Being involved in numerous risk management efforts, discussions and debates throughout the organization, in a an advisory capacity or as a risk management practitioner, there seems to be a continuing gap in major areas of :
- what expectations are on the promise of risk management (integrated or ERM)
- the understanding of what risk management is all about
- the spectrum of risks that an organization faces
- the guidance amd directives in managing risks
- the roles and responsibilities in risk management
- the tools that are used to identify, assess and control risks
I am sure there are more areas than those that I have listed above. I believe these are the broad areas and anything else would probably form as a sub-category under any one of the above.
This gap has been evident through the feedback from our clients (subsidiaries), the satisfaction (or dissatisfaction) levels on expectations of risk management, risk management practitioners sense of what people's perception risk management is and what is actually happening on the ground, and more importantly in my view, the ability (or inability) to respond quickly, decisively to situations triggered by events that adversely impacts the organization.To be able to close this gap, in considering the legacy of risk management in this organization, I believe the following steps are imperative :
- Being honest with ourselves on the state of risk management in the organization today and where we want it to be
What were the successes and failures of the past? Leverage on successes, do not repeat the mistakes that led to failures.
What is the greatest complaint on risk management? This is to get the change perspective in risk management
What does strong risk management look like? Is there anywhere in the organization that we can see strong risk management already in existence? Can we leverage on that strength rather than re-inventing the risk management wheel? What measures do we use to define success in risk management?
How strong do you want risk management to be? Which relates to what is the tone from the top on risk management? How much weight and importance should risk management have in this organization?
- The answer to all of the above should help in setting a clear vision of what risk management should be in this organization. Without going into specifics, the vision for risk management should be "Integration of Risk in Decision-Making" with the mission being "Changing the Perpectives of Risk Management in the Organization"
- How should risk management change?
1
To Risk management is about understanding key risk drivers in decision-making and evaluating the impact of market risks onto these drivers and how this will change business decision
Risk helps robust decision-making
2
From Risk management is about reporting
To Ability to see the totality of risks will enable risk return trade off, assess marginal impact of risk decision-making, and direct targeted risk intervention by top level risk oversight function
“Risk of the whole is greater than sum of the parts”
3
From Risk assessment or risk profiling
To Risk management is excellence in execution, controls and the speed, flexibility and adaptability to change.
Confidence in risk exposures and the extent of mitigation in place
4
From Risk management is the job of risk managers
To Risk management is no different than any other business activity
Risk management and business strategy is inextricably linked and integrated in the business value chain.
No comments:
Post a Comment