Title | How to live with risks |
---|---|
Author | Miranda Jin |
Course | Business Communications |
Institution | Simon Fraser University |
Pages | 3 |
File Size | 206.1 KB |
File Type | |
Total Downloads | 12 |
Total Views | 147 |
Download How to live with risks PDF
IDEA WATCH
STRATEGY HOW TO LIVE WITH RISKS
the next three years and have already begun
You can’t get rid of them all.
as any portfolio manager knows, lower risk
F
increasing budgets to that end. The researchers
Strike the right balance between risk and reward. “Risk management” is often synonymous with “risk prevention.” But often means lower returns. Today’s risk managers see their role as helping firms de-
ollowing a crisis, regulators and managers naturally take steps to prevent a
questioning the role of risk management in
termine and clarify their appetite for risk and
their organizations,” says Matt Shinkman
communicate it across the company to guide
recurrence.
of CEB, a Washington-based firm that re-
decision making. In some cases this means
searches and disseminates best practices
helping line managers reduce their risk aver-
among its 10,000 member companies.
sion. For example, one large company de-
after Enron and
WorldCom succumbed to m , which gave directors and execu-
New research from CEB highlights the
cided to terminate the policy of a client it had
tives new oversight responsibilities. In the
concern. Fully 60% of the corporate strategy
insured for 35 years. The client wasn’t very
wake of the
many large
officers surveyed said that their company’s
risky, so profits on its policy were negligible.
banks changed their business models, and
decision-making process is too slow, in part
other companies implemented systems to
because of an excessive focus on preventing
Focus on decisions, not process. Many employees associate risk management with
better manage credit risks or eliminate over-
risk. They added that if this “organizational
compliance-driven busywork, such as annual
reliance on mathematical models.
drag” were reduced, the rate of revenue
IT security quizzes. Although cybersecurity
But there’s a problem with managing
growth might double. Just 20% described
is certainly important, such exercises might
risk retrospectively: It’s a variation on what
their companies as “risk seeking.” Executives
not reduce risk. In addition to relying on pa-
military historians call “fighting the last war.”
also reported that risk managers and auditors
perwork or process, risk managers are turn-
As memories of the recession fade, leaders
spend more than half their time on financial-
ing to tools (such as dashboards that show
worry that risk management policies are
reporting, legal, and compliance risks, even
risks in real time) and training that help
impeding growth and profits without much
though the vast majority of big losses in mar-
employees assess risk. They are also helping
gain. “Firms are questioning whether the
ket value occur because of mismanaged stra-
companies factor a better understanding of
models they put in place after the financial
tegic risks. Most companies—91%—plan to
risk into their decision making. At Lego, for
crisis are working—and more fundamentally
reorganize or reprioritize risk management in
instance, the senior director of strategic risk management is included in all decisions in-
Looking for Risk in All the Wrong Places
volving capital above a certain amount. He
Risk management has historically focused more than half its time on legal, compliance, helps colleagues spot potential problems and financial-reporting functions. That’s starting to change as companies realize that most and managers see how their projects fit into big hits to shareholder value come from strategic and operating risks.
the company’s overall portfolio of projects, each with its own set of risks. “This is less
THE PROPORTION OF SIGNIFICANT LOSSES IN MARKET VALUE CAUSED BY EACH TYPE OF RISK OVER THE PAST DECADE
about listing risks from a backward-looking perspective and more about picking the right portfolio of risky projects,” Shinkman says.
STRATEGIC
OPERATING
LEGAL AND COMPLIANCE
FINANCIAL REPORTING
Make employees the first line of defense. Decisions don’t make themselves—
86%
9%
3%
2%
people make them, and there isn’t always a chief risk officer present when they do. So
THE PROPORTION OF TIME AUDITORS SPENT ON EACH TYPE
smart companies work to improve employees’ ability to incorporate appropriate levels of risk when making choices. This might begin during the hiring process: Some firms
6% 42%
13%
39%
now use “risk screens” or other types of SOURCE CEB
20 Harvard Business Review July–August 2015
assessments to gauge candidates’ appetite
HBR.ORG
1958
FROM THE ARCHIVE “The Internal Revenue Service also considers the expense account a major problem.…The increasing tendency to misstate, ‘pad,’ and even cheat in handling these expenses reduces tax revenues, thus placing an added burden on the honest taxpayer.” “WATCH YOUR EXPENSE ACCOUNTS,” BY HENRY CASSORTE SMITH (HBR, JANUARY–FEBRUARY 1958)
for risk. By bringing in people with an aptitude for risk assessment, they reduce the need for training or remediation later. Companies are also trying to identify which types of jobs or departments face a disproportionate share of high-risk decisions so that they can aim their training at the right people. They’re focusing that train-
THE IDEA IN PRACTICE
“THE FUN PART IS FOCUSING ON VALUE CREATION” IBM has been managing risk since its founding, in 1911, but in 2006 it created an enterprise risk management function to help its 380,000 employees become more “risk aware.” HBR spoke with Luis Custodio, IBM’s chief risk officer, about the endeavor. Edited excerpts follow.
ing less on risk awareness and more on simulations or scenarios that let employees practice decision making in risky situations. Finally, risk managers are becoming more involved in employee exit interviews, because people leaving an organization often identify risks that others aren’t able or willing to discuss. To direct risk managers to the right activities, many firms are changing their organizational structure. For instance, some now have risk managers report to the strategy officer or the chief operating officer instead of to the general counsel or the compliance officer. Other firms, which have
FURTHER READING For a look at how Shell uses scenario planning to manage risk, see “Living in the Futures,” by Angela Wilkinson and Roland Kupers (HBR, May 2013).
historically spread responsibility for risk management across multiple departments—security, compliance, legal, audit, safety, quality, and so on—are establishing enterprise risk management functions to provide coordination. The goal is to transform risk management from a peripheral function to one with
What’s the role of the enterprise risk management function? We have risk leaders throughout the company—it’s not as if we brought a lot of people together in a new department. Our philosophy is that risk management should be centered in the businesses, which need to understand risk and make trade-offs in pursuit of strategic gains. Risk management is the responsibility of every IBMer. Our role is to support senior managers, risk leaders, and all employees with targeted resources, education, and training.
a voice integrated into day-to-day management. “Leading companies view every decision they make as a risk decision [and] choose their risks with great calculation,” according to the CEB white paper outlining this research. “They [use] risk management as a protection shield, not an action stopper.”
Keeping the latter sense in mind may ANDRÉ METZGER
help companies counter old-school tendencies to simply run in the opposite direction when encountering risk.
ABOUT THE RESEARCH“Reducing Risk Management’s Organizational Drag,” by CEB.
What’s an example? We have about 30 online courses available to all employees. We’ve added gamification. We have a simulation in which you’re a business leader developing a customer proposal and you have to consider different risks—how to account for them, how to mitigate and control them. People find it fun and engaging. Risk management has historically been more about defense than offense. How is that changing? Some companies still focus on value protection, and that’s critical— I don’t want to downplay the importance of strong internal procedures, audit teams, and compliance officers. But at the enterprise level we spend more time on the strategic side, engaging with risk leaders and ensuring that they’re thinking about things like technology shifts, industry disruptions, and the risks of mergers and acquisitions. The more fun part of our job is when we focus on value creation. We want risk management to be engrained in the fabric of the business, not a separate check-the-box process.
July–August 2015 Harvard Business Review 21
Copyright 2015 Harvard Business Publishing. All Rights Reserved. Additional restrictions may apply including the use of this content as assigned course material. Please consult your institution's librarian about any restrictions that might apply under the license with your institution. For more information and teaching resources from Harvard Business Publishing including Harvard Business School Cases, eLearning products, and business simulations please visit hbsp.harvard.edu....