Comments on: Note to Directors: Risk Management Not Optional http://tcbblogs.org/governance/2009/09/28/note-to-directors-risk-management-not-optional/ Tue, 31 Jan 2012 14:20:09 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Sean Lyons http://tcbblogs.org/governance/2009/09/28/note-to-directors-risk-management-not-optional/#comment-7 Sean Lyons Tue, 29 Sep 2009 07:44:06 +0000 http://tcbblogs.org/governance/?p=74#comment-7 Note to Directors: Risk Management Not Optional Unfortunately it has taken a very serious crisis to finally get the corporate world to begin to address the imbalance which has existed between, the focus on pursuing the potential rewards associated with certain corporate activities, and the lack of focus on defending the organization from the risks associated with these activities. However (as your piece highlights) it appears that it has still required the intervention of the regulators to help ensure that organizations finally appreciate that an ad-hoc approach to risk management is no longer acceptable or indeed sustainable. The management of risk in its broadest sense is a cultural issue which needs to be present in an organization’s DNA and needs to be embedded into day to day activities. For this to be achieved it needs to address multidimensional issues from both inter-disciplinary and cross-functional perspectives. This requires the vertical and horizontal integration of the strategic oversight, the tactical planning and the operation execution of risk management processes throughout the enterprise. I for one look forward to the ongoing developments of comprehensive infrastructures designed to achieve this objective. Hopefully these infrastructures will also sufficiently focus on the integrated management of the critical components which constitute an organization’s program for self-defense. These components include not only the management of risk but must also include the management of governance, compliance, intelligence, security, resilience, controls and assurance. Unfortunately the management of risk is all too often restricted to the direct 1st order consequence (financial risk) rather that appreciating the indirect 2nd and 3rd order consequences which can occur further down the road, as a result of qualitative issues. It needs to be remembered that at the end of the day all risk can have a financial impact, be it on share price or otherwise. I am also looking forward to the upcoming series of short-papers by the Conference Board on this subject matter. Note to Directors: Risk Management Not Optional

Unfortunately it has taken a very serious crisis to finally get the corporate world to begin to address the imbalance which has existed between, the focus on pursuing the potential rewards associated with certain corporate activities, and the lack of focus on defending the organization from the risks associated with these activities. However (as your piece highlights) it appears that it has still required the intervention of the regulators to help ensure that organizations finally appreciate that an ad-hoc approach to risk management is no longer acceptable or indeed sustainable.

The management of risk in its broadest sense is a cultural issue which needs to be present in an organization’s DNA and needs to be embedded into day to day activities. For this to be achieved it needs to address multidimensional issues from both inter-disciplinary and cross-functional perspectives. This requires the vertical and horizontal integration of the strategic oversight, the tactical planning and the operation execution of risk management processes throughout the enterprise.

I for one look forward to the ongoing developments of comprehensive infrastructures designed to achieve this objective. Hopefully these infrastructures will also sufficiently focus on the integrated management of the critical components which constitute an organization’s program for self-defense. These components include not only the management of risk but must also include the management of governance, compliance, intelligence, security, resilience, controls and assurance.

Unfortunately the management of risk is all too often restricted to the direct 1st order consequence (financial risk) rather that appreciating the indirect 2nd and 3rd order consequences which can occur further down the road, as a result of qualitative issues. It needs to be remembered that at the end of the day all risk can have a financial impact, be it on share price or otherwise.

I am also looking forward to the upcoming series of short-papers by the Conference Board on this subject matter.

]]>