by Michael Vincent, President, ICMA Australia
Managing risk and decision making are at the core of the human condition; it is the ability to think and choose between different alternatives that separate a thinking being from one that is driven solely by instinct. We all manage risk either knowingly or unknowingly by intuition and our background. In business though we need more than intuition; we need process, policies and the desire to implement effective management tools for our organisation’s survival.
Modern risk management began at Temple University in Philadelphia circa 1956. The teaching revolved around the concept of risk and insurance, and this relationship remains even though insurance is now viewed as a cash flow assurance tool rather than a risk management tool. Risk, on the other hand, has separated from insurance as a decision tool with direct applicability to an organisation’s strategic decision making. Risk management has continued to evolve and embed itself in the decision making process. In Australia, for example, the Stock Exchange has mandated risk as a component of good corporate governance. It is recommended, if you have not already done so, to download and read the “Guide to Good Corporate Governance” from the exchange website, particularly principle 7.
The concept of risk is multi-dimensional and multi-disciplinarian in that risk is a thinking process that impacts on all components within the network system. Risk theory and practice differ between practitioners depending on their underlying discipline. In other words,risk is a disciplinary based process that applies to security, health, finance, business management and beyond. Failure to recognise the scope of risk management and the skills sets needed for an integrated business approach to it can result in a silo mentality developing and the very nature of the process of risk management becoming the greatest risk the business faces. An examination of the recent GFC demonstrates this point, and we are now in the process of paying the price for the failure of risk management and the failure to understand and implement it for value.
Risk management is about understanding the context of the decision and its place within a network; it is about the application of disciplinary knowledge for a multi-disciplinary outcome.An understanding of risk beyond the process revolves around three words, ’respect’, ’empathy’ and ’communication’.
1. Respect: The ability of the individual to seek understanding of others even if the discipline is different, e.g., the management accountant versus the project engineer.
2. Empathy: To identify with and understand the meaning of the term ’risk’ by others.
3. Communication: To be able to sell your message to others some of whom may be suspicious of your motives and message.
In a business world based on silos and separate disciplines understanding and using these three words in a correct context enables a culture of risk management to be developed. The development of a culture goes beyond the mere process and ensures the engagement of the human within the assurance framework.
Risk is an evolving concept; presently the process is the dominant component of the discipline, but this has not necessarily led to a safer or more managed environment. There is a turf war between a range of disciplines professing ownership of risk management, and sadly this has lead to an arrogance developing whereby the holistic nature of risk is missed.