WILSON's View on Risk Management

ERM is powerful when designed as a performance-focused activity. It's not an audit, nor a compliance process. ERM manages the barriers that prevent organizations from achieving their objectives.

Author:
Richard Wilson develops Performance Risk Management capabilities for complex organizations. He has helped the largest companies in North America manage the barriers to their desired performance.

richard.m.wilson@ca.pwc.com | (416) 941-8374

Saturday, May 1, 2010

Why "What keeps you up at night?" is the wrong question

When identifying risks, the question often asked is "What keeps you up at night?". Let me explain why this is a, well... risky question to ask.

Consider that the principle goal of risk management is to ensure that an organization performs as expected.  In other words, it achieves its objectives.  Therefore the risks that you identify need to be directly related to your organizations objectives.  Risks not related to the achievement of corporate goals are off strategy - a distraction.

"What keeps you up at night?" is a disembodied question that will result in both relevant and irrelevant risks.  Here is the question to ask...

"Considering the objective to... (describe a key objective), what events may prevent the organization from achieving this objective?".

The result will be risk events that are well aligned with management's goals.  Feel free to present your interviewee with a list of potential risk internal and external risk categories to refer to when answering the question.  For example, economic, competitive, strategic, HR, financial, technology, information, and corporate integrity are some of the major categories.  There are up to 100 subcategories that fall under these major categories as well (business is complex!).

This objectives-focused question will ensure that your risk management process is strategic and focused on corporate performance.

[Rich]
richard.m.wilson@ca.pwc.com




Posted by
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

About The Author

My photo
Richard is a Director in PwC's Risk Advisory practice with clients in both Canada and the United States.

He is an experienced senior executive with 15 years in a CEO or COO role (publically traded and private firms). Richard has been leading risk management implementations for more than a decade incl. 60 C-level risk assessments, and has led online risk assessments for 30,000 people in 25 countries.

He has advised the largest company in the US on risk management, and he has facilitated a risk assessment for the United Nations. Richard has been published in Compliance Week, Canadian Business, and the Globe & Mail and has been a keynote speaker on the topic of risk at many conferences in both Canada and the US since 2004.