The Ultimate Goal of Risk Management
In this session I want to talk about the ultimate reason we manage risk. And, it’s not to be compliant with the legislation, it’s not to be compliant with a regulation, it’s not to make sure that we can cover our butt’s. Obviously, yes those things are important, but the ultimate goal of risk management, the ultimate outcome of risk management is to allow management to make risk informed decisions.
Now what do I mean by risk informed decision; well a risk informed decision is obviously a decision whereby all of the benefits and all of the risks have been analysed equally. So we might get all caught up around the fact that we can take this opportunity and it’s going to lead to the organisation being bigger, better, faster, stronger, earn a lot more money have a lot more market share etc. etc.
But if we get captivated by that without asking those fundamental questions I’ve talked about before as, what can go wrong? Then we are not making risk informed decisions. Now, I’ve often heard the term or the phrase that risk management is a barrier to innovation, that the risk manager is the person who sits in the back of the room and is the ‘doom-sayer’ and says, you know, we can’t do this because this could go wrong.
Well, that is the actual voice of reason. The risk manager is the person who has the opportunity and also the responsibility to make sure that the organisation thinks about those things before they take that action. It’s not a barrier to innovation; it is an enabler – an enabler to innovation. But it’s well informed and well though-out innovation.
Now, how do we make those risk informed decisions? Well, obviously we need to start at the base and understand the things down below that can go wrong. So we need that to understand what the risk – the overall risk profile of our organisations is, because if our risk profile is too high, it might not allow us to make that opportunity or take that opportunity in the first place. And we need to make sure that we’re escalating all of these different things up to the executives so they can make those decisions.
Ultimately, that’s what risk and risk management is about. Obviously, yes we do want to protect our people we want to protect our brand, we want to protect our reputation, we want to protect all of those things -our assets. We want to be compliant; of course all of those things matter. But ultimately as an organisation you can’t stagnate; you cannot just sit there and just do business as usual without moving forward, and having a strategy to move forward. What risk management allows us to do as an organisation is to make risk informed decisions, and to grow, and to innovate and to move forward as an organisation to where our vision is. What do we want to be when we grow up.
Now, if we don’t understand the things that can go wrong in moving towards that vision, then we are going to take a very, very different path than that that we might take if we had thought of those things. So, when you are doing strategic planning or business planning – challenge. Challenge the assumptions that you’ve made, challenge the strategies that you’ve made. Ask the question, what can go wrong? Now if might be that you’re willing to accept that risk, but it also might be that you want to change the strategy so that you take that into account. You not going to be able to make risk informed decisions if you, unless, you actually understand risk and risk management. And that is the ultimate reason, or one of the ultimate reasons, for risk management.
Thanks for listening, and I hope to see you again soon, and let’s be careful out there.