woman doing indoor rock climbing
Editorial

Transforming Risk Management in 2019 and Beyond

3 minute read
Norman Marks avatar
Will 2019 be the year we finally drop the word "risk" from risk management?

When the New Year rolled around I was thinking about the changes I would like to see in both practices and thought leadership around the management of risk, when I saw a new video from my good friend, Alex Sidorenko.

Alex had been attending a risk management conference in Dubai led by another friend, Alex Dali. In this video, he shares a key takeaway.

Related Article: 4 InfoSec Trends for 2019

Two Indicators of Effective Risk Management

The risk management leaders at this global conference said there were two indicators of effective risk management.

The first is that business decisions are informed and intelligent (my words). The consideration of risk is integrated into the setting and execution of strategies through daily decisions.

My caution is that when we are talking about "risk," we should be thinking about all the things that might happen, not only harms.

In fact, as I wrote in my last book, we should be avoiding the word "risk" as management has a negative perception of it.

  1. Most think it only relates to harms.
  2. Managers tend to think of risk management as a compliance activity.

In fact, if we think instead about anticipating what might happen and making informed and intelligent decisions with that in mind, there will be a common purpose and understanding between practitioners and the leaders of the organization.

That’s the second set of indicators: a common understanding and language around risk.

Learning Opportunities

My preference, which I will restate, is that we discard the technobabble of the risk practitioners in favor of using the language of the business. (Where everybody in a mature organization is comfortable with technobabble, then continue to use it — as long as it is not focused solely on harms.)

Related Article: Stop Managing and Start Taking Risks

A Change in Focus

In a Deloitte study from a few years ago, executives were asked whether risk management helped them set and then execute on strategies. Only about 13 percent said it made a significant positive contribution.

So my vote for an indicator of success is when the leaders of the organization in the executive suite and on the board wholeheartedly answer the Deloitte question with an enthusiastic thumbs up!

In 2019, let’s press the regulators, consultants and other thought leaders to focus less on managing harms (especially in silos like vendor risk management) and more on helping those leading the business anticipate what might happen and make intelligent and informed decisions.

I welcome your thoughts.

About the author

Norman Marks

Norman Marks, CPA, CRMA is an evangelist for “better run business,” focusing on corporate governance, risk management, internal audit, enterprise performance, and the value of information. He is also a mentor to individuals and organizations around the world, the author of World-Class Risk Management and publishes regularly on his own blog.