How should a risk officer feel about taking risk? What is the ideal ‘risk attitude’?
Before the pandemic, I was a speaker at Microsoft’s risk and audit conference. During my presentation, I asked people (all were risk officers) whether they would take a risk in their personal life. My belief is that your attitude towards taking personal risk carries over, to an extent, in your thinking about taking risk in your business life.
The risk I used as an example was purchasing a lottery ticket and losing or winning money.
I picked on a lady in the front row.
“Would you buy a ticket for $5 if the chances of winning $100 are 1%?”
“No.”
“Would you buy that ticket if the chances of winning $100 were 10%?
“No.”
“Would you buy the ticket if you had a 10% chance of winning $100,000?”
“No.”
At this point everybody in the room knew this was a highly risk-averse individual.
How would this affect her work as a risk officer?
Consider a situation where corporate policy limits new customers to $100,000 credit. She is informed that division management has decided to grant a new customer a credit line of $500,000 because:
- There is an opportunity to steal a major customer away from their major competitor
- The profits generated from sales to the customer would be substantial, with gross margins much higher than sales to existing customers
- The company has an excellent credit history and rating from the agencies
Would she see her role as challenging the decision because it goes against firm policy? Or would she see her role as helping division management work with corporate management to get approval for an exception?
I suggest that you need a risk officer who has practical business experience, business sense, and an attitude to match. When an exception or even a change in policy makes business sense, the risk officer should be a champion and enabler.
One test is whether you would take the risk if you were in charge of the business. If you would, then I believe you should support management in discussions with more senior management.
In fact, the best risk officer is one that points out when management can be taking more risk!
On the other hand, do we want a risk officer who loves bungee jumping and parachuting? Maybe, if that individual takes thoughtful risks after taking all reasonable precautions.
What we don’t want is a risk officer who sees their role as the corporate police, keeping cowboys in management under control.
What do you think?
- What is quality internal auditing? - April 17, 2024
- Conflicting research and thoughts on ESG - March 20, 2024
- Useful ethics training for internal auditors - February 21, 2024