Sunday, April 19, 2009

Thinking about risks

Knowledge@Wharton recently published "Re-thinking Risk Management : Why the Mindset Matters More Than the Model" on April 15, 2009.

The entire article can be read by clicking the here

In reading this article, I relate this to our role as risk managers in this organization.

  1. In refining our risk management approaches, mindsets in the manner we think about risk need to change. The article emphasizes that "too much blame being placed on the risk management model and other tools of the trade" and argues "that risk models or tools are not necessarily broken, but instead are only as good as the decisions that get made based on them". We need to understand that risk models and tools can only assist us in making decisions, albeit judgemental, and we need to provide these insights to complement these models to senior management. We need to understand the assumptions underpinning these models, and more importantly understand the risks that are not represented in these models.
  2. It is not sufficient to get a fuller picture of risk, there is a need to develop a more integrated view of risk. In this risk managers need to understand events in the market that impacts us do not happen by risk type. The lines between credit risk, market risk, and operational risk gets blurred when there is a significant event or during the period of crisis. While the skills for each type of risk can be distinguished, it is more important to develop the capabilities in understanding how these risks impact each other and have an integrated view of risk.
  3. "Decisions need to be made faster, but based on information we don't have."
  4. While we have been "internally focused", "businesses around the globe have become increasingly interdependent" which increases companies' exposure to risks, perhaps risks that we don't know about. Risk management of the future needs to "look beyond the known issues to look at links and interdependecies." Key to this is to define not ALL links but rather the major links that we as an organization have not thought about OR we believe is key in achieving our growth strategies.
  5. Elevating risk management to a strategic level means making risk management discussions more strategic than operational. I believe in risk management needs to be cast in operational decisions. However, another level of risk management, strategic, needs to be defined and approached. Risk managers should also be part of the team of strategists, and think about not just downside risk, but risk of not acting on the upside. Risk managers should facilitate decision making in uncertain conditions facing the industry that a company is in.
  6. Risk considerations then need to be embedded at multiple stages in business, be it strategic planning, budgeting and evaluating risks vs. rewards in various aspects of decision-making. We can have the best tools and capabilities in risk management, but, if we are not serious in integrating risks with strategic decision-making process, risk management will continue to be thought as operational excellence, support and a compliance function.

These represents my thoughts as I was reading this article. Of course, implementation considerations and strategies to achieve the points raised above requires more thought than just summarized points above.

No comments: