Aligning strategic value with risk management

Show Me: Jump to:

Aligning strategic value with risk management


The vision of risk management contributing as strategic partner in the executive suite has long been a dream of most serious risk professionals and now that vision may be coming into focus.  Senior managers now view risk managers as strategic partners in the execution of corporate objectives by assessing and identifying key risks resulting from strategic plans.  That’s the good news!

However, according to a study by Marsh and RIMS “only 15% of the risk professionals and 20% of the C-Suite respondents said the risk manager is a full member of the strategic planning and/or execution teams, suggesting that risk management has yet to be fully integrated strategically.”

The study does not attempt to explain why risk managers have not made the leap to equal partners in guiding the organization to successful outcomes but one key factor may be the relevance of risk information brought to the table.  This begs the question of what defines strategic value in risk terms?  Increasingly the answer is data and the analysis of risks impacting an organization.

It is hard to argue with the collective wisdom that is forming around the quest for a better understanding of data and developing better techniques for the analysis of data.  Senior management has begun to define the value proposition in the form of data analytics therefore risk management must be responsive to these expectations. 

The problem or challenge with these surveys is the generic use of the terms data analytics and the lack of specificity regarding what firms expect. 

Blindly conducting fishing expeditions for the sake of “doing” risk management may backfire and not produce the results firms are seeking.  Many obvious risks are lying around in plain view needing attention but are ignored because there is no systemic approach to investing in risk mitigation.  Other risks are the unknown risks that are inherent in the uncertainty of launching a new and unproven initiative or line of business. 

What appears to be missing is a clear and balanced approach to risk management with a focus on setting the context for discussing risks and the tools that should be employed to understand and address risks.  Risk management is not a science project where data analysis alone will uncover some universal truth.  Good risk management is the implementation of a clear baseline from which to judge changes in the environment that may create risks and opportunities alike. 

Risks, in all its forms, evolve as the business environment evolves requiring senior management and the risk manager to think about risk as a natural byproduct of business objectives.  Risk practice, no matter how quantitatively proficient will not eliminate risk.  Therefore, risk management should be perceived as a learning process informed by data and adjusted in response to new information as it becomes available.

When everyone understands that risk management is a process like all good business processes risk managers will have earned their place in the executive suite with other senior managers.

TheGRCBlueBook mission is to become a global risk and compliance community site and resource portal for sharing best practice across all highly regulated industries.  A one stop source for all things risk and compliance related.

Related Articles

Related Premium Articles