ARCHIVED CONTENT
You are viewing ARCHIVED CONTENT released online between 1 April 2010 and 24 August 2018 or content that has been selectively archived and is no longer active. Content in this archive is NOT UPDATED, and links may not function.By Jim Deloach
The last 15 years in particular have been besieged by high-profile business scandals and financial failures, sparking unprecedented regulation and providing some valuable lessons for risk management. These lessons address 10 common failures of risk management, as outlined below:
1. Beware of poor risk governance and “tone of the organization,” leading to the lack of transparency, openness and commitment to continuous improvement that are so essential for risk management to function effectively.
2. Watch out for reckless risk taking due to the absence of limits, checks and balances, independent monitoring and reporting and skin-in-the-game compensation structures; ironically, reckless risk taking is often perpetrated by the “smartest people in the room.”
3. An inability to implement enterprise risk management effectively within strategy setting and across the enterprise exposes the organization to the vagaries of silo thinking.
4. Ineffective risk assessments often:
- Do not extend the time horizon far enough;
- Narrow the focus to operational and compliance risks;
- Give insufficient emphasis on understanding what management and the board doesn’t know;
- Place excessive reliance on probability assessments;
- Fail to consider the velocity to impact, persistence of impact and response readiness for “high impact, low likelihood” risks; and/or
- Fall short of improving the preparedness for the unexpected crisis.
5. Not integrating risk management with strategy setting and performance management makes it almost impossible to establish relevance in the C-suite and position the organization as an early mover to capitalize on market opportunities and address emerging risks.
6. Falling prey to a “herd mentality” or committing to “dance until the music stops” rather than seeking to become an early mover to act on emerging opportunities or risks before they become common knowledge compromises an organization’s ability to pay attention to the warning signs posted by the risk management function.
7. Misunderstanding the “If you can’t measure it, you can’t manage it!” mindset gives managers an excuse to do nothing at all with respect to understanding and addressing difficult-to-measure risks. Inability to measure a risk will not make it go away and, if the financial crisis taught us anything, it’s that what we don’t know is more important than what we do know.
8. Accepting a lack of transparency in high-risk areas (e.g., lack of information for decision-making) causes management to lose touch with reality, leaving decision makers with little insight as to the emergence or source of risk and/or what is really happening or potentially can happen.
9. Management’s ignoring the dysfunctional behavior and “blind spots” created by the organization’s culture is a sure sign that trouble lies ahead.
10. Not involving the Board quickly on the things that really matter is bad governance when significant risks are involved.
Read the original article at: Risk Management – Lessons from the Last 30 Years