Responses to a simple question: How do you define risk management in one sentence?
- "Thoughtfully and intelligently allocating resources to the implementation, maintenance, and testing of controls that limit the things that can hurt you most.” – Financial investment firm ERISA attorney
- “The process of measuring the risk associated with extending commercial credit in order to make a well-informed credit decision, set risk-based pricing, and reserve appropriately for that risk on the balance sheet." – Commercial banking Vice President
- "An attempt to minimize capital loss beyond what could be expected through a net exposure in the stock market.” – Hedge fund manager
- “The ability to identify and analyze risk in the many forms of property and liability exposures.” – Business insurance salesman
- “Ensuring you provide a service to your client that is compliant with applicable laws, mandates, and guidelines prescribed by the regulators for the services you are offering, including complying with contractual and work scope obligations.” – Environmental engineer
- “Marshalling your available resources to ensure the integrity of financial systems, financial data, and procedures such that decisions made based on actual and forecast data contain as little downside risk as possible.” – High tech manufacturer business planning manager
- “The process of identifying and mitigating the impact of the various risks that face a company in the pharmaceutical industry while still providing the business with the tools it needs to achieve success in a highly competitive and regulated environment.” – General Counsel in the pharmaceutical industry
- “The business process, embedded in core planning processes (strategic, budgeting, people, compliance), which is intended to highlight core business risks with the intent to mitigate or take offensive action in the competitive landscape and to provide the BOD a view of the required efforts to make the business more robust.” – Manufacturing company CFO
- “Do you mean define risk management from the perspective of the enterprise, businesses supporting customers, or business continuity management?” – Insurance company Director of Business Availability
The point? As structured risk management programs penetrate more industry sectors and extend across the enterprise, an overabundance of preconceived notions associated with the term risk management can present a challenge to program managers and board of directors building a common risk culture and implementing ERM.
These simple one-sentence risk management definitions from my respondents may contain some common core elements, but almost all introduce unique perspectives and components of risk management from their own industry and business function. Allow them to use a second sentence and you hear more diverging paths and languages than those of the scattering residents of the Tower of Babel.
Meld Risk Management Dialogue with Existing Business Vernacular
Risk management programs are successfully launching and expanding into new industry segments and companies. Based on the Willis Towers Watson 2011 Risk and Finance Manager Survey, enterprise risk management processes are now in place in about 54% of all companies. If we remove the financial services respondent results this percentage is likely below 45%, leaving a long road ahead for establishing standards and effective risk management practices across many organizations.
Risk managers often struggle with the cyclicality of interest in risk management from board members through boom and bust market conditions and the need to continually educate decision makers to champion the cause. As many leading risk managers like to note, the ultimate goal is to remove the term risk management from business vernacular in favor of risk management principles being synonymous with good business management. This means taking on the role of educator and facilitator spreading the key concepts of risk management rather than dictating specific optimal risk-based decisions.
The educational challenges for risk managers start with establishing a risk definition and a risk management concept that can apply across corporate functional roles. COSO and ISO standards provide good examples of a short, generic definition of risk management with flexibility to apply in a variety of business settings. I prefer a risk management definition that emphasizes both the downside and upside of risk considerations in business decision making:
Risk management is the process of identifying, assessing, and monitoring events that may change business conditions, using this information to guide decision making, and taking action to mitigate, transfer, or leverage those risks to achieve organizational objectives.
The path to a successful risk management program begins with setting a common risk management vocabulary to extend and embed in business processes, software, reporting, and decision making throughout the organization.
Use Core Business Descriptors to Define Risk Management Value
Intelligent Management Trends’ risk taxonomy for risk source categories and risk management service, software, and information providers offers analysis and recommendations for developing a common risk market language using observable market segmentation. It provides a basis for determining and identifying risk management resource needs and external vendor offerings that can help implement sound risk-aware business decision-making processes.
Risk managers cannot fight this battle with their sheer will power and intelligence alone. They need more support from industry standards, plus a common language to use when communicating with vendors that offer risk management solutions.
Use the link below for more information on IMT's risk management resources market taxonomy and analysis.