The iPhone 4S of enterprise risk management


Last year Apple released the iPhone 4S and critics pointed out it was pretty much the iPhone 4 with a big-s glued on. Although there were some minor improvements from the iPhone 4, overall it was pretty much the same phone.

After reading the ERM white paper “Black Swans Turn Grey” from PwC, it made me think that all the authors have done was glue a big-s to existing ERM frameworks. While they try to make it sound like they are proposing a new risk management approach, in fact this paper reads more like an indictment of the people who have implemented ERM poorly. Then again, like the iPhone 4S, perhaps this paper is not intended to for existing customers but to convert new ones instead.

Their suggestions for improving upon existing ERM include:

  1. Align risks to corporate strategy
  2. Develop a risk aware culture
  3. Focus on risk appetite
  4. Align risk and strategy

Aren’t they supposed to be doing this already?

The paper also notes: “Some are not convinced that their return on spending on Enterprise Risk Management (ERM) frameworks is fully justified by the level of protection they gain from them.” To that I say there is nothing wrong with the framework of ERM; it’s the people who are doing a terrible job implementing it.

It’s long been my view that implementing an effective ERM program is an exercise in change management. No more no less. I also believe that the vast majority of people who hold risk management leadership positions were promoted into those roles because someone mistakenly believed that a person who has some auditing experience could naturally do risk management. If that’s the case, not only would that individual probably not have change management experience but they probably don’t even know they require it. If boards are not seeing the gains they expected, blame the people doing the job and not the framework.

What’s more, the authors write that ERM has become a box-checking exercise. Well, what would you expect with all those auditors doing risk management? (Zinger.)

Finally, while I do not read any new breakthrough thinking here I still agree that the key success factor is the cultural transformation mentioned. But until organizations buy into my paradigm that to change culture one needs skilled leaders and change agents with the right set of skills, we are likely to see a lot more boards disappointed by their ERM programs.

2 thoughts on “The iPhone 4S of enterprise risk management

Leave a Reply

Your email address will not be published. Required fields are marked *