I was reading the RIMS report titled: 2008 Financial Crisis: A Wake-up Call for Enterprise Risk Management. Very well written and highlights all the same ideas that Riskczar.com has been blogging about lately.
Was the financial crisis a failure in risk management?
RIMS writes: 1) The crisis resulted from a system-wide failure to embrace appropriate enterprise risk management behaviors; 2) There was an apparent failure to develop and reward internal risk management competencies; 3) There was a failure to use ERM to inform management’s decision making for both risk-taking and risk-avoiding.
On point #2 above, I’ve often said that being a risk manager is like being a janitor: as long as you do your job – sweep, mop, empty the trash – no one notices because after all, you are doing your job very well. Buy everyone once in a while, you might miss a rotting banana peel because someone put it in a place you never thought of looking and all hell break lose. How could you miss this? How did this happen? Great risk managers are rarely rewarded for how well they do their job; they are merely punished when something bad happens, even if it is a black swan event or a hidden banana peel.