Embedding Sound Risk Management Practices into an Organization
Core principles for risk management adoption within an organization.
Business leaders don't like to be viewed as glass-half-full types. They want to be seen as can-do optimists who see possibilities everywhere and bravely lead their enterprises on to greater heights.
So how, then, do you get these "visionaries" to embrace risk management philosophies as they set the company's course? It's not easy, but it is the first step in establishing company-wide strategic risk management (SRM), a hot topic in risk management circles the last couple years that has yet to take firm hold in many enterprises.
At this spring's Risk & Insurance Management Society (RIMS) conference, Mark L. Frigo, director of risk management centers at DePaul University, noted the inherent friction between go-go innovation and the prudence of a risk management mindset. In a piece at Business Insurance (you will need to register before reading the entire article), Frigo is quoted as saying:
Strategic groups often do not like working with risk management types. They often view risk management as putting on the parking brake when they want to go 100 mph.
One trick to overcome this reticence is to position SRM as a proactive process, as opposed to a hand-wringing exercise. In fact, RIMS last year released a definition of SRM as: "a business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that affect an organization's strategy and strategy execution."
Some senior managers might call that a pretty generic definition of strategic thinking, particularly when you throw in "untapped opportunities." At last year's RIMS conference, Carol Fox, the organization's director of strategic and enterprise risk practice for RIMS, suggested that risk managers may be too focused on past data and need to take a more forward-facing approach.
Fox also cited an Accenture survey in which respondents cited "increased certainty in meeting strategic and operational objectives" as the second-leading benefit (24 percent) of implementing SRM, behind risk mitigation. Regulatory compliance (16 percent) also scored highly, so the "strategic" value of SRM has yet to fully entrench itself, it seems.
Beyond that, Frigo laid out a seven-point plan for establishing SRM in the Business Insurance article. It begins with review of the strategy itself, and then moves on to gauge the risk tolerance culture of the enterprise.
A late step in the process is to communicate the resulting risk management plan to the enterprise, which is always key. Some managers - perhaps the most innovative in company - will likely see SRM as an obstacle, not an asset. Experts agree that staying upbeat and focused on opportunity is key to successful adoption.