (x- Axis) 243
8.5.1 Foundational Five 245
8.5.1.1 Risk Assessment (E2) 245
8.5.1.2 Emergency Preparedness and Response [EPR] (e3) 246
8.5.1.3 Management of Change (E4) 247
8.5.1.4 Communication - Systems and Practices (E5) 248
8.5.1.5 Competency and Capabilities (E6) 252
8.5.2 Trim Tabs 254
8.5.2.1 Purpose and Scope (E1) 254
8.5.2.2 Social- Human Engagement (E7) 257
8.5.2.3 Leadership (E8) 266
8.5.2.4 Decision- Making (E9) 266
8.5.3 Operational Elements 268
8.5.3.1 Frameworks (E10) 268
8.5.3.2 Auditing and Metrics (E11) 271
8.5.3.3 Operation (E12) 275
8.5.3.4 Escalating Impact (E13) 276
8.5.3.5 Future- Ready Strategy (E14) 276
Suggested Reading 277
9 Matrix in Action 279
9.1 Risk Matrix Applications 282
9.2 Matrix Dynamics 283
9.2.1 Complexity and Tight Coupling 283
9.2.2 Z- axis - Actors/Motive Force 284
9.2.3 Y- axis - Contexts/Drivers 285
9.2.4 X- axis - Risk Management Elements 286
9.2.5 Gravitational Pulls 287
9.2.6 Topographies/Ecosystems 288
9.3 Integrate and Integration 288
9.3.1 Integrating What? 289
9.3.1.1 Integrated Thinking → Integrated Decision-Making 290
9.3.1.2 Risk Field 290
9.3.2 Templating 290
9.3.3 Integrated Thinking 291
9.3.3.1 Rotman School of Management - Integrative Thinking 291
9.3.3.2 The International Integrated Reporting Council 292
9.3.3.3 COSO Enterprise Risk Management (ERM) Framework 293
9.4 Scorecards and Dashboards - Portals for Integration 293
9.4.1 Risk Management Elements Dimension Example - Decision- Making Dashboard/Slice 295
9.4.2 Contexts/Drivers Dimension Example - Social-Human Element Dashboard/Slice 297
9.4.3 Actors/Motive Force Dimension Example - Enterprise/ Company Element Scorecard/Slice 299
Suggested Reading 302
10 Escalate Impact 303
A → B 306
10.1 Transcending Paradigms 306
10.1.1 Evolutions 307
10.1.2 New Clearings 307
10.1.3 Shifts 308
10.2 Generative Fields 308
10.3 Leverage - Creating Generative Fields 312
10.3.1 Value Generation and Health 313
10.3.2 Interiority 314
10.3.3 Generative Field Engine - Social-Human Engagement (E7) and Leadership (E8) 316
10.3.4 Pedagogy of Evaluation 319
10.4 Carriers of a Field 322
10.4.1 Portal to Future- Ready 323
10.4.2 The Table and Its Seats 324
10.4.3 Trim Tab 324
Suggested Reading 325
Glossary 327
Index 337
