Share this video interview with your board and top management
Today, I will review two very different sources for perspectives on risk management. Then I will provide a link to a paper by a law firm of relevance for board members and CROs.
The first is an interview with Robert Finocchio on ‘Risk Oversight and Assessment’. If you look at his background, you will see that he is deserving of respect. After a career with technology companies, including ten years at 3Com Corp. where he was the President of 3Com Systems, and three years as the CEO of Informix Corp., he has been a board member and chair of the audit committee for multiple companies.
The interview is from 2011, but what he has to say resonates strongly with me.
He is asked, “Managing risk, how is that best done by a board member?”
Robert says:
Whenever I think about risk or talk about risk from the context of being in the boardroom, an important first principle is that a director’s job, the board’s job, is NOT to minimize risk. The director’s job is to make sure the company takes the right risks [and] knows what risks they are taking.
I couldn’t agree more.
I talk (incessantly, perhaps) about taking the right level of the right risks. That requires knowing what they are, as well as the reasons for taking them.
Please consider sharing the video with your board and top management.
The second is a marketing piece from Wolters Kluwer, a software company. A better approach to risk management is clearly intended to lead people to consider the risk management solution[1], but they have some wisdom to share in the process.
Here are some highlights:
- A great deal of the difficulty in managing risk has been imposed on them, but bankers have brought some of it on themselves, too. The focus at many institutions continues to be on individual sources of risk in isolation from others. Each source tends to be examined only from a narrow point of view within each department, with little regard for other risks or other functions at the bank. The result is that risk is carved into ever finer pieces. This segmented way of doing things is time consuming and unproductive, and it can generate inaccurate, inconsistent results, especially when the calculations used to arrive at them are performed on separate systems using diverse, discrepant analytical models.
- A better approach is to conceive of risk holistically, in four dimensions. Instead of isolated islands of risk – credit risk, market risk, operational risk and so on – risk should be understood as a single phenomenon in which all types influence one another in ways that change continuously over time.
- Assessing risk this way produces more accurate results more efficiently, and lets you derive more benefit from them because they provide a truer depiction of the real world, where relationships among critical elements are complex and ever changing and need to be considered at multiple levels of granularity, from the minute to the very large.
- A holistic approach to risk management gives you a fuller, more meaningful understanding of your activities and your operating environment and its risks. It allows you to respond to all your priorities, from compliance and reporting to business projections, such as for capital and liquidity planning, under multiple scenarios, to making short- and long-term decisions, when your need to act quickly, decisively and correctly is greatest.
- The reason that this may not be clear at some institutions is the continued partition of key functions into silos whose occupants focus on what is in front of them to the exclusion, sometimes, of what is all around them. Finance officers fixate on the reward part of the balance between risk and reward, risk officers on the risk part. As for compliance officers, whatever the big picture may be, they tend to be concerned mainly that their colleagues draw within the lines. These concentrations of interest are understandable; these specialists are focusing on the jobs they were hired to do. But their bosses in the C-suite, of course, are interested in achieving the right reward for the overall risk the company is taking, and how they can manage different stakeholders.
- All in all, maintaining functional silos and their accompanying legacy systems is a waste of resources – time, money and your employees’ effort – and the results it produces, even after the checks and reconciliations, may be inaccurate and of limited value in meeting your compliance and business objectives. You may end up with little more than a collection of isolated facts and figures about various risks, with no deeper understanding of how they interact with one another – the interdependencies that supervisory authorities have asked banks to factor more into their thinking about risk – or insight into what matters most: how to optimize the balance of risk and reward, and therefore return on equity.
I can see how technology might help leaders see the (holistic) big picture. However, we must be careful not to reduce it to a single number that we compare to ‘risk appetite’.
As CEO or board member, I would like to understand all the more significant sources of risk and reward, both individually and together, to make an informed and intelligent decision.
Wolters Kluwer think they have the solution. I am sure others think they do, perhaps better.
Either way, practitioners need to stop assessing and acting on risk in a silo. They also need to make sure decision-makers have all the information they need.
The law firm of Wachtell, Lipton, Rosen & Katz recently shared a long paper (as you would expect from a law firm) on Risk Management and the Board of Directors. While it is focused on making sure you don’t take too much risk, rather than taking the right level of the right risks to optimize performance, it has some valuable links and discussion on related legal issues.
I welcome your thoughts on any of the above.
[1] While I work from time to time with various software companies, mostly presenting on one of their webinars, I am independent and do not endorse any product from any vendor. I do not have a relationship at this time with Wolters Kluwer.
Leave a comment
Norman Marks on Governance, Risk Management, and Internal Audit 
I disagree with Walters Kluwer points. In my experience we need more siloes in risk management, not less :)))
I hope you are in the minority!
or I see something others don’t yet to realise there are better ways to aggregate risks and to manage liquidity risk 🙂
I agree with Alex, more silos in RM, this is where the evaluation by the Risk Management Committee which normally consists of Senior Managers to look at the impact and interlink among these silos. This often is NOT done therefore silo RM is then blamed. Simple example Credit Risk say for a distributor at 500K, system will NOT approved if this limit is exceed. IF this is distributor has proven to be a superstar, then there is Standard Operating Procedure for the Manager in charge to appeal for a higher limit stating the reasons, if this is a hinderance, then we can think of Leeson single handedly bankrupt a 200 year old bank.
Yes, the methodologies for different risks are so diverse and complex (completely different math for credit, market, environmental risks) that risk aggregation is actually a whole huge separate exercise and unless the company has liquidity issues or the regulator makes them I would think twice to ever do it at all.
Unless you can see the big picture, you may manage individual risks well and the organization as a whole badly.
This is why I believe everything should be assessed based on the potential effect on enterprise objectives.
Not sure that’s actually the case, it is very very rare when big picture changes the decision at hand
Maybe because they don’t have a chance to see it!