• First Reference
  • About us
  • Contact us
  • Blog Signup 📨

First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies
You are here: Home / Business / Risk in the fourth dimension

By Occasional Contributors | 3 Minutes Read March 31, 2017

Risk in the fourth dimension

risk“[…]we should manage risk because of its value to the organization, not because we are told to do it, because it is in the governance code, it is our job, or because of professional standards.”
As a young boy, my family often spent our vacations at a hotel near Rimini, on the Adriatic coast of Italy.
The hotel owner had a six year old son. If I recall correctly, his name was Mario.
Mario only spoke a little English, which he had picked up from guests. But there was one word that he used all the time and which I recommend to you now.
The word, a magic word with amazing power, is “why”.
“Why are you going to the beach?” “Why do you want to swim?” “Why do you want a tan?”
Let’s think of the power of this word when it comes to risk and risk management.
For board members and executives, the question is “why should I spend my limited time on risk management? Do I do it only because it is expected or the regulators told us to do it?”
For risk practitioners, the question is “why should risk management be important to the organization and its leaders? Are its leaders only paying scant attention because it is expected or required for compliance with regulatory requirements? Why am I doing this; is it because my job is to help manage risk, or is it for some larger purpose?”
For internal auditors, the question might be “why should I assess risk management? Is it because that is what internal auditors are expected to do? Is it because it is ‘best practice’ or required by IIA Standards?”
I think these are all good questions that demand answers.
The answers are the key to unlocking the value of risk management.
The journey to the answer to the question ‘why’ starts with answering the question ‘what are we trying to achieve?’
We say that risk is about achieving objectives. So what are they? What are we trying to achieve?
We also say that risk management enables us to make more intelligent and informed decisions, and that making the right decisions is how we achieve our objectives.
So, every time we think we need to make a decision, we should ask “What are we trying to achieve?” followed by “Why are we making this decision?”
Now, we can start to think about what might happen (getting rid of the ‘r’ word, which only limits our thinking).
We can progress to additional questions, such as “Do I have all the information I need; am I involving the right people; how will my decision affect my and others’ objectives; what are the options; which is best; are any of the potential consequences of the decision unacceptable?” and so on.
But if you don’t have an answer to why you are making the decision and what you are trying to achieve, will you make the right decision?
For board members and executives, there has to be a rational and adult answer to “why should I care” and “why should I spend my time?”
As adults, we shouldn’t be doing things just because we are told to do them.
As children, when our mother told us to make the bed, did we do it well or just enough to get by?
If we were in the armed forces and the sergeant told us to make the bed, we probably made it better than was really needed for our comfort.
As adults, we make it (I hope) well enough to make the room look OK and our bed comfortable when we return to it.
As adults, we should manage risk because of its value to the organization, not because we are told to do it, because it is in the governance code, it is our job, or because of professional standards.
Understanding the value starts with “what are we trying to achieve?” on the journey to “why are we doing this?” and “what is the right decision?” The word ‘we’ includes us as individuals, as members of a team, but especially the interests of the organization as a whole.
Let’s take a specific risk management task, the report to the executives and the board.
Why do we do this, prepare and share the report?
What are we (the risk practitioner) trying to achieve?
What are they (the board and executives) trying to achieve?
Is this the right communication? Is it helping them achieve what they want to achieve?
Are we practicing risk management as children (doing what we are told or is expected) or as adults (doing so because it helps the organization and its leaders succeed)?
I welcome your comments.
Norman D. Marks, CPA, CRMA
Author, Evangelist and Mentor for Better Run Business
OCEG Fellow, Honorary Fellow of the Institute of Risk Management

  • About
  • Latest Posts
Occasional Contributors
In addition to our regular guest bloggers, First Reference Talks blog published by First Reference, provides occasional guest post opportunities from various subject matter experts on the topics of human resources, employment/labour law, internal controls, information technology, not-for-profit, business, privacy, tax, finance and accounting, and accessibility in Canada among others. If you are a subject matter expert and would like to become an occasional blogger, please contact us. If you liked this post, subscribe to First Reference Talks blog to get regular updates.
Latest posts by Occasional Contributors (see all)
  • Corporations Canada and new transparency about federal non-profit corporations under the CNCA and new fees for certain documents - December 21, 2022
  • How much should a Canadian registered charity spend on administration? - November 30, 2022
  • Finance proposes changes to disbursement quota for charities and some increased transparency - November 11, 2022

Article by Occasional Contributors / Business, Finance and Accounting, Information Technology, Privacy / risk, risk management, risk practitioners

Share with a friend or colleague

Get the Latest Posts in your Inbox for Free!

Electronic monitoring

About Occasional Contributors

In addition to our regular guest bloggers, First Reference Talks blog published by First Reference, provides occasional guest post opportunities from various subject matter experts on the topics of human resources, employment/labour law, internal controls, information technology, not-for-profit, business, privacy, tax, finance and accounting, and accessibility in Canada among others. If you are a subject matter expert and would like to become an occasional blogger, please contact us. If you liked this post, subscribe to First Reference Talks blog to get regular updates.

Footer

About us

Established in 1995, First Reference is the leading publisher of up to date, practical and authoritative HR compliance and policy databases that are essential to ensure organizations meet their due diligence and duty of care requirements.

First Reference Talks

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies

Main Menu

  • About First Reference
  • Resources
  • Contact us
  • 1 800 750 8175

Stay Connected

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

We welcome your comments on our blog articles. However, we do not respond to specific legal questions in this space.
We do not provide any form of legal advice or legal opinion. Please consult a lawyer in your jurisdiction or try one of our products.


Copyright © 2009 - 2023 · First Reference Inc. · All Rights Reserved
Legal and Copyright Notices · Publisher's Disclaimer · Privacy Policy · Accessibility Policy