Home > Risk > The Role of the Risk Officer

The Role of the Risk Officer

October 11, 2021 Leave a comment Go to comments

A friend and colleague[1] has written a bit of a rant on risk management in a new blog post: How Can So Many Get Risk Management Wrong? 3 Ways to Fix Your Approach.

Doug Anderson has a wise head on his shoulders, and I agree with everything he says in this piece – which I recommend.

I especially like how he summarizes his position:

When I was part of a management team acquiring and divesting businesses, evaluating capital projects, setting pricing strategy, and exploring investments in new technology, risks were an integral part of each decision. I may have addressed the risks poorly or well, but I was still doing “risk management” as an integral part of making the decision. RM may be best thought of as a mindset and discipline – supported by tools, expertise, and process.

The question is not whether to manage risk, but how to manage risk. Will it be through ad hoc, inconsistent, or poorly-executed actions? Or, through disciplined thinking and structure to make sure it is managed correctly?

I challenge you to rethink how you view RM – a centralized, formal process that has no substantive impact on your organization or a functional discipline that improves decision making. Don’t immediately start with lists of risks, mathematical models, charts, and endless meetings. Instead start with understanding your business, the decisions to be made, and how the risks that are an integral part of your decisions will impact your business’ success.

If risk officers are not viewed by managers as helping them be successful, helping them make informed and intelligent decisions, they are not effective.

It is not enough to try and help; it is necessary to help in a way that is recognized as significant by your customers in management.

My favorite measure of risk management effectiveness is this. Ask your managers and executives whether risk management, as practiced in the organization and by the risk team, makes a significant and sufficient difference in your ability to make the informed and intelligent decisions necessary for success. Alternatively, ask them whether (as Deloitte once put it) risk management helps them set and then execute on business strategies.

What do you think?

[1] He was chair of the IIA’s Professional Issues Committee when I was a member.

  1. October 11, 2021 at 7:48 AM

    I would first ask how much money was saved because of good risk management, better decision making is second. Risk management should pay for itself before anything else

    • Norman Marks
      October 11, 2021 at 7:57 AM

      Alex, for once I will disagree. Money is saved as a result of good decisions. Good decisions also lead to avoiding costs and increasing revenues, but saying how much is the result of work by the risk officer is a political battle I don’t want to fight.

      • October 11, 2021 at 9:14 AM

        Generally sure, what I was saying before any RM2 discussion the risk manager should and can pay for himself, through insurance, procurement, financing savings, then RM2

        • Norman Marks
          October 11, 2021 at 9:32 AM

          Alex, insurance is more often in a different unit. In any event, the ability to save money through insurance premiums is less than the ability to save the organization through effective decision-making.

    • David Callanan
      October 11, 2021 at 1:14 PM

      But alex, good decision-making IS risk management, and vice versa. Why are you ranking the two separately? Isn’t that the whole point Norman and Doug are making?

  2. October 11, 2021 at 12:47 PM

    Many of the 15,000 SaaS solution providers are now starting value management departments/programs to educate their workforce and their customers on the value their solutions create. These programs last the lifetime of their customers relationships (and their customers) for a lifetime proving ROI and value realization confirming decision made in the first place. Vacuum/Void left empty by risk management. You can download information on my webpage — link below. look for “Value Management & DecisionLink=Value Advantage” Coming to an industry near you.

  3. October 12, 2021 at 1:23 AM

    Since staff at all levels have to make decisions they should have training in how to make the best decisions. The training should therefore involve:
    What decisions they are expected to make
    What decisions must be taken by more senior staff
    What information is required to make decisions
    How to process this information to arrive at the best decision.

    Risk managers should be involved in this training and internal audit should check it has been done as part of every audit.

    • Norman Marks
      October 12, 2021 at 6:24 AM

      100% agree, David. I would prefer training about decision-making to training about “risk management”.

  1. October 11, 2021 at 8:37 AM
  2. October 13, 2021 at 10:01 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: