James Pajakowski, EVP of Global Risk Solutions with Protiviti was asked what is most misunderstood today about risk management in Bank Info Security:

You can eliminate all risk in an organization. If you do that you are probably also going to eliminate all upside. So you have to live with risk, and it is just part of the equation, you know, risk and return; we sort of learn that the first day in business class. Sometimes people want to separate those two, and you have to realize that sort of managing the business is managing the risk of the business, and entering into business is entering into risk.

And so I wouldn’t be scared of it; I wouldn’t try to eliminate it all because you can’t. But I do think there is an extraordinary responsibility on those responsible for managing the business for understanding, evaluating and elevating and bringing transparency to the risks that they face, and it is not a bad thing. It’s not something that should be hidden, not discussed, people to be afraid of; it is just the reality that exists when you are in a business venture.

If you don’t have risks, you probably don’t have return. And that is what I would say, and I think that has changed a lot. I remember 10 years ago if you brought up the topic of risk with the Chief Executive Officer, they normally got very uncomfortable and they thought ‘Yeah, here we go we’ll have a negative conversation.’ Now they bring it up, and they want to talk about it because they realize it is just an inherent part of business. And those that understand their risks better and bring them out and discuss them in an open way in their organization and aren’t afraid of them, aren’t afraid of the fact that risks exist and you need to manage it, you know, do better, and so I think that has evolved a lot in the last five to ten years.