Risk management practices are fundamentally flawed for 3 reasons. It is not generally accepted that strategy is the source of all risk; strategy is not seen as a system; and risk is not seen as a strategy in itself that needs to be managed.
Let’s look at the evidence for this opinion.
J.P. Morgan agreed last week to pay some $13 billion in fines to the US attorney general for its role in the 2008 global financial meltdown. Bank of America will likely settle for around $6 billion dollars. And what about the role of Federal and State regulatory agencies? Wasn’t their mandate supposed to be risk identification and prevention?
Shares of Research in Motion, the failing maker of the Blackberry, have fallen from $150 to $9.00. There’s a failed risk management story there somewhere.
The list goes on and on: Costa Concordia; 1.3 billion euros and counting. And that's just to float and tow away the wrecked ship. The cost of Japan’s nuclear power plant tragedy will be measured in hundreds of billions.
How about the European “horsemeat in the beef” scandal or leaking pipelines and drilling rigs? Then there are the collapsing bridges, car recalls, train derailments, airplane crashes, and hospitals with superbugs and misdiagnosed patients.
And let’s not overlook the tragic collapses of garment factories in India and Bangladesh or the fact that no one seems able to complete a major capital project at anything close to approved budget.
So what about current risk management approaches needs to change?
First: Accept that strategy is the source of all risk
This is a tough concept for a lot of folks who are hung up in the myriad number of arcane definitions for strategy. It’s an easy concept to understand if strategy is defined as simply being a choice of action. This definition takes the focus off the vocabulary for strategy and puts it on the actions being contemplated.
Right now, everyone keeps looking to the external environment, industry, and all over the place for risks. One consulting firm says it has developed a map that identifies every known risk there is. That’s great, but until you understand your choices of action, namely your strategies, all risk is academic.
The traders of 2000 years ago didn’t worry about listing all known risks. They only worried about whether the goods they had just loaded onto a goat or sailboat or donkey were actually ever going to arrive at the intended far-away markets. And they did deals to hedge that risk. This was the beginnings of insurance as a discipline. Start thinking about the risks to a specific strategy and you will instantly have a different appreciation for the real risks to consider and the power a specific strategy provides to risk focus.
Second: Start seeing strategy as a system
A business doesn’t have just one strategy. It has an intricate strategy system. And, as is the case with all systems, there are relationships among the various strategies in it. These relationships need to be understood in order to identify and manage risk.
For more on this concept, see our post Strategy Models: Where are They?
Or visit our dynamic modelling site: Drag'n'Drop Strategy
Third: Risk needs to be managed as a strategy
It is interesting to note that Fayol, in the first book written on the newly emerging subject of strategy, lists risk as just one of a set of strategies common to all organizations that need managing. But that’s not how most management and boards see risk. They see risk as a subset of the CFO’s responsibilities or, worse, as the responsibility of a committee of the board. It is certainly not seen as a strategy to be managed.
Even more alarming is how many regulators and insurers think the dominant strategy in their strategy system is something other than risk. Yet, when you look into it, a regulator’s mandate makes risk the dominant strategy and, as for an insurer, risk has to be its main focus.
Until these issues are addressed, risk management will not improve. And this is not a good thing.
For more on strategy and risk, read The Alpha Strategies, Understanding Strategy, Risk, and Values in Any Organization, available in Kindle.
Comments