Say the words "risk management," and visions of corporate executives getting hauled off to jail spring immediately to mind. In fact, at a focus group held at SAP Insider’s GRC 2010 conference last month in Orlando, a majority of participants admitted that risk management activities in their companies are carried out primarily in response to regulatory compliance requirements. Executives in these companies tend to view risk management as a necessary evil--a means to combat the potential threats of fines, scandal, and prosecution. And they also view it as a costly activity with little to no ROI or upside to the business.
A recent white paper written by Steve Wagner and Mark Layton of Deloitte, "The Two Faces of Risk: Cultivating Risk Intelligence for Competitive Advantage," suggests that this may be a shortsighted approach and that avoiding threats is only one side of the story. When a company limits it risk management focus to regulatory and legal compliance, it manages what the paper calls “unrewarded risk.” However, when a company expands its risk management strategy to include an analysis of conditions or practices within the organization that directly affect growth opportunities and that enable it to make smart bets about which new products to push to market or how to boost sales of existing products, it is now focusing on “rewarded risks—“those that will boost revenue, profitability, or shareholder value. In short, the paper asserts that these
companies make money because they take more intelligent risks.
Infusing risk management practices into the corporate culture is not an easy task, and Wagner and Layton offer 11 steps to help companies embark on the path to risk intelligence. Just a few of these steps include: Engaging peers and subordinates in conversations about risk, hold off-site meetings to address risk, create formal crisis response and escalation procedures, challenge basic assumptions that could cause you to fail, understand the differences between rewarded and unrewarded risk, and prioritize—focus on the vital few instead of the trivial many.
What does your company’s risk management strategy look like? Are you focused primarily on avoiding threats or seizing opportunities—or both? We’d love to hear how your organization handles this vitally important issue.
To view this article, click: viewer.bitpipe.com/viewer/viewDocument.d...