GRC Tuesdays : Why I Love Risk Management… and I Think You Should As Well
The bottom line is pretty straight forward: it’s because risk management is not about preventing the business from progressing faster. It’s actually to help it thrive and take the right level of risk – the one that will support the achievement of the objectives and won’t endanger the business in case it encounters a few roadblocks on the way.
Who would drive a car at night and not turn the headlights on? Or go on a long trip without checking the level of petrol first?
Risk Management Is Reactive and Proactive
That’s precisely what risk management is – a constant petrol gauge to ensure the company is sufficiently fuelled and won’t run out of gas before it reaches its destination. That’s the reactive part.
But risk management also incorporate a proactive part, hence the headlights in the night analogy. Our context and environment is always changing, and so is the road you’re driving, so making sure you can see all the curves and other cars ahead of time will prevent last minute swerves and enable a smoother drive.
Risk Management Is Insurance
Risk management is also about ensuring that you have the right level of insurance. Not only because it’s a legal obligation when you own a car – a regulatory risk if not complied with – but also because, if you’re the sole driver of your compact two-door-car, do you really need an insurance that covers two extra drivers and all damage liabilities for a Lamborghini class vehicle?
Well, with risk management, you’re able to identify what could go wrong and to quantify these events in the context of your business and its own value. Hence, when you transfer your insurable risks, you can confidently select the right level of coverage and optimize your insurance costs.
The potential gain can then be reinvested in the business to add more fuel and go further.
In order to be as close to reality as possible, risk management has to rely on a network of in-house business experts since they’re the ones who know the business like the palm of their hands and can not only explain what the potential risks are, but also can work on finding responses that would appropriately mitigate them.
There’s where risk management goes to full power – these business experts are not necessarily risk specialists, so both departments need to work together to come up with the list of threats and their associated mitigations in a manner that’s consistent with the company’s risk management framework so as to be reportable and comparable across all business units.
If risk management has the ear of the business and is correctly perceived as a trusted value-add activity, then this will not only go smoothly but will ensure continuous discussions and updates. And this is worth its weight in gold for both parties.
As you can read, I’m a strong believer that risk management is much more than a consolidation and reporting function, it supports effectively the efforts of the complete company: from its operations to its management functions.
A department that focuses on the long-term sustainability of the company – doesn’t that sound like a good place to be in?
Originally published on the SAP Analytics Blog