The Organizational Drag of Risk Management Must be Diminished

The Organizational Drag of Risk Management Must be Diminished

Regulators and organizational leaders were largely unprepared for the 2008 financial crisis, but reacted strongly after it occurred. This has led to a situation in which risk management’s operational drag in most large firms has now become too big and has to be reduced. A 2014 paper by CEB shows data taken from its members that only 6% of time spent by audit departments on risk types is spent on strategic risks. While this category is responsible for 86% of the significant losses in market value over the last 10 years. And on the other hand, no less than 52% of time is spent on financial, legal and compliance issues, while such issues only account for 5% of all significant market value losses.
The conclusion is that nowadays risk departments are looking for risks in all the wrong places. In reaction to market turmoil, companies have been increasing their governance and risk management budgets. But an excessive or even exclusive focus on risk prevention and formalized risk management processes has created an unintended consequence referred to as “Organizational Drag”. Organizational drag is a situation of slowed down decision making and execution in organizations, making them less agile and less effective. Many companies have become risk-averse, have duplicated risk efforts in various risk departments, and put too much focus on the risk management process instead of the people who are the biggest source of risk.

Recommended Changes in Risk Management by CEB are:

1. INCORPORATE RISK MANAGEMENT IN STRATEGY FORMATION, establishing a healthy risk appetite.
2. COORDINATE DISPARATE RISK INFORMATION FOR DECISION MAKERS, for example asking operational managers only for what is really needed - and only ask them once.
3. MANAGE HUMAN BEHAVIOR AS PART OF THE RISK MANAGEMENT PROCESS, for example screening people - not just processes - for risk indicators and involving more people in the decision-making and risk assessment process.

⇒ Do you agree that the focus of risk management:

• Has become too operational and process-oriented (financial, legal and compliance issues), and
• Should move from the defense (value protection) to the offense (value creation)?

Thanks in advance for sharing your opinion!

Source: Reducing Risk Management’s Organizational Drag, CEB, 2014.

		Steven Cooke, Philippines
	Risk Management Misdirection Yes, of course companies should focus on value creation instead of value protection to improve growth and long-term sust...

		Love Lonnroth Management Consultant, Sweden
	Risk Management Should Be Lean or Agile Thank you Jaap for bringing up an important issue. I believe something of a Lean or Agile revolution is needed in risk m...

		Stephanie Dolan Entrepreneur, United States
	The Customers' Trust of your Business Personally, I believe if we tabled just for a moment, our governments' regulations affecting all our businesses and focu...

		Keatsen LIU Professor, China
	Risk Management not Only an Organizational Drag Thanks for this hot topic. Risk Management is not only a burden... We introduced risk management more than 20 years for ...

		jorge anibal hoyos hoyos Manager, Colombia
	Everybody Must Execute Risk Management At every level, component, procedure into the company the risks exist. Hence every single one must be aware and work acc...

		Dr Robin C Hesler Canada
	The Organizational Burden of Risk Management The subject refers to "strategic" which means to me looking at RM in a holistic and thus a systems view point. No matter...

		Juan Manuel Ugarte Professor, Mexico
	Avoid Over-regulation of Risk Management Thanks to the Editor for the discussion of this topic. Nowadays risk management is one of the most important subjects in...

		ELIZABETH DELGADILLO UBALDO Professor, Mexico
	Risk Management Not Only About ISO 31000 It is very important today in all companies that their leaders have a broad view of risk management. We should not only ...

		jorge anibal hoyos hoyos Manager, Colombia
	Everybody Must Be Educated on Risk Management I think all people must be taught how to identify their own risks involved in their activities, and share it working as ...

		Barney Wade Howard Manager, United States
	Risk Management is Needed But Not Need not be Complicated Today more than ever this topic is a hot one. However I think sometimes businesses want to make it more difficult than w...

		Juan Manuel Ugarte Professor, Mexico
	Proportionality of Risk Management As I wrote @earlier, criteria such as proportionality are important for financial firms. That means a correct assessment...

		Briolett Manager, Canada
	Risk Management & Business Ethics If businesses acted with integrity there wouldn't be a need for government to regulate (Enron, Lehman Brothers, MM&A Rai...

		Kasper Hiddema Student (University), Netherlands
	Best Practices for Dealing with Risk in Organizations Indeed in the wake of a crisis, both regulators and managers tend to take strong steps to prevent the crisis from happen...

		Jaap de Jonge Editor, Netherlands
	History of Risk Management in Business Banks Until the 1980s, business and investment banks in London and New York were typically organized as small partnersh...

		John Maddalena, South Africa
	Involve Risk Champions in Strategy Meetings for Risk Implications Agree with the views in the topic. While I appreciate the need for formal risk workshops, it is in these artificial env...