• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact

What's the value of risk management… and why hasn’t anyone been able to prove it?

June 20, 2023

While governments and regulators have pushed the concept of risk management across sectors, academic evidence to prove the value of all this activity and associated cost is relatively sparse.  In this Risk Coalition roundtable, the importance of risk management and its potential to add value to businesses was explored by a group of experienced CROs and risk professionals.  This blog post delves into the key points raised during the discussion, highlighting the need for a shift in mindset and a change in the role of risk management in facilitating strategic decision-making.

Unlocking the value of risk management

While there is academic research suggesting a link between the maturity of enterprise risk management frameworks and the relative success of organisations, it is not clear whether this is a causal link.  The discussion emphasised the need to move beyond viewing risk as a mere cost.  By providing better insights and enabling informed decision-making, risk management can help organisations achieve their objectives more effectively.

Shifting perspectives

To demonstrate the value of risk management, organisations must change how they perceive and position their risk functions.  One participant shared an example of rebranding the operational risk manager's role as operational risk advisors.  This change in job title helped shift the perception of the risk management function away from being responsible for managing the organisation’s risks, to a function that provides valuable advice and guidance to the business.  By aligning risk management with business strategy, organisations can foster a collaborative environment where risk professionals contribute to achieving desired outcomes.

The role of risk management in driving business strategy

Participants expressed the need to highlight the positive aspects of risk management, such as identifying opportunities and contributing to strategic decision-making. They also emphasised the importance of obtaining board support and fostering alignment between the board and the executive team to enable effective risk management.

By engaging with senior executives and aligning risk considerations with business objectives, risk professionals can provide strategic insights that support growth and profitability.  The key lies in asking thought-provoking questions, challenging assumptions, and driving discussions that others might shy away from.  Risk managers should strive to become trusted advisors who bring alternative viewpoints to the table, promoting cognitive diversity and breaking away from groupthink.

Ownership and accountability for risk

One participant argued that by having a risk department, you sometimes blur ownership of risk.  So, a key value-add is for risk management professionals to support those who are accountable for risk.  Education around risk management accountabilities – including board accountabilities – is key. 

Board support and independent risk capability

To realise risk management’s full potential, boards must actively support the function.  Consequently, there is a linkage between board effectiveness and effectiveness of an organisation’s risk management arrangements. 

The risk function should be seen as a strategic advisor rather than a mere compliance activity.  Boards play a critical role in fostering an environment where risk professionals can challenge the executive team safely, ensuring effective risk management across the organisation.  Independent risk capability helps keep a check on the executive team's decision-making, promoting transparency and accountability.

Unthinkable risks and the role of risk management:

The discussion touched upon the concept of ‘unthinkable risks’ and the role of risk management in identifying and addressing them.  These are risks that boards may not typically be willing to consider, such as culture – including board culture – related risks.  Risk professionals should have the courage to hold a mirror to the organisation, challenging the status quo and highlighting risks that may not be readily acknowledged.

Contributing to success

The discussion shed light on the value of risk management and the need to move beyond a compliance-driven mindset.  Risk management can significantly contribute to an organisation's success by providing strategic insights, driving decision-making and mitigating risks.

To unlock this value, organisations must recognise the importance of risk management, foster board support, and empower risk professionals to ask the critical or uncomfortable questions that lead to improved risk governance and business outcomes.  By embracing the risk management function as a strategic partner, organisations can navigate uncertainty and seize opportunities in an increasingly complex business landscape.

Chris Burt is a co-founder of the Risk Coalition and a principal at Halex Consulting. In this blog, he summarises a Chatham House Rule discussion held on 8 June, hosted and organised by the Chief Risk Officer Forum (CRO Forum). The CRO Forum was set up by the Risk Coalition to provide an opportunity for risk leaders to exchange views and discuss matters of common concern. To find out more about the Risk Coalition and its CRO Forum, please contact the Risk Coalition Team.

Tags: Chris Burt
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson