Originally published in the SPS-Blog, October 8, 2018
As I read the newspapers, listen to news radio, watch TV news, stream business and general news, one of the words that shows up most frequently is “risk.” Risky decisions, risk-weighted analyses, risk-focused audit, cyber risk, climate change risk, to name a few examples.
Several business people have told me they just want to run their enterprises and, unless risk taking is explicitly part of the business model (as for an investment fund or insurance firm), they just don’t have time to worry about risk.
This preference, while understandable, appears to be at odds with the frequent media references, so I decided to consult some experts.
The 2018 International Standard on Risk Management (ISO 31000) says that the purpose of risk management is “the creation and protection of value. It improves performance, encourages innovation and supports the achievement of objectives.”
Another widely recognized industry initiative (COSO 2017) says that “Enterprise risk management enriches management dialogue by adding perspective to the strengths and weaknesses of a strategy as conditions change and to how well a strategy fits with the organization’s mission and vision.”
For a practical, pragmatic, “street view” of risk and risk management, I asked several business people for their views of why we should study risk management. In this article, I share the responses from two professionals active in the field. I’ll report the views of other professionals in other industries in future articles.
In support of proactive risk management, Madhu Philips, Compliance Officer for PGIM Investment Management, a Prudential company, observes that “History tends to repeat itself. Companies that do not invest in risk management tend to have preventable swan events. Enron failed to have proper governance and controls to identify the inherent risks in their financial structure. Even start-up companies that don’t employ risk management at an early stage, grow so fast that they are unable to contain the reputational risk associated with a risk event. For example, Uber failed to have appropriate conflicts policies and controls to avoid the tarnishing of its brand.”
Amy Gordon, Senior Service Director at Liberty Mutual, reports the satisfaction at being part of a “solutions team” working to improve safety and reduce risk to people and businesses, including employees, customers, and in manufacturing processes.
Ms. Gordon observes that a good risk manager is something of a “business anthropologist,” teasing out risk factors and risk appetite. She highlights the importance of seeing the big picture and investigating end-to-end implications, as well as the satisfaction associated with preventing problems – especially injuries to people – while noting that good risk managers never know the full extent of problems or injuries they prevented.
“In studying risk management,” Mr. Philips says that “the tools that you will gain will only enhance your career no matter which industry you work in. Managing risk is critical if you enter into healthcare, engineering, social work, and of course financial services. Risk management permeates every industry.”
I define risk management as the responsibility to reduce negative consequences and take advantage of (positive) opportunities consistent with a firm’s goals. Risks can yield good (upside) or bad (downside), so risk management should consider both.
Like all good leadership and—in my view—most topics that are interesting, risk management is interdisciplinary. That is, it uses lessons from many fields and is most effective when practitioners operate across company “silos” for a comprehensive approach. Risk management requires good analysis, good communications, thoughtful assessment of company goals and values and, absolutely, awareness of the broader environment in which the organization operates.
If we don’t study it, how will we be prepared to respond?
Join us to hone your risk management skills:
Create a Risk-Savvy Organizational Culture October 18-19, 2018
Effectively Measure, Compare, and Assess Risks November 8-9, 2018
Specialized Topics in Managing Risk: December 6-7, 2018 3rd Party, Operational, Financial, Cyber & IT Risks
Blend Risk-based Thinking into Strategic Management February 2019
Register at mville.edu/business/risk.
Michele Braun Director, Institute for Managing Risk Manhattanville School of Business