The recent meltdown of the US sub prime loan market and the Société Générale rogue trader losses, although perhaps only loosely connected, highlights some issues around the value of risk management.
Most organisations pay lip service to their risk management functions. They see it as a compliance/assurance activity largely focussed on protecting boardmembers. Nothing wrong with that. Why should someone have to risk all their assets for helping to run a company? However it becomes a problem when it is only about that because people tend to then focus on reporting and process and lose focus on getting to the heart of the key risks. And in doing so they actually make the directors more exposed.
Evidence based risk management cannot defeat power. When risk matters are routinely overridden because of "commercial reasons" the enterprise gets a whole lot riskier. A wonderful example of this is the role of the Risk Assessment and Control department of Enron, entertainingly detailed in The Smartest Guys in the Room.
An enterprise risk management system can be effective when it doesn't drill down too far. Concentrate on where the big risks are and let the others take care of themselves. And I mean really concentrate.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment