“Risk — let's get this straight up front — is good. The point of risk management is not to eliminate it [but] to manage it… to choose where to place bets and where to avoid betting altogether.” “Managing Risk
in the 21st Century,”
Thomas A. Stewart,
Fortune, 7 February 2000
All too often, efforts in risk management are dispersed, isolated and unrelated to the wider company strategy. Many organizations would benefit greatly from a more comprehensive and integrated risk management approach that takes into account strategic, operational, financial and compliance risks.
Linking the key risk indicators (KRIs) to the key performance indicators (KPIs) in the balanced score card (BSC) is a good remedy to avoid an unbalanced analysis of a company's progress.
An effective risk management system:
- Covers all risk areas
- Is deeply embedded within existing practices in the company
- Is present throughout all its businesses
Risk management aligned with
two sides of the same coin
Risk management should not be a separate silo, a relatively isolated add-on to the day-to-day workings of the organization.
On the contrary, risk management should be intimately linked to performance management. Splitting them into different and virtually separate management systems significantly reduces the effectiveness of risk management and may have dramatic consequences.