Strategic Risk Leadership
eBook - ePub

Strategic Risk Leadership

Engaging a World of Risk, Uncertainty, and the Unknown

  1. 148 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Strategic Risk Leadership

Engaging a World of Risk, Uncertainty, and the Unknown

Book details
Book preview
Table of contents
Citations

About This Book

Modern risk management as practiced today faces significant obstacles—we argue—primarily due to the fundamental premise of the concept itself. It asserts that we are mainly dealing with measurable, quantifiable risks and that we can manage the uncontrollable by relying on formal control-based systems, which has produced a general view that (enterprise) risk management is a technical-scientific discipline. Strategic Risk Leadership offers a critique of the status quo, and encourages leaders, executives, and chief risk officers to find fresh approaches that can help them deal more proactively with what the future may hold.

The book provides an overview of the history of risk management and current risk governance approaches as prescribed by leading risk management standards, such as COSO and ISO31000. This enables practitioners to challenge the frameworks and improve their adoption in practice introducing sustainable resilience as a (more) meaningful response to uncertain and unknowable conditions. The book shows how traditional thinking downplays the significance of human behavior and judgmental biases as key elements of major organizational exposures illustrated and explained through numerous case examples and studies.

This book is essential reading for strategic risk managers to understand the requirements for effective risk governance practices in the contemporary and rapidly changing global risk landscape. Indeed, it is a valuable resource for all risk executives, leaders, and chief risk officers, as well as advanced students of risk management.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Strategic Risk Leadership by Torben Juul Andersen, Peter C. Young in PDF and/or ePUB format, as well as other popular books in Commerce & Stratégie commerciale. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Routledge
Year
2020
ISBN
9781000028867
Edition
1
Topic
Commerce
Subtopic
Stratégie commerciale

1 Is this a risk management book?

When life strips off all her finery, what remains is fortune. Everything that happens is a constant collision of tossed dice.
Roberto Calasso1
We see Roberto Calasso’s quote as a rather precise description of what humans are up against when it comes to managing risk. It is particularly relevant to our book, for over the span of time since the Classical Greek era, history has—in effect—produced an inversion of Calasso’s statement. How did this happen? A study of the history of ideas might begin to answer that—we are not going to pretend that our book can serve as a substitute. Let us just say that—by the end of the 15th century—the stage was set for a rapid acceleration (through the Renaissance, the Reformation, and the Age of Enlightenment, the Industrial Revolution, into the modern age) in humankind’s ability, desire, and willingness to describe and understand our uncertain world; to come to measure some aspects of that uncertain world with increasing levels of accuracy; and to slowly reorient us to the view that ours essentially is more a risky world than an uncertain one. This most certainly applies to the field (academic and professional) of risk management, the subject of our book.
A technical clarification here. We define risk as measurable uncertainty, so risks are a special category of uncertainty where it is possible to gather observations, or rather where observations have been assembled for analysis (or in recent centuries, developed through theoretical methods) to quantitatively estimate future outcomes. Uncertainty is—well—everything else.
Back to Calasso. His book is an imaginative restructuring of Greek mythology. Are we, therefore, suggesting that our book will be a demonstration of modern mythmaking? Well, we are not cultural anthropologists, but we would argue that science and mythology both seek to explain the mysteries of our existence. In that sense, we see them as endpoints on a continuum and not as distinct unconnected ideas. Thus, a challenge will be to view this imagery as a specific frame of reference risk management must adopt. In doing so we may come to see mythology as a method of illumination that can tell us a great deal about how we should think about uncertainty (and risk). For example, establishing explanations of an uncertain world through narratives will make an appearance in our book, as will the sense that careful thinking about such stories can tease out the distinction between truth, accuracy, and meaning. In other words, a slightly relaxed view of the idea of mythmaking allows us to shine a light on a more expansive means of introducing rational approaches to seeing and explaining our uncertain world.
Having said that, let us be clear. As modern-day scholars we support all efforts to increase our abilities to assess and analyze our uncertain world. Without doubt, our ability to better anticipate the future is one of the reasons for advancement in standards of living over the last 300 years; particularly in the fight against disease, hunger, poverty, unsafe conditions, and insecurity. However, we have come to recognize that the human record on actually converting uncertainties into risks is pretty pitiful when we consider the vast array of things that cannot be quantified. Thus, a central feature of our thinking about risk management is to focus primarily on uncertainty and—let us throw in something that we will explain later—unknowability.
Uncertainties, by definition, are unmeasurable (or, at best, are somewhat measurable or are awaiting future measurability), and that attribute presents the problem of employing consistent and rational analytical processes. In response, we have had to challenge ourselves to develop our argument on two fronts: 1) that the modern view of risk management should be centrally focused on uncertainty, while 2) acknowledging that in recognizing the centrality of uncertainty we will need to battle energetically against the forces of superstition, prejudice, fear, greed, and faulty perceptions. In other words, we sit in the critical thinking camp; a camp that rejoices when we have the capacity to add precision to our thinking about risks, but that also believes we should widen our lens to consider risk assessment to be just a special category of a larger task—assessing the uncertain and unknown. Later we will develop the notion that risk management is primarily a way of thinking, and this paragraph provides a small glimpse into our reasoning.
The risk management guidances, COSO and ISO 31000, will come in for some critical analysis later in this book, but we want to be fair and note that, for example, ISO’s recent 2018 update does seem to reveal an emerging view that is consistent with ours.
Risk is now defined as the “effect of uncertainty on objectives”, which focuses on the effect of incomplete knowledge of events or circumstances on an organization’s decision making. This requires a change in the traditional understanding of risk, forcing organizations to tailor risk management to their needs and objectives—a key benefit of the standard.2
We return to Calasso once more before moving on. The Calasso quote provides us an additional clue as to where our book is headed. His statement offers no particular sense of progress or the narrative arc of history. Things just happen; the dice clash over and over again. This feels alien to our own time where the Enlightenment (among many influences) has led modern sensibilities to an abiding belief in progress. And, as will be seen, risk management is very much a modernist-progressive project—we are engaged in taming a hostile world, and we aspire to shine an improving light on a future that is better than the present. It is an admirable project and, honestly, we are all for it. Improvements in the lives of humans have given us the privilege of envisioning an even brighter future. We hope humans never lose that sense of optimism.
But from our narrower examination of risk management, we have to say that the image of clashing dice probably more accurately depicts the day-in-day-out life of the practicing risk manager—with no illustrations of that fact being more vivid than the dramatic and extreme events that headline our daily news. Among many key observations, we will wonder why that hope for a brighter future does not lead to humans demonstrating an easy ability to envision the long run (and, as importantly, to stick with any long-run plan that might emerge). In exploring this particular issue, we will encounter the subjects of values, beliefs, behavior, and culture as matters of critical importance.
Before setting out this chapter’s introductory description of the present-day scene and teasing out a set of insights that will serve as building blocks for the rest of the book, we want to translate our opening statements into a more subject-matter-specific declaration of our views on uncertainty, supplementing that with a short sidebar look at the issue of time.

Uncertainty is the name of the game

Let us begin here by noting that our primary dilemma in writing this book is that the term risk management is not really an accurate description of what we will be discussing. While we have decided to stay with that appellation, we also realize that such a decision presents us with certain problems. Notably, continuing to employ the term serves to confuse those who have come to define risk management in its more traditional forms. However—we confess—we are stuck on this.
Given this self-imposed constraint, we will aspire to make the case that the management of risk aligns with only a very small part of what goes on in the world of risk management. Yes, for some risk managers in financial institutions a sizable part of their work involves the manipulation of large data sets, but for most individuals toiling in the field, well, they are working against uncertainties and—here is that word again—unknowabilities. Does this really matter? Does it matter if a risk manager conceives the job as primarily an attempt to view or conceive of uncertainties as risks? Perhaps not in the particularities of risk management practices, but as we will show there is a strong human tendency to mentally convert uncertainties to risks (and convert risks into certainties) even when the volume and quality of information suggests that employing the word risk is not warranted and indeed may harmfully influence our thinking. So, although our argument will need to be carefully made, we believe there is an important difference in starting from the view that we exist in a world of uncertainty and that we are obliged to bring a high degree of skepticism to any proclamation that we can take a quantitative risk assessment at face value.
And further, even on rare occasions where we might be able to come close to saying something has become a risk (such as, insurance market data or market data for financial derivatives), we would have to note that there are very clear illustrations of elegantly produced, data-abundant risk modeling destroyed by 1) the unexpected/unmeasurable, non-modelable and 2) the gullibility that we demonstrate by our uncritical acceptance of the results produced by a quantitative risk assessment exercise. We offer four words in support of our view—the 2008 financial crisis. Note that even well before this extreme event occurred, Nassim Taleb had identified the elephant in the room, which he referred to as a ‘Black Swan’ phenomenon.3 And to this day he continues to remind us that, “We are managed by small (or large) accidental changes, more accidental than we admit.”4
For just one more time let us be clear—we support the earnest quest to quantify and otherwise measure our uncertain world. Better understanding of our complex world should always be applauded. However, human perception and behavior under conditions of uncertainty can wreak havoc; a point that may be acutely relevant even when dealing with huge data sets and complex assessment methodologies. Intelligent data analyses can help us manage more effectively, but quite often they can also lead us into trouble.
Clearly, the right response is NOT to close our eyes and pretend that ‘soft’ issues that are hard to measure do not exist. As Carlo Rovelli concludes: “The temporal relations between events are more complex than we previously thought, but they do not cease to exist on account of this.”5 They do exist (indeed, we argue they dominate), they are truly impactful, and if we don’t take them seriously we encounter trouble—unless we are lucky. We will later have something to say about luck too.
There is one additional thing to note regarding risk/uncertainty/unknowability. It is our contention that organizations mainly encounter uncertainties, but additionally this engagement seems particularly pronounced the higher one scales the organizational ladder. Adequate data—wherever it can be found—tends to reside in the more operational levels of organizational life. Phenomena such as work-related injuries, currency fluctuations, product defects, and data breaches frequently present managers with useful data that allows for assessment and more focused decision making (but even then …).
However, top managers—while clamouring constantly for more data—really operate almost completely in a world of uncertainty. They rarely have enough information to make strategic decisions, and in fact, we might go so far as to say that they are also frequently confronting the unknown rather than the known. This produces a slightly paradoxical and troubling effect in its own right—the less available the data, the more desperately managers cling to whatever data they can find.6 It is partly for this worrisome insight that the risk leader phenomenon (a concept we explore later) has emerged in recent years. There are other reasons, of course, including regulatory and legal requirements, but we see the essential motive is to place someone in an elevated position to oversee all efforts to assess and address risk and uncertainty. To provide risk/uncertainty expertise, judgment, and insight, if you will.

Sidebar: risk, uncertainty, and the long run

This sidebar may seem, at least at first, a bit incidental to the preceding discussion on risk and uncertainty. However, it sets out an insight that is emblematic of a range of issues that come front and center in our way of thinking. Provocatively, we would phrase the issue this way: ‘Does the long run matter?’
Contemplating this question requires us to hold two thoughts in balance: 1) of course it is worthwhile to value and plan for the future, while also believing that 2) hardly anybody ever sticks with it (and to be fair, the high complexity of our modern world may absolutely bar the chances of sticking with it). We do not want to appear polemical here, but there is fairly significant research suggesting that humans generally have difficulty with the concept of time, which becomes particularly vexing when considering time over an extended period.7 It would be nearly insulting to readers to elaborate too much on this as it is obvious to most that, for instance, a dollar on offer 50 years from now will not possess the same value as a dollar put on offer in the present. In business schools this idea is encoded in the concept of the time value of money, which—to be honest—is both useful but also very much misused.
Note also that the long run often comes faster than one should think—indeed, the lifetime of firms seems to be shortening. So, yes, we believe that thinking about the long-term and sustainable aspects of the business is important, both for equity owners, but also for society at large. Yet, there is precious little evidence of working, successful long-term commitments while evidence of short-termism abounds. At any rate, while there is an important argument to be made about the effects of this phenomenon on headline-grabbing issues like the global climate, we choose here to narrow the discussion to a more functional level. Simply put, risk management can be characterized as involving the expenditure of resources in the...

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Table of Contents
  6. Acknowledgements
  7. Foreword
  8. 1. Is this a risk management book?
  9. 2. The story of risk management
  10. 3. Standards and practices
  11. 4. Thinking about (thinking about) risk management
  12. 5. What, then, is risk management?
  13. Index