In our most recent Mastering Risk Management podcast @Anthony Wilson and @Brett Palmer discuss what is, and what is not, Risk Management. It sounds like a fairly obvious question, but the answer is perhaps less obvious than you might expect, with much white noise coming from the theorists amongst the risk management profession.
There are many different contexts in which risk management should be considered. There are the risk management professionals, either in the 1st or 2nd line, and there are those within the organisation who interact with the Risk Managers. There is the Chief Risk Officer, and the Board, the Audit & Risk Committee, the Executive, Clients, and external parties such as regulators. All are likely to have a different understanding of risk management and the role it plays in an organisation.
From within the business, risk management should be seen as supporting the business taking more risk, not less. As we emphasise in the podcast, any organisation that has a Risk Manager to prevent taking risk is on the completely wrong path. We use the example of the brakes on a racing car that enables the car to go through corners faster. Another example might be the credit policies of a bank. You could say that the policies are designed to stop you taking certain risks, but they are designed to enable you to define the boundaries in which money is lent, and for a bank that is a big part of why they are in business. The policies help the bank take risk.
We also talk about the importance of considering opportunity risks. Many organisations approach risk purely from a threat perspective, failing to consider and exploit opportunity risks. Risk management is about the creation and protection of values.
Everybody in an organisation has a role to play in the management of risk. That doesn’t mean that everybody within the organisation needs to be a risk management expert, and for most a level of awareness is enough. The business are the subject matter experts on the risks across the organisation. The risk team provide the framework, tools, leadership, and subject matter expertise on risk management. Done well, the controls for effective management of risks are embedded into the operational procedures and processes across the business. The question is whether they are the right processes and procedures – do they provide the appropriate level of control to create and protect value - and whether they are operating effectively?
The podcast aims to generate a level of discussion across a wide range of risk management topics. For many, the discussion will provide clarity, and for some they will no doubt have a different view on what risk management is, and isn’t. This applies equally to organisations where the approach to the development, implementation, and ongoing management of an effective risk management function differs for each, taking into consideration the myriad of differences between them. There is no “one size fits all” solution here, but we at least know the bookends in which risk management will be effective for all organisations.
If you haven’t already, have a listen to the podcast chat HERE and feel free to give us your opinion. And let us know if you have other risk management topics you would like us to discuss in future podcasts – we are keen to hear from you.
From risk comes opportunity.