Why SMARTER Risk Management? By John Hurlock, President and CEO of SMARTER Risk Management
“I sometimes get questions as to why we chose the name SMARTER risk management for our consulting firm. Sometimes I respond with a bit of humor at least to me by saying “It’s not just a clever name, you know, the letters actually stand for something”, and other times I just launch into the meaning of SMARTER and how to apply it to risk management. In either case, this question exposes the fact that there is a history to the name/acronym and it actually means a great deal to me, and hopefully to the people and organizations that use the SMARTER Risk Management approach.
The original concept, which goes back almost 15 years, came about because I was struggling to explain and apply the COSO concept (cube) to the risk management practice we had formed as a part of Metavante Business Consulting. It just seemed that the cube, while very elegantly designed, didn’t filter down to the real world of day to day risk management. In reality, risk management is not some crisp and shiny thing that people use and then write academic papers on. To me, risk management is about living in the real world; chaotic, noisy, unpredictable and, most important of all, human. Effective risk management allows us to stay alive, interact with others, and hopefully avoid pitfalls; but at the very least know how to react when that bad thing happens. Above all, risk management is a very personal thing. We all deal with risk differently and it helps to have a set of guidelines to use and fall back on in times of stress.
So, with my colleagues and friends we came up with an acronym and an approach that has proven to be useful and memorable. The key to a good acronym is that people remember it and know what it stands for. The original acronym was “SMART” Subject, Manifestation, Actions, Results, Testing. We added the superlative “ER” later to capture the concepts of Expectations and Review, effectively “SMARTER”. I won’t go into the specific meanings here, but encourage you to look on our website for how they are defined.
One of our early clients helped further this concept when they linked Subject to Activities and came up with Key Risk Activities. Thanks to Chris and Vu, we made the shift from Key Risk Indicators (KRI’s) to Key Risk Activites (KRA’s). At the time, everyone was compiling a list of KRI’s and these were being applied to scorecards to determine a risk rating for the organization. The trouble with KRI’s is that they need to be linked to an activity, thus moving beyond risk acknowledgment and instead risk management. Or, better yet, an activity should be linked to one or several KRI’s. The activity is where the risk comes into existence and occasionally turns into an event. The uncertain future becomes the certain present. This is where the humanness gets introduced: what do we do? why do we do it? and what can go wrong? All of these are embedded in KRA’s.
In 2012 we stepped out from under the wing of Sheshunoff Consulting. This new consulting firm had to be named SMARTER risk management because SMARTER represts our approach to understanding, creating, and bringing to life a common sense and understandable risk management system. With this approach, this critical thinking process, we are able to build the kind of custom program you need for managing your overall risk and your various individual risk management activites.
SMARTER has grown from being a way to communicate concepts of risk to a tool used for critically thinking about risk and effectively responding when the “bad day” happens. Our goal of helping clients build and manage their own risk programs has been achieved time and time again. And it all began with a struggle to communicate COSO to the people who were charged with managing risk…and to me, we are smarter.