I tried something different last week. I posted a “musing” on LinkedIn. It was an excerpt from my book Risky Business: How Successful Organisations Embrace Uncertainty that read

“Risk management isn’t rocket science. It’s about managing uncertainty.
And, done well, it delivers real value for organisations.”

It sparked quite a lot of activity including some discussion on how to value the risk function. Here are a couple of my replies on the topic:

To Norman Marks:

“Re the value of ERM, I have found some limited academic research (see references below) on the value of ERM that does show a correlation between good ERM practices and firm value – however my usual answer is along the lines of yours. Like Internal Audit, the fact senior leaders invest in it and appreciate the service being provided is evidence of value.”


To Sabrina Segal:

“Thanks for asking the eternal question. I usually start off with something like “that’s easy” and soon start talking about running your organisation in an alternate universe alongside this one. People get that it is not easy.

If you have a look at the post from Norman Marks on in this thread, I commented about value – so you could as a minimum quote that academic research.

Another approach you could take is to develop a decision register (Richard Thaler recommends this in his book Nudge I think). For each decision, the level/quality of consideration of risk would need to be assessed. You would do this across a range of governance committees and overtime you should see a pattern develop.

Other than that, focus on delivering value, earning trusted adviser status and what you need should be provided.

Good luck!”

Two observations. Firstly, there were lots of comments about how difficult it is to tangibly measure the value of the risk function. Secondly, it is a universal challenge. Norman is in the US and Sabrina is in Egypt.

As always, I’d be interested to hear your views.

