Skip to Content
Author's profile photo Former Member

Looking for the wrong risks in the wrong places?

This blog post was written by Bruce McCuaig.

Webcast: [Business in the Moment] Three Questions Every Organization Should Ask to Optimize Their Risk Management

Speaker: Bruce McCuaig, Director of Solution Marketing – SAP Solutions for Governance Risk and Compliance

Date: July 19th, 2012

Time: 9:00am PDT / 12:00pm EDT / 6:00pm CET

As a risk management consultant and practitioner for many years I have observed that risk management practices are too often failing to meet the value test; they frequently neither add value nor protect value and risk management as a discipline continues its struggle to gain a foothold in business. Practitioners are looking for the wrong risks in all the wrong places.

Here is an example. Many risk management strategies consist of carefully defining the organization’s structure and related business processes and attempting to identify and assess all associated business risks. I see this all the time.

Before too long thousands of risks are identified and assessed, heat maps and risk registers are carefully compiled and soon and everybody loses interest.

Here is the problem. While all these risks might be correctly and accurately identified and assessed, from a practical perspective most of them don’t matter much, the sheer volume of information becomes too much to manage and eventually the initiative loses momentum and dies.

Our webcast on July 19 is intended to address this problem and create sustainable, value adding risk management initiatives. We believe that risk management must be implemented using a value focused approach by asking three basic questions:

  • What is the fundamental value of our business?
    • If you don’t start with value as context, you won’t add value with ERM. We will provide specific examples of business value drivers in specific industries. But test yourself by asking yourself what are the fundamental value drivers in your business.
  • What activities and processes create the value our stakeholders want?
    • Risks that don’t link to value driving activities are irrelevant to ERM. It’s not the jon of risk management professionals to make risk management decisions. But it is their role to provide insight into how value is created and destroyed. We’ll show you some examples.
  • What emerging risks can destroy our business?
    • Identifying emerging risks is critical, and must be part of an ERM strategy, but it is insufficient to sustain ERM. A risk management strategy that puts management on the defensive will be tough to sustain.

Here is a fact of life: I have found that about 25% to 30% of business activities and processes add real value. At best, most of the rest of the activities, if well managed, support the value adding activities, but they do not directly add value themselves. Accounts payable and payroll are examples of value supporting activities. They are essential, and significant risks can occur if they are not well managed, but they don’t generally add value in and of themselves. Identifying and assessing risks in non-value adding processes simply clouds the issue.

It’s not that these activities don’t deserve the scrutiny of risk management professionals. The problem is these important but non value adding activities are getting 75% of the attention. 

Join Bruce McCuaig on July 19th to learn more. Click here to register today! 

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      What an interesting perspective on risk. Most controls people think of money walking out the door as among the highest risks, so payroll and accounts payable risks and segregation of duties get a lot of attention. I am looking forward to this webinar and learning more about about focussing on risks in value-adding processes.


      Author's profile photo Former Member
      Former Member

      Hi Anitha,

      Quite Interesting.


      Hari Suseelan