A great review of World-Class Risk Management
My thanks go to Deborah Ritchie, editor of Continuity and Risk magazine, for reviewing and commenting on World-Class Risk Management. My thanks also to James Stevenson for letting me know about it (it was a pleasant surprise!)
This is what she said in the September issue (see page 9).
While the principles of risk management are well established, there are numerous hurdles to be overcome in creating and maintaining a long term, effective and valued programme that truly supports the business. Focusing on this challenge, this book sets about tackling the lofty goal of achieving world class risk management – something that author Norman Marks, having spent his entire career leading audit, risk and compliance programmes for a variety of firms, is well positioned to advise on.
In this his fourth book, Marks ultimately proposes that world class risk management can support better decision making – not a new idea in itself, but by dissecting the two common standards used for risk management (COSO and ISO 31000) he offers us a new angle through a critique of the steps involved, along with his own recommendations for improving them.
Marks argues that the risk management apparatus we put in place can often develop a life of its own and may be detached from day-to-day management decision making. To help combat this, one simple recommendation is to simply ask the executives about how they make decisions, and to use their response to evaluate and inform how effective and embedded risk management activity actually is. World Class Risk Management offers a pragmatic, practical and yet sophisticated guide to risk management. It will be useful to professionals seeking to improve their risk management programmes and those involved in considering the practical issues associated with COSO or ISO 31000 implementation.
There are some areas where the author’s recommendations may be difficult to implement in full – perhaps no surprise given that truly ‘world class’ risk management is never going to be an easy ask. As Marks himself admits, achieving world class risk management is not easy and very few (if any) have done so, but hopefully the advice in this book will help many business leaders take practical steps to improve and establish a clearer vision of what it might actually look like.
A text book, dear readers, this is not – neither is it suitable for newcomers to risk management; instead offering a useful and practical commentary to challenge and advance effective risk management at the executive level.
If you have read the book, I would love to hear what you think about it – both whether you obtained any benefit and whether you have substantial disagreement. As my friend Jim DeLoach has said about the book (paraphrased), “if you are wedded to traditional risk management practices, this is not for you. Norman challenges traditional ideas and makes you think”.