Why are risk managers and consultants consumed by the negative?
The Canadian Institute of Chartered Accountants has produced a variety of excellent board guidance on risk management and other topics. Their latest effort, written by John Caldwell, is A Framework for Board Oversight of Enterprise Risk. It does not meet, in my opinion, the CICA’s normal standard.
I am concerned that Mr. Caldwell has defined risk purely from the downside and failed to consider the ability to seize opportunities to achieve or surpass objectives. Does this concern you as much as it does me?
Last week, I talked to a couple of hundred board members in Kuala Lumpur and their eyes seemed to open when I talked about the difference in receiving information about the sales forecast in these situations:
Option A: The board is informed that management’s forecast for the next quarter is $80m.The attendees’ attitude was that this is the type of information they normally receive.
Option B: Informed that management has a 70% confidence level that revenue for the next quarter will be $80m. (This is not, unfortunately, information directors normally receive). Directors should ask why the confidence level is only 70%, what are the other possibilities and what factors are involved.
Option C: Informed that management has a 70% confidence level that revenue for the next quarter will be $80m, with a 30% likelihood that revenue will reach $90m and 90% confidence that revenue will be at least $65m. Directors should start asking what actions management is taking to increase the likelihood of $90m, and to limit any downside risk of failing to achieve $80m.
When risk information is added to performance information, management and the board can take appropriate actions to optimize outcomes.
Isn’t this an important element of risk management, or are we to be limited to a Cassandra role? Is the sky in the risk manager’s world always to be falling?
Both ISO 31000:2009 and the COSO ERM Framework see the potential impact of uncertainty on objectives as being positive as well as adverse. Shouldn’t all risk managers share that view? Shouldn’t advisers to boards also see the silver lining?