The field of risk management has undergone a sea of change in the past few decades. At one point in time, risk management decisions were based on individual expertise and gut feeling. However, now the decisions are based on sophisticated mathematical models.
From relying on human intuition to moving on to embrace artificial intelligence, the field has come a long way. A lot of money has been lost and lessons have been learned in this journey. Some of the most important mistakes have been jotted down in this article in order to help future generations of risk managers to avoid making the same mistakes.
Governance is the Number One Priority
In the earlier days of risk management, many organizations built governance structures only because the regulatory bodies mandated that such a structure is in place. However, over time, organizations realized that good governance is not for the benefit of the regulator. Instead, it is the backbone of a well-managed risk program. This is the reason that companies spend a lot of money and other resources to ensure that motivated, trained and competent people head the risk governance team. This is because the attitude and skills of the leader are mirrored in the rest of the organization. The board of directors is also often involved in the workings of the risk governance committee.
Communication is Key
Over the years, the field of risk management has become highly sophisticated and hence the advanced mathematical models tend to take all the limelight. In the pursuit of the next advanced model with more advanced features, companies often forget that risk management is a lot about communication.
All the information about risk is not generated in a single department. Instead, the information appears sporadically in a scattered manner across various departments in the organization. Hence, the risk management department has a very important job of collating this information in a timely manner and then providing it to the relevant stakeholders at the right time. Hence, risk management professionals must make sure that they dont get lost in a sea of numbers and must remember that communication is key in the long run.
Risk-Taking Not in Line With the Risk Policy
Just like individuals have a risk appetite, firms also have a risk appetite. This risk does not and should not change on a day-to-day basis. It should also not change depending upon the person who is managing the risks at the current moment.
The risk management policy of the company has to be consistent. The risk-taking should not be too less. This is because many times avoiding too many risks and playing it too safe means that the company has to let go of many opportunities. On the other hand, taking on too many risks can also be detrimental to the firm.
The inability to measure risks and to ensure that the risks remain within the bounds of a certain lower and upper threshold can prove to be a huge mistake for any organization.
Poorly Defined Team Structures
Risk management teams tend to be versatile in nature. This means that the same people may often need to play different roles. However, if the roles and responsibilities of the different team members are not clear, there could be an overlap or some responsibilities could even be missed out. It is therefore important to ensure that at any point in time, all the members of the risk management team are aware of their stakeholders and their responsibilities. It would be better if measurable goals are provided to the team members since this increases clarity.
Assuming that Risks are Static
Pretty much every risk management process makes it mandatory for the users to collect data about the risk. However, in most cases, this is done during the beginning of a project. Over time, the risk profile may change.
If the risk management department of the organization does not make an effort to stay current on the various risks that the system poses, they may not be able to predict and mitigate the risks. The risk management department must always assume that the risks are dynamic in nature and hence they must be monitored at regular intervals of time.
Being Past Oriented
A large part of risk management focuses on past data. However, it is important for organizations to realize that the past data is only for one part of the analysis.
With advances in technology and changes in the external environment, the risks which materialize in the future may be very different from the past. Hence, building models which rely heavily on past data is one of the common mistakes made by the risk management department.
Forgetting the Human Aspect
Risk management can be quite stressful. This is because when the risks actually materialize, the speed of losses being triggered can make anyone nervous. Hence, it is likely that managers may take emotional decisions irrespective of the sophisticated models that they use.
Companies that do not prepare their employees emotionally for the ups and downs which a career in risk management brings may be setting them up for failure.
The bottom line is that even though risk management has become very mathematical and statistical in nature, it is still somewhat of an enigma. Organizations have been trying to figure out the mistakes that can be avoided in order to increase their probability of success.
View All Articles