Sanitizing Bad News
From our colleague, Annie Searle…
Like practitioners in other disciplines that continue to evolve in a complex technological world, the maturity of risk managers varies widely. In recovering from the 2008 financial crisis, we’ve seen corporate managers rebrand themselves into this field or get promoted into it without necessarily understanding risk frameworks or methodologies. There is a great deal of variation in the maturity of risk programs in large firms and in where such programs are housed organizationally.
When failures occur in risk management, they are almost always a directly tied to the Basel Consortium definition of the four elements of operational risk – “the risk of loss or failure” from people, from processes, from systems or from external events.
Though it is the Chief Executive Officer (CEO) we usually see testifying in front of Congressional Committees, I would argue that CEOs are often the last to know what has gone wrong in their firms. The larger the company, the greater the level of complexity. Auditors and regulators frequently have a poor understanding of technology or services that are based on new innovations. High speed trading instruments, artificial intelligence, cryptocurrencies, and cyber resilience all are rapidly evolving areas of competitive advantage, not usually subject to in depth audit and compliance protocols in their early days except as broad concept explanations. Even if a risk is elevated, it may not yet constitute a compliance issue. The forms of reporting at early stages of what might be a very risky project make it almost impossible for the CEO to ask the right questions of the team. So where is the information bottleneck?
For the rest, click here.
—————–
Annie Searle, Principal of Annie Searle & Associates (ASA), helps companies build world-class risk programs. An internationally known expert in operational risk management with extensive experience in the financial, IT, and emergency services sectors, Searle thrives on complex challenges. She has spent the last decade teaching the next generation of risk and cybersecurity leaders at the University of Washington’s Information School (iSchool) while using her risk practice to write, speak and publish through the ASA Institute for Risk and Innovation.