Risk STILL isn’t optional: nor is the truth!
Thursday, 6 September, 2012 1 Comment
Where are the “risk leaders”?
Instead of FS compounding the problems we should be utilising our expertise and resources to establish a means of “repaying” society, by promoting, supporting and investing in building community resilience.
EVERY project, process, task, operation being undertaken by an organisation is reliant upon varying degrees of INTER-CONNECTED process that (often unseen) underpins function. Each contains some degree of risk.
The more complex the process or product the greater the exposure. Risk does not ‘run parallel’ to function, it is inherent to it and, as such, RM cannot be viewed as an option or add-on! To me this, scarily common and naive perspective serves to reinforce the need for a paradigm shift in Corporate culture.
I have revisited this old article for a couple of reasons. Firstly, (even though I say so myself) I thought it rather good! Secondly, I am seriously concerned that, where there should be “thought leadership”, there are, instead, clear signs that in some quarters a, subjective, consultancy-led approach is preferred to a rigorous, quantitative, analysis of business exposures!
This despite IRM, in a paper issued last year [Risk Appetite & Tolerance], advocating a more quantitative approach. In their accompanying webinar they offered a timeous reminder of Board level responsibilities:
So, I find this wilful blindness to reality as surprising as I do frustrating. Because, from where I’m viewing things (and I am certainly not alone), it isn’t just the ability to better prepare businesses or organisations – in both Public and Private sector – for the exposures they (and those like them) have faced in the past. It is about building RESILIENCE to the impact of events that aren’t just “probable” (risk) but are both possible and, entirely, plausible.
Due to the fragile state of our national finances, unforeseen disruption or failure could have a devastating impact upon individuals, families, communities and local economies – at a time when we can ill-afford it.
To assume that all we need concern ourselves with is risk is to underestimate the nature and scale of change that society has undergone in recent decades. Or do we really take the technological capabilities of the Digital Age, that we now enjoy, totally for granted?
If all we do is view future uncertainty based upon our past experience of risk then we have very little reliable data upon which to “calibrate” sustainable strategies.
Doesn’t this pose some really hard questions for the credibility and stability of the role of risk management and the future of their various Professional bodies?
Can the Profession withstand more reputational damage?
In fairness, I never entirely bought-in to the, “failure of RM” myth that surrounded the virtual collapse of global banking. Although it is easy to identify RM failures these has been used as a convenient smokescreen for the “success” of a morally corrupt philosophy created, cultivated and still evident in the, self-serving, institutional model.
The dangers of voicing legitimate concerns about the prevailing culture are apparent when we consider the treatment of guys like Paul Moore, the former HBOS Risk Manager. Even when “injustice” hasn’t been so swift and emphatic, the role of RM has tended to come a poor second to the reckless pursuit of profit that has been a feature of the type of Irresponsible Capitalism…on steroids…that was sanctioned in a light-touch-regulation world!
We “know”: about the differences between risk and uncertainty: that interconnected entities present a very different probability distribution; about “Black Swans” and low probability/high impact events; the threat of “systemic risk” is significant and straddles domains as readily as it does, “scales” (micro to macro), business sectors and national borders; that, in the face of uncertainty, we NEED to (re)build RESILIENCE…
A toxic Corporate culture spread through the financial system and contaminated organisations and institutions across the globe at every scale.
I am in 100% agreement that getting the culture right is vital BUT it MUST have a sound basis…otherwise it is like building on sand! So there can no excuses for peddling a wishy-washy ‘risk culture’ solution built around conventional ERM without acknowledging and addressing the deeper issues. The process of creating a sustainable risk culture and resilient business can only begin by embracing the tools that expose recognised sources of risk…self-assessment CANNOT be objective. And, if the prevailing culture is to pursue growth & profit without conscience (the mark of Irresponsible Capitalism) then an, objective, quantitative justification of strategic risk-decisions to MAINTAIN THE RESILIENCE of the organisation, project, division, etc. is more likely to resonate across silos and in the Boardroom (the CRO’s friend!).
(needless to say I particularly like the ATK perspective – see infographic below)