Evolution of Risk Management and Risk Managers
May 2nd, 2012
Twenty years ago positions like “Risk Manager” were held by a “glorified secretarial”. We remember some senior corporate officers calling Risk Managers: “the insurance guy”! Indeed an Evolution of Risk Management and Risk Managers has occurred in twenty years!
Twenty years later, lots of pain and efforts have brought the Risk Manager to V.P. level in many companies around the world. Many Risk Management Societies and non profit organization in the domain of risk management, claim, we believe rightly so, that Risk Managers are the officers that better know their company. Therefore the shiniest corporate future awaits them, right?
Another side of the story
As we have followed and coached/advised some very successful Corporate Risk Managers for two decades now, we might as well tell you another side of the story.
It cost us a lot of effort and convincing to bring our clients to accept a simple fact. The Corporate Risk Manager (and her/his advisers) should enter the game before inception of a project. Possibly at early pre-feasibility stages, to avoid the nefarious effects of poor understanding of future risks.
Project teams are often simply too busy to stop and ask the right questions. Sometimes they are simply not skilled in the art of predictive risk management. Conflict of interest constantly lurks. In case of an aborted project they will lose their job, their bonus, after all. They have indeed quite a record of projects turned nightmares for their owners, because of “pain in the neck” type of risks, sometimes bigger accidents and series of quite foreseeable mishaps.
I guess we have won that battle, at least with our most clairvoyant clients!
The new battle
Unfortunately, there is the next one, right here on the table, right now, and it’s a big one!
That new battle is “cyber risks”.
There is an unfortunate tendency to consider cyber risks as technical (IT) issues. That enables to keep them away from the reach of the Risk Manager.
This “exclusion” can be the result of corporate turf wars. For example the IT guys hate to see Risk Managers stick their nose into their very own private technological castle. However, there is a critical reality. The Corporate Risk Manager will help limit the chances of a successful attack. The Corporate Risk Manager should ask “silly non tech questions”. His advisers should ask even more and nastier ones . The corporation will benefit from the IT/Risk Manager interaction. This is particularly true as IT has become so pervasive, SCADA and computers (dedicated or not) are so ubiquitous. Moreover forgotten systems can be on-line somewhere in the plant, because of maintenance activities etc.
If furthermore a program like the one Riskope has designed for a European Ministry of Defence anxious to put in place a holistic cyber country-wide risk management approach is deployed, the least we can say is that corporations will have very seriously increased their resilience, sustainability (in terms of being able to sustain operations in the longer term), and, of course, their competitivity.
Tagged with: cyber risks, future risks, pre-feasibility, predictive risk management, Risk Management, Risk Managers, SCADA
Category: Probabilities, Risk analysis, Risk management, Tolerance/Acceptability