I don’t think there is an easy answer. How can you come up with a value for risk management? It’s like trying to put a dollar figure on the value of ethics.
Some people justify risk management by explaining how it protects value. That doesn’t work for me: it is true, but unlikely to open the wallet. I think you have to talk about how risk management helps the organization excel.
I start this way:
- Risk management enables better decisions, from setting corporate strategy, to driving major projects, to operational decision-making. With reliable, timely, and current information on risk (both the negative and positive potential) people can make better quality decisions
- This enables more risk-intelligent management, which can lead to optimized and sustained performance
- By anticipating potential events, the organization becomes more agile. It is able to respond quickly, whether to minimize the impact of adverse events or to seize opportunities for gain
- In a way, risk management is like a comfortable pair of shoes. You don’t realize the value of the shoes until you have worn them for a while
- If you want to see the value of risk management, just ask an executive who has an effective risk management program whether he would like to give it up
- Look at what happened to the companies during the Great Recession that didn’t have effective risk management
Here are some links on the topic:
www.ermsymposium.org/pdf/papers/Hoyt.pdf
www.kpmginstitutes.com/404-institute/events/measuring-the-value-of-erm-a-corp-perspective.aspx
What do you think? How can you explain the value of enterprise-wide risk management in a way that will encourage the CEO to invest in it?
Norman Marks, CPA, is vice president, governance, risk, and compliance for SAP's BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years. He is the contributing editor to Internal Auditor’s “Governance Perspectives” column.
normanmarks.wordpress.com/
Some people justify risk management by explaining how it protects value. That doesn’t work for me: it is true, but unlikely to open the wallet. I think you have to talk about how risk management helps the organization excel.
I start this way:
- Risk management enables better decisions, from setting corporate strategy, to driving major projects, to operational decision-making. With reliable, timely, and current information on risk (both the negative and positive potential) people can make better quality decisions
- This enables more risk-intelligent management, which can lead to optimized and sustained performance
- By anticipating potential events, the organization becomes more agile. It is able to respond quickly, whether to minimize the impact of adverse events or to seize opportunities for gain
- In a way, risk management is like a comfortable pair of shoes. You don’t realize the value of the shoes until you have worn them for a while
- If you want to see the value of risk management, just ask an executive who has an effective risk management program whether he would like to give it up
- Look at what happened to the companies during the Great Recession that didn’t have effective risk management
Here are some links on the topic:
www.ermsymposium.org/pdf/papers/Hoyt.pdf
www.kpmginstitutes.com/404-institute/events/measuring-the-value-of-erm-a-corp-perspective.aspx
What do you think? How can you explain the value of enterprise-wide risk management in a way that will encourage the CEO to invest in it?
Norman Marks, CPA, is vice president, governance, risk, and compliance for SAP's BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years. He is the contributing editor to Internal Auditor’s “Governance Perspectives” column.
normanmarks.wordpress.com/