Risk and the effective manager
If you are to be an effective manager and achieve your objectives, you need to be able to manage the risks to the achievement of your objectives. There can be no question about that.
Yet, many organizations separate the risk management function from operating management and designate a chief risk officer as responsible for the management of risk. Their boards establish a risk committee and have separate discussions about strategy, performance, forecasts, and risk.
Sorry, but this is nonsense.
The only risks we should worry about are those that might affect the achievement of objectives (and it doesn’t matter whether you prefer COSO or ISO; both sets of guidance say this).
The setting and execution of strategy and objectives and the consideration and management of risk go hand-in-hand.
The people who should own risk are the people who own performance and the achievement of objectives.
So, why do we talk about risk managers and a risk management function when the people who own and manage risk are in operating management?
Is it time to recognize that risk management should not be a separate profession but an essential element in effective management? Should we not establish risk managers as subject matter experts who are not there to own risk, but to advise and help those who do own risk?
I welcome your comments.