To find and manage the most destructive business risks, leaders must build a culture of risk management that is vigilant in its pursuit, innovative and agile in its control response, and disciplined in its execution.
Today?s businesses are learning hard lessons about risk: BP Deepwater Horizon, naked credit default swaps, and more than $63 billion in failed U.S. technology projects, to name a few high-profile cases.Each of these disasters caused billions of dollars in value destruction, yet each of them happened on the watch of competent risk managers who did their jobs properly. Each had compliance systems, regulators and oversight mechanisms expressly designed to mitigate risk.
So what went wrong?In a word: systemic. Systemic risk originates in the complex interactions among the components that constitute a system. Either individual components can function flawlessly while the overall system experiences a massive failure, or the system functions as an impact multiplier, magnifying the impact of a single component failure.Managing systemic risk requires a culture of risk management that extends beyond the individual components to the edges, seams and overall system behavior.
Mature risk cultures are characterized by a set of essential management practices that ensure that the risk framework of the enterprise functions at a consistently high level. These include the following:
Identification
Risk identification is the process of identifying sources of risk from all directions, internal and external. Risk identification is an inherently creative process, and as such, it requires the collaboration of diverse minds and different perspectives that represent all constituencies.
Control
Risk control is an analytical process that devises a control system to mitigate each identified risk. Control systems range widely. They can be designed to respond to a risk event, re-engineer the process to eliminate or transferthe risk, or detect the risk early, before it can cause significant damage.
Testing
Control systems require compliance to be effective, and testing simulates risk events and the control-system response. Test results are fed back into improved and more-effective control systems; they also serve to identify new sources of risk, each of which requires a corresponding control system.
As our knowledge economy expands and global interconnections increase, complexity grows exponentially. Business leaders and risk managers must proactively manage complexity by constructing control systems that not only function in complex environments, but also adapt and evolve along with them. Our risk systems and culture must evolve as fast as the changes we see around us.
Jeffrey Bruckner is the chief knowledge officer of BTM Corporation. BTM innovates new business models and enhances financial performance by converging business and technology with its products and intellectual property.? 2010 BTM Corporation | [email protected]
