First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Transforming risk management in 2019 and beyond

risk management

I was thinking about a post for the New Year that would highlight the changes I would like to see in both practices and thought leadership around the management of risk, when I listened to a new video from my good friend, Alex Sidorenko.

Alex had been attending a risk management conference in Dubai led by another friend, Alex Dali. In this video, he shares a key takeaway.

The risk management leaders at this global conference said that there were two indicators of effective risk management.

The first is that business decisions are informed and intelligent (my words). The consideration of risk is integrated into the setting and then the execution of strategies through daily decisions.

My caution is that when we are talking about ‘risk’, we should be thinking about all the things that might happen, not only harms.

In fact, as I wrote in my last book, we should be avoiding the word ‘risk’ as management has a negative perception of it.

  1. Most think it only relates to harms
  2. Managers tend to think of risk management as a compliance activity

In fact, if we think instead about anticipating what might happen and making informed and intelligent decisions with that in mind, there will be a common purpose and understanding between practitioners and the leaders of the organization.

That’s the second set of indicators: a common understanding and language around risk.

My preference, which I will restate, is that we discard the technobabble of the risk practitioners in favor of using the language of the business. (Where everybody in a mature organization is comfortable with technobabble, then continue to use it – as long as it is not focused solely on harms.)

I come back to a Deloitte study from a few years ago.

Executives were asked whether risk management helped them set and then execute on strategies. Only about 13% said it made a significant positive contribution.

So, Alex, my vote for an indicator of success is when the leaders of the organization in the executive suite and on the board wholeheartedly answer the Deloitte question with a hearty thumbs up!

In 2019, let’s press the regulators, consultants, and other thought leaders to focus less on managing harms (especially in silos like vendor risk management) and more on helping those leading the business anticipate what might happen and make intelligent and informed decisions.

I welcome your thoughts.

Follow me

Norman D. Marks, CPA, CRMA

Norman D. Marks is an Author, Evangelist and Mentor for Better Run Business, as well as an OCEG Fellow and Honorary Fellow of the Institute of Risk Management. Mr. Marks has been a practitioner and thought leader in internal audit, risk management, and governance for a long time. He has led large and small internal audit departments, been a Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions. Read more
Follow me

Latest posts by Norman D. Marks, CPA, CRMA (see all)

, ,

Comments are currently closed.