While there continues to be man-made catastrophes and Royal Commissions into the operation of industries such as finance and aged care, one must conclude that risk management has failed in many organisations. The banks and insurance companies were not bereft of resources focussed on risk and compliance. Unfortunately, their efforts had limited impact.
There are many reasons that risk management is not strong and prevalent across the business landscape. The oldest and most entrenched reason is because of the perceptions of risk management as something negative. That risk management is a handbrake on business, a producer of red tape.
Why has this perception persisted? In part it is because of the professional disciplines that picked up the risk management mantra. In the industrial space it was the engineers who are traditionally both technical and have a need for accuracy. This can lead to confusing technical terms and even more confusing equations. The need for accuracy can slow things down.
In the finance and many other sectors, it has been the audit firms who have led the way. The result has been, to a large extent, an audit mindset about risk. That risk management is about mitigating risk rather than harnessing uncertainty to take calculated risks.
The result. We made risk management complex. We created our own language. Risk Speak. We put “risk” in front of or after perfectly normal words like conduct, appetite and reputation. We then set about creating a whole new world around it and separated it out from the world of business.
Hilariously we are victims of the irony of our own expertise. We have been busy telling people how to manage their risk while not managing our own. We are not sufficiently relevant to the businesses we serve to be truly valuable.
We need to uncomplicate risk and ramp-up its value proposition. Otherwise, the next calamity is around the corner and the next Royal Commission is but a short journey away.