Every crisis inevitably draws out public criticism blaming risk management failures. It is easy to point to specific crisis management deficiencies and poor decision making in hindsight, but just a little analysis of risk management failure examples reveals risk management principles are not to blame and still offer the necessary solutions for avoiding, minimizing, or leveraging crises if fully embraced.
It may be a semantic exercise to separate risk management principles from the specific failings of risk management processes, but the critics applying “failure” to risk management concepts in general are implying we should abandon investments in ERM at a time when there is an opportunity to leverage new risk analytics technologies and advance risk management best practices.
Borrowing from Winston Churchill (and more recently the former White House Chief of Staff Rahm Emanuel), "Never let a good crisis go to waste." Any major crisis, successfully managed or not, should provide proof to embrace and accelerate risk management efforts in your organization.
Analyses of the 2007-08 financial crisis, Hurricane Katrina, AIG, and MF Global have pointed to the failings of executing at least some portion of standard risk management processes. Add the nuclear disaster at the Fukushima Daiichi power station, the Deepwater Horizon blow out and oil spill in the Gulf, Borders’ Chapter 11 filing, and the GM Truck supply chain vulnerabilities as recent high profile bad risk management examples.
Each event offers a case study of organizations failing to fully implement risk management principles and practices. Deeper analysis reveals the common root causes of the failures include:
- use of faulty information,
- management's disregard of risk limits,
- out-of-date risk management procedures, and
- inadequately developed disaster plans.
Each major case also reveals a general lack of attention to the development of organizational risk cultures.
While risk management programs will continue to draw criticism, we cannot throw the baby out with the bathwater. An apropos metaphor since enterprise risk management is in its infancy, especially outside of the financial sector. Paraphrasing CME Group’s ERM Director David Wong from a recent conversation, most risk maturity assessments use a one-to-five scale. But even if your program earns a “5” in current rating systems, you find you still have a long way to go to integrate risk management techniques across your organization.
Cultural resistance can be draining, even for top risk managers. This is the driving reason leading risk management consultants such as Deloitte, PwC, Aon, and Protiviti have undertaken studies in organizational behavior, risk attitudes, and risk personalities. Their studies intend to help discover the winning formula for implementing successful risk-aware corporate cultures.
More risk management failures? No. Do not blame the concepts of risk management. Blame the lack of risk management commitment. Organizations need to push forward to fully integrate the principles of risk management with their business decision-making processes.
If you are interested in staying ahead of your competition and researching the risk management best practices of your industry peers, contact IMT to explore how we can assist with our custom research services.