As we began the year looking at a continuing economic crisis, it became increasingly clear that the lack of proper risk assessment and management played a leading role in the crisis. While this was especially true for Wall St. and financial services firms, no companies were immune.
With financial regulatory reform almost certainly headed to President Obama's desk for approval in the first quarter of 2010, I'd like to offer my list of top 10 must do's for effective risk management in 2010... and beyond.
Remember, each organization is different and has special considerations; however, these steps can be effective for just about any company.
- Define and formulate your company's appetite and approach to risk: What are the company guidelines on risk tolerance? What is considered material? What are criteria to be used? Also, be sure to balance them with the company's goals. Get approval and buy-in from the top down.
- Determine where your company stands on the enterprise risk management maturity continuum: Where do you stand? Understand the attributes and how they characterize your organization. Determine what your next steps are and how to get from one level to the next. Most importantly, assess how far you can go with the resources available.
- Create a long term plan: Set and quantify your objectives. Involve others in your company. Form a cross-functional risk management committee representing all disciplines/departments with a strong senior leader.
- Drive change, educate and communicate across the entire organization-regularly: Speak the same language, encourage collaboration, drive culture change. This is not a one-time event- it's an on-going business process. Risk is as much about opportunity as it is about negative impact. Communicate this message clearly and to those parts of the organization responsible for financial performance.
- Perform a risk (and opportunity) audit/ assessment of the whole business: Go beyond traditional hazard risks. Measure risks against opportunities throughout your business to define and drive initiatives that will lower the total cost of risk and capitalize on opportunities.
- Prioritize your exposures and measure the interdependencies of identified risks: One department's risk- or risk mitigation plan, for that matter - can have repercussions on other areas of the business. Be sure that the impact of the risk is understood and quantified for the best decision-making.
- Use one or more techniques for treating identified risks: Avoidance, mitigation, transfer, financial instruments, etc.- do not be confined to insurance as your primary treatment of risk (see AIG). A combination of techniques is often the best approach. Be creative and encourage innovative plans and approaches.
- Leverage technology from the start: Use technology to implement risk management measures quickly and demonstrate the benefits sooner rather than later. Simplify a perceived onerous process; automate repetitive manual processes; drive accountability with reminders, alerts, and escalation. Allow systems to track, aggregate, and integrate your processes. (I've talked in the past about how spreadsheets are not enough.)
- Make everyone a risk manager: At its most basic accountability and attention to detail in daily activities translates to good risk management. Sometimes it is one person's perceived "small" error that can cause a negative chain of events. If people properly understand the role they play and the impact they can have, they will embrace the process.
- Demonstrate the value of risk management (and the risk manager): Whether creating an ROI model or using simple graphics to prove the effects of risk management, it is essential to be able to show the value clearly and concisely to senior management, stakeholders, and regulator alike. Speak in business terms and you will succeed.
Posts
0 comments:
Post a Comment