Next week I am hosting a roundtable discussion on the future of risk frameworks. I am uncertain as to what may be discovered, however, what I do know is that the topic is of interest. The seats filled fast, and I had a number of my readers send me a note about it, some who could not make the event sent me their thoughts.
One was my Danish colleague Hans Læssøe. He sent me a short paper he authored making the case for dispensing with the risk management function all together. In essence, a situation where all staff understand the need to address uncertainty in their business and take actions to do so.
Let’s see where the roundtable discussion takes us, however for now risk management is here to stay. So let me share a few of the most important points that Hans makes in the paper that I also make in my book Risky Business: How Successful Organisations Embrace Uncertainty:
1. Risk management (coordinated activities to manage risk) is happening everywhere in the business. However, it is not necessarily called that. See my blog titled It’s what we do. Don’t recreate the wheel. Only look to improve it if it is not working rather than making sure the word “risk” be used.
2. We can’t keep doing the same thing over and over and expect a better result. Hence my criticism of the industry and regulators for trying for decades to implement the Three Lines of Defence (now the Three Lines Model). Its design has a few fundamental flaws that go against human nature and I expand on this and more in Chapter 4 Agents of Complexity.
3. We need to put more quantification into our analysis of risk. See my blog Solving Quantifornication.
4. The need to ensure the management of risk is focused on the business and specifically enhancing performance of the business in pursuit of objectives. Or as Hans so nicely puts it:
… the focus of risk management automatically changes from being risk centric and risk averse to being objective centric and focused on optimised/intelligent risk taking.
Thanks Hans and keep up the great work.