Expand +



Risk management: More than just a "get out of jail free" card

by Graceanne Bowe

April 15, 2010

Say the words "risk management," and visions of corporate executives getting hauled off to jail spring immediately to mind.  In fact, at a focus group held at SAP Insider’s GRC 2010 conference last month in Orlando, a majority of participants admitted that risk management activities in their companies are carried out primarily in response to regulatory compliance requirements.  Executives in these companies tend to view risk management as a necessary evil--a means to combat the potential threats of fines, scandal, and prosecution.  And they also view it as a costly activity with little to no ROI or upside to the business.

A recent white paper written by Steve Wagner and Mark Layton of Deloitte, "The Two Faces of Risk: Cultivating Risk Intelligence for Competitive Advantage," suggests that this may be a shortsighted approach and that avoiding threats is only one side of the story.   When a company limits it risk management focus to regulatory and legal compliance, it manages what the paper calls “unrewarded risk.” However, when a company expands its risk management strategy to include an analysis of conditions or practices within the organization that directly affect growth opportunities and that enable it to make smart bets about which new products to push to market or how to boost sales of existing products, it is now focusing on “rewarded risks—“those that will boost revenue, profitability, or shareholder value.  In short, the paper asserts that these companies make money because they take more intelligent risks.

Infusing risk management practices into the corporate culture is not an easy task, and Wagner and Layton offer 11 steps to help companies embark on the path to risk intelligence.  Just a few of these steps include: Engaging peers and subordinates in conversations about risk, hold off-site meetings to address risk, create formal crisis response and escalation procedures,  challenge basic assumptions that could cause you to fail, understand the differences between rewarded and unrewarded risk, and prioritize—focus on the vital few instead of the trivial many.

What does your company’s risk management strategy look like? Are you focused primarily on avoiding threats or seizing opportunities—or both?  We’d love to hear how your organization handles this vitally important issue.

To view this article, click:

An email has been sent to:

More from SAPinsider


Please log in to post a comment.

Sven Ringling

9/25/2013 8:41:38 PM

Hi Graceanne,

excellent points.

In my book, the "stay out of jail" if for corporate risk management what "landing safely at the right place" is for the airline industry. Got to do it, but won't take you far.

Your point about culture is a very valid one. Risks are ugly. If you show them to us all the time, you are no longer invited for tea (or coffee on your side of the Atlantic).

As paper exercises are required, companies pretend to deal with risks. But only with those they know and even know how to deal with them. Risks are only brought up in a meeting, if you can deliver the solution right with it. Otherwise you spoil the party. You may bring a tame risk, but not an ugly one.

I love the thinking of Taleb's "Black Swan". He may be a bit over the edge in the aggressiveness of his message, but this takes nothing away from the quality of the content. As someone, who is interested in people management, I wrote a paper recently about Black Swan readiness on the people and culture side:
and here are a few books in the context of "ugly risks":

take care