But here is the key question. If the leaders of the organization are not persuaded that risk management is adding value by enabling success, and believe that there are better ways to invest scarce resources, why should we surprised that the risk management activity is under–funded?
The word, a magic word with amazing power, is “why”. Let’s think of the power of this word when it comes to risk and risk management.
I have been saying for a while that one of the reasons for the disconnect between senior executives and risk practitioners is the latter’s language.
This last week, COSO published an Exposure Draft of its ERM Framework Update, freshly entitled Enterprise Risk Management – Aligning Risk with Strategy and Objectives. The COSO update is a significant moment for all risk practitioners. So I strongly recommend that everybody take the time to review and give careful consideration to the draft.
How do you expect a CEO to believe risk management enables success when all the CRO gives him is a list of what could go wrong? He needs help to see what might happen, both good and bad, and what to do about it—in other words, risk management needs to be seen by the CEO as helping him or her get where he or she needs to go. Do you share my view? If so, how do we move both the practitioner and academic community?