Why does risk management work? In prior posts, we discussed why people make poor risk assessments and rationalize their mistakes (including bonus resources) and how these traits harm organizations by causing waste, tension, disputes, and loss of productivity. Here we will describe why risk management addresses these costs through the powerful use of commitment, process, information, and management.
At bottom, risk management is simply identifying and addressing threats and opportunities. All organizations do this to some extent, but most of those efforts are ad hoc. A risk management process, by contrast, is a commitment of resources to performing such tasks as a regular and important part of running an organization. A risk management process is, as we have previously written, any organized effort to identify, assess, prioritize, and account for risk in decision-making. That effort yields substantial dividends.
Through commitment to risk management, leadership recognizes that humans are prone to error and expresses an intent to do something systematic about it. Commitment makes risk management a priority. It shows customers, employees, and stakeholders that an organization is serious about addressing its threats and opportunities.
Process creates routines for addressing threats and opportunities. Process instills risk awareness as a normal business practice. Process breaks risk management down into meaningful steps. It assigns ownership to line personnel or supervisors. This leads to greater clarity, decreased uncertainty, decreased anxiety, greater consistency, and more participation and ownership. It gives direction to what would otherwise be sporadic and unproductive effort.
The information component of risk management emphasizes the need to gather credible data from many different sources, so that reliance on any one person is decreased. Seeking information from a variety of people decreases the impact of cognitive bias from any one source. It increases the likelihood of getting the real story. It makes it easier to tell the truth to stakeholders, because it is more likely the organization has the facts.
Management, in turn, focuses on ensuring that risks are addressed appropriately: avoided if they don’t make sense, exploited if they could be of benefit, reduced where necessary, shared with others, and so forth. Furthermore, management emphasizes that the process is continuous: we learn, we modify, and we get better.
As a result, a well-implemented risk management program yields a huge return on investment:
- Like therapeutic stress management, risk management decreases anxiety.
- It increases clarity.
- It decreases current costs.
- It decreases the risk of future costs, including lawsuits that can be catastrophic to smaller organizations.
- In can lower insurance costs.
- It reduces the cost of capital and increases credit-worthiness.
- It increases awareness of opportunities.
- It increases trust.
- It increases the financial value and profitability of an organization over time.
- And it increases and protects an organization’s reputation.
Effective risk management can raise an organization’s value substantially. It dramatically increase its ability to sustain and grow operations. In fact, one study (it’s behind a paywall) estimates a 20-1 return on investment for risk management programs. Interested? Give us a call.