As a result, risk managers may feel that it might just be more productive to focus on the fundamentals; the blocking and tackling of their daily regime. Let me suggest that they rethink that conclusion and resist the temptation to avoid the challenges of being innovative which could be fatal to their careers. Without innovation, companies cannot successfully compete and risk managers can't make the more influential, strategic impacts that could lead to improved success.
One of the more common innovation hurdles is regulation. It has been quite substantial in its deleterious effect in the recent past, especially in the risk management realm. Industry regulators have on the one hand, often been drivers for a more disciplined approach to risk management while on the other, facilitated bureaucratic reactions to their pronouncements. As an example, in the wake of the Enron era failures, Sarbanes-Oxley led public companies down a path of bureaucratic overkill that has cost millions when the risk (financial reporting accuracy) was limited at best. Not to say Enron, WorldCom and other bad actors of that era didn't have significant impacts. In fact, the losses were no small result indeed (e.g. Arthur Andersen's demise). However, while these failures were limited in long term impact, they spawned massive residual effect (one example was the Sarbanes-Oxley bureaucracy.) Enron had a fairly robust, disciplined risk management function that could have worked had there not been a crisis of integrity, i.e. had senior management done the right thing when presented with the facts. But it's open to argument whether Sarbanes-Oxley was a good risk management treatment.
By contrast, certain rating agencies have been quite innovative in their initial and latter forays into putting flesh on the bones of ERM. In fact, Standard and Poor's was quite successful in prodding early rated companies to help shape S&P's guidance around ERM. Unfortunately, the financial crisis of 2008 and its aftermath have called into significant question the ERM value proposition. I am not suggesting that their strategy did not drive many of their constituents to invest wisely in more robust risk management. However, the gap issue has been more in ineffective execution and a "one size fits many" mentality. This has often led to a compliance oriented response. And while "compliance" is not a bad thing per se, it should not be the key driver for risk management and will certainly seldom lead to risk innovation.
What about corporate cultures as hurdles? While every company has a culture, they are not often characterized by elements that encourage innovation, let alone "risk innovation" which in the view of many, carries with it much personal risk. In fact, "risk attitude" is a key element of corporate culture, but often by default. Suffice it to say, most things that occur "by default" may unhelpful or outright destructive.
I believe the penultimate hurdle to risk innovation is fear; fear of failure, otherwise known as personal risk. It is well founded in research that without risk, innovation is unlikely to occur. Add the "personal" element to the equation and you can expect more of the same, which by definition is the antidote to innovation. Innovation requires risk to be taken. Risk innovation requires leaders to stick their necks out. Who among us will do that?
CHRIS MANDEL is the president, Excellence in Risk Management LLC, and executive vice president, rPM3 Solutions LLC, a long-term risk management leader and former president of RIMS.
April 13, 2012
Copyright 2012© LRP Publications