The Organizational Drag of Risk Management Must be Diminished
Regulators and organizational leaders were largely
unprepared for the 2008 financial crisis, but reacted strongly after it occurred. This has led to a situation in which risk management’s operational drag in most large firms has now become too big and has to be reduced. A 2014
paper by CEB shows data taken from its members that only 6% of time spent by audit departments on risk types is spent on
strategic risks. While this category is responsible for 86% of the significant losses in market value over the last 10 years. And on the other hand, no less than 52% of time is spent on financial, legal and compliance issues, while such issues only account for 5% of all significant market value losses.

The conclusion is that nowadays
risk departments are looking for risks in all the wrong places. In reaction to market turmoil, companies have been increasing their
governance and risk management budgets. But an excessive or even exclusive focus on risk prevention and formalized risk management processes has created an unintended consequence referred to as “
Organizational Drag”. Organizational drag is a situation of slowed down decision making and execution in organizations, making them less
agile and less effective. Many companies have become risk-averse, have duplicated risk efforts in various risk departments, and put too much focus on the risk management process instead of the people who are the biggest source of risk.
Recommended Changes in Risk Management by CEB are:
- INCORPORATE RISK MANAGEMENT IN STRATEGY FORMATION, establishing a healthy risk appetite.
- COORDINATE DISPARATE RISK INFORMATION FOR DECISION MAKERS, for example asking operational managers only for what is really needed - and only ask them once.
- MANAGE HUMAN BEHAVIOR AS PART OF THE RISK MANAGEMENT PROCESS, for example screening people - not just processes - for risk indicators and involving more people in the decision-making and risk assessment process.
⇒ Do you agree that
the focus of risk management:
- Has become too operational and process-oriented (financial, legal and compliance issues), and
- Should move from the defense (value protection) to the offense (value creation)?
Thanks in advance for sharing your opinion!
Source: Reducing Risk Management’s Organizational Drag, CEB, 2014.