RIMS Executive Report by Jessica Wasserman, RIMS Strategic Risk Management Development Council
New York, NY (June 9, 2016) – We all know the stories that have shaped the professional world in which we live. Enron and WorldCom are brought down by financial misstatement and subsequent bankruptcy in 2001 and 2002, respectively. Bear Stearns and Lehman Brothers become casualties of the housing crash and economic collapse of 2008. The Deepwater Horizon explosion in the Gulf of Mexico kills 11 workers and results in $20 billion worth of fines for BP. In 2015, Volkswagen is sued by the U.S. government for up to $48 billion for allegedly violating environmental laws in an emissions scandal.
As risk managers, these stories become our stories. They help explain our purpose and justify our actions, reminding business leaders that the risk management function is there to help the organization identify, assess, manage and monitor risks. And many risk managers focus on doing just that.
The risk management process, as it stands, demonstrates an inherent bias towards risks with increased negative impact and decreased positive reward. Part of that bias results from the nature of traditional risk management, which relies on the purchase of insurance to cover financial losses. The other part stems from business history and those stories that shape our profession.
After the collapse of Enron and Arthur Anderson, the U.S. government passed the Sarbanes-Oxley Act of 2002 (SOX). SOX placed increased requirements and responsibilities on organizations’ boards, management and auditors. SOX also increased penalties for fraudulent activities and misconduct. As a result, many boards and management teams took an increased interest in their organization’s defense functions (or lack thereof ): namely, risk management, compliance and internal audit.(1).
Despite all this focus on risk, there remains a gap that goes unnoticed or untouched by many risk managers: the positive side of risk. Executives have their own stories that they live by. Mark Zuckerberg creates The Facebook as a sophomore at Harvard University after a previous site, FaceSmash, is shuttered by the institution.(2) Howard Schultz left Starbucks after the original owners dismissed his idea of a coffee bar, only to open Il Giornale, which later bought and merged with Starbucks to become the institution we know today.(3) Indra Nooyi directed the divestiture of Yum! Brands and oversaw the acquisition of Tropicana and the merger with Quaker Oats and is currently working to address change in the marketplace and pivot PepsiCo into a brand that provides customers with healthier food options.(4).
These stories are the stories of growth, innovation and change. They are the stories of risk takers.
Traditionally, risk managers are tasked with addressing risks that can impede the organization’s ability to meet its goals and objectives. Risk takers, on the other hand, are tasked with setting the organization’s vision and addressing strategic goals and objectives. While these two views carry different and distinct responsibilities, there are opportunities for collaboration.
In order to add value to the risk takers in our organizations, we must first delve deeper into our own understanding of both taking and managing risks. To get a “seat at the table,” risk managers need to do a better job of understanding the value of risk and its positive impact in the workplace. Then, we can examine ways to build and strengthen relationships with formal and informal leadership increasing the value proposition of both the risk manager and the risk management function as a whole.
This report will help you build that bridge of understanding between the risk taker and risk manager. It is this bridge that will support organizations in realizing their visions, accomplishing their missions, and meeting their goals and objectives.
1. Stephen Wagner & Lee Dittmar, The Unexpected Benefits of Sarbanes-Oxley (Harvard Business Review, April 2006).
2. Sarah Phillips, A Brief History of Facebook (July 25, 2007).
3. Howard Schultz & Dori Jones Yang, Pour Your Heart Into It: How Starbucks built a company one cup at a time (Hyperion, 1997), pp. 63, 86, 90.
4. Pepsi Co., Our Leadership (accessed Nov. 30, 2015).
About RIMS
As the preeminent organization dedicated to advancing the practice of risk management, RIMS, the Risk Management Society™, is a global not-for-profit organization representing more than 3,500 industrial, service, nonprofit, charitable and government entities throughout the world. Founded in 1950, RIMS brings networking, professional development and education opportunities to its membership of more than 11,000 risk management professionals located in more than 60 countries. For more information on RIMS, visit www.RIMS.org.