Making the Leap from Risk Management to Risk Mindfulness

Viewpoints on the practice of risk management have changed dramatically over the past several years.  The financial crisis of 2008 as well as other high-profile catastrophes like the Gulf Oil Spill have forced companies and boards to re-examine how they are addressing potential risks to their businesses. A recent study by the Economist Intelligence Unit highlights this fact as evidenced in the following excerpt.

Risk management can be a thankless task. Just ask Paul Moore, the former head of regulatory risk at HBOS, who claimed that he was sacked because he told the bank’s board that it was taking too much risk. In the wake of the financial crisis, stories that banks would sidestep risk managers in order to get deals done were legion. Risk managers with legitimate concerns about the business were ignored and regarded as a brake on growth.

Three years on, the perception of risk management has changed. In the financial services industry, there is a clear consensus that serious mistakes were made with either risk management or risk governance. In response, banks and other financial institutions are beefing up risk departments and creating new governance structures that add to the risk function’s authority and independence. Boards are creating risk committees and ensuring that non-executives are providing effective oversight of the company’s risk exposure. Chief risk officers are being granted powers of veto over decisions made by executive management and reporting directly into non-executive directors.

This renewed zeal for risk management extends far beyond the banking sector. Events such as the financial crisis, and more recently the oil spill in the Gulf of Mexico, have reminded senior executives that failures in risk management can prove to be extremely costly, not just to a company’s financial performance, but to their own careers and, sometimes, the lives of employees. The incentive to ensure that there is a clear and consistent approach to managing risk across the enterprise has never been greater.

However, although risk management is currently enjoying an unprecedented level of authority and visibility, it remains a function in transition. Examples of companies that take a genuinely strategic approach to their risk management remain few and far between. Communication between risk functions and the broader business can sometimes be fragmented, while an enterprise-wide culture and awareness of risk can be difficult to achieve.

What is needed is a new approach towards addressing risks or what we call “Risk Mindfulness”.  “Risk Mindfulness” is a term coined by Wheelhouse Advisors as a result of discussions with many companies about their approaches to gain a better understanding of their risk profiles.  What we have discovered is that many people have a very narrow (and sometimes negative) view of the term “Risk Management”.  The term “Risk Management” usually conjures up thoughts of insurance or compliance activities that have a very limited, historical focus on minimizing known risks.

“Risk Mindfulness” is meant to be more forward-looking and integrative.  Rather than seeking only to minimize or eliminate risk altogether, “Risk Mindfulness” supports the notion that the only bad risks are those that are not well understood and not fully incorporated in a company’s strategic plan.  Also, “Risk Mindfulness” should be company-wide and not restricted to certain individuals.  As the company as a whole becomes more mindful of how objectives will be successfully achieved given the potential risk, better decisions will be made and greater value will be realized.  To learn more about how your company can benefit from this new way of thinking, email us at

The Human Element of Risk Management

Over the past decade, risk management became more about quantitative models and less about behavioral models. Unfortunately, as we discovered during the recent financial crisis, even the best quantitative models cannot predict the result of misguided behavior. In this week’s edition, Bloomberg Businessweek magazine provides a special focus on risk management with interesting viewpoints such as this:

As business has grown more complex, we have developed elaborate protocols, systems, frameworks, and approaches to manage risk. A consequence of putting science at the forefront of these risk management systems has been a stripping of human behavior out of the risk model.

The future of risk management lies in an ability to incorporate and inspire more of the behaviors we want, finding new models to map, monitor, intervene, support, and react to the behaviors of individuals and groups—both the behaviors we want to encourage and those we’d like to avoid. Critically, this taking account of behavior means we need a much sharper comprehensive strategy for corporate culture, so that our models are founded on the way “things really happen around this place.”

Examining the human element of risk management is a key part of Wheelhouse Advisors’ upcoming workshop, Navigating Risk: From Crisis to Innovation. To learn more about the workshop and enroll for this groundbreaking event, please visit

Navigating Risk: From Crisis to Innovation

A big challenge for many companies today emerging from the financial crisis is retaining their ability to innovate new products and services. The typical view is that the larger the company, the harder it is to innovate. Why is that? It seems counterintuitive given the vast resources of larger companies compared to their smaller competitors. This issue was recently highlighted in an article on Here are the views of a few who have examined the issue in greater detail.

Can companies grow and continue to be creative and innovative? Or will smaller operations always have a monopoly in the new-ideas department? “I don’t think there’s any reason why you can’t be as big as Goliath and as nimble as David,” said Jim Andrew, a senior partner at the Boston Consulting Group, which publishes a yearly list of the world’s top innovative companies in conjunction with Bloomberg Businessweek. This year, Apple, Google, Microsoft and IBM led the list. Facebook and Twitter were nowhere to be found.

“Big companies have a tremendous number of advantages that should allow them to actually be, I would argue, more innovative than a given smaller company,” Andrew said.  The tech giants tend to have a wide range of products or services to offer — meaning they can take bets on new ideas without risking their entire business, Andrew said. Start-ups, in contrast, tend to base their future on a single product or concept. They bet big, but most of them “end up dying,” said Karim Lakhani, an assistant professor at Harvard Business School. “They go out there, they try different things and then there’s a large, large failure rate,” he said.

Both Lakhani and Andrew said it’s easy for big companies to get too comfortable and forgo the risks that are necessary for innovation to occur. “As companies get bigger that latitude [for employees to be creative] often unfortunately gets taken over by more rigid management structures and more rigid philosophies,” Lakhani said.

For those interested in exploring this dilemma further, mark your calendars for an upcoming workshop that will help you navigate the risks associated with innovation.  On January 11 & 12, Wheelhouse Advisors will conduct an executive workshop entitled Navigating Risk: From Crisis to Innovation. The workshop will be held at the highly renowned Old Edwards Inn & Spa in beautiful Highlands, NC.  For more information, email or call 404-805-9203.

ERM Adds to Brand Image and Competitive Advantage

A recent report by the Aberdeen Group reveals the concerns of executives today and their interest in developing Enterprise Risk Management (“ERM”) programs. The report includes survey results from 213 finance executives regarding their views of ERM.  One of the more telling results from the study is the listing of top catalysts for creating an ERM program (see figure 2 below). Rather than compliance requirements heading the list (as was the case for most companies before the financial crisis of 2008), now companies are more concerned about their brand image and competitive advantage. A close second on the list is the financial impact from the market upheaval as described in the report excerpt below.

With increased consumer and governmental scrutiny, today more than ever companies must be aware of events that directly impact their brand image. Maintaining credibility with investors and stakeholders can drive up the cost of capital; for publicly traded companies that are more regulated and expected to demonstrate good governance, this can translate to significant stock price movements and debt-rating downgrades.

Related to the issue of cost of capital, the economic upheaval also drove up the cost of credit and limited availability to the companies with the highest credit ratings. As capital is further constrained, businesses also need to be concerned about potential disruption and even failure.

The cost of not having an effective ERM program has certainly ratcheted up over the past few years.  The question now becomes “can you afford not to invest in an ERM program?”

Fear of Innovation is a Huge Risk

At a time when crisis management has been the primary focus, no other industry is better positioned for an innovation leader to emerge than is financial services. Most financial services companies have retrenched and allowed their product development and technology to wither on the vine. Customers have suffered from sharp declines in service quality as a result. The company (or companies) with the fortitude to make significant investments in innovation will capture significant market share and greater profits. Three areas of innovation have been hot topics at this week’s 2010 Bank Administration Institute’s Retail Banking Conference.

1) The mobile phone is the new branch. Twenty-five percent of consumers have ditched their wireline phone and gone completely wireless. This of course puts increased pressure on banks to invest in mobile banking and payments. Yet except for remote check capture via mobile phones from banks like USAA, real innovation remains elusive. Most of the industry innovations are being driven not by banks, but by specialist companies like mFoundry, ClariMail, Monitise, Mocapay, PayPal, Bling and Obopay.  This while bankers complain that their major tech suppliers, including First Data, Fidelity, Fiserv and Jack Henry, are just not moving fast enough to meet their needs.
2) Social Networking is a dangerous tool for customer interaction but necessary. Banks get that social networking are here to stay. And many believe it has the potential to be something other than a digital version of a call center. But social networking is not a controlled environment and that scares bankers. It should. Sites like Twitter and Facebook provide a podium for every whack job to speak his or her mind. The benefactors of the uncertainties that retail banks have about how to use and measure social media effectiveness are likely IBM, SAS, SAP and Microsoft and could provide a watershed year for a slew of nimble-footed specialist firms who are building business to consumer (B2C) enterprise grade measurement and engagement tools.
3) Cloud Computing: the outlook remains cloudy. Instinctively it would seem that cloud computing technology would be a critical weapon to break down the line of business silos that exist in retail banks. This seems especially true given consumer demands to have an experience they value, on their terms, on the bank interaction channel of choice — online, mobile, ATM or branch, irrespective of the type of business a consumer wants to transact with the bank. Consumers value convenience and they want to define what convenience looks like. But banks seem crippled to navigate the abyss of implementation schemes, cost sharing, regulatory compliance, security and customer ownership issues.

Fear of innovation is a very real risk that many companies face in today’s uncertain environment. The value of innovation is at its maximum during times of complexity and chaos. Those companies that work to escape the fear and embrace innovation will be the ultimate winners, while those that do not will suffer a painful fate.

Companies Are Thinking About Risks In New Ways

Why do some companies loathe risk management? Well, many will say because it is a bureaucratic exercise devoted to minimizing risks at the expense of future growth and innovation – and in many cases they are right. This is due to the way risk management as a discipline has evolved as well as how risk management practitioners have been taught. For better or worse, risk management tends to lean towards insurance and compliance or, in other words, ways to minimize risk and increase paperwork.

So, when board directors and senior executives hear the words “risk management”, they immediately shift their focus to the more commonly held view and neglect the real value of the discipline. The real value of risk management comes from developing a keen understanding of the critical risks related to a company’s strategic objectives. With this understanding, companies can leap-frog the competition by addressing risks in an innovative and unique manner.

Wheelhouse Advisors has developed a tool set to help companies jump-start their new approach to understanding risks. Known as The ERM Compass™, the tool set is designed to identify opportunities to improve a company’s “risk mindfulness.”  Risk mindfulness is a new way of viewing risks – a forward-looking and continuous approach that allows a company to use risk as a driver of intelligent growth and innovation.  The level of a company’s risk mindfulness is measured using The ERM Compass™ Scorecard.  The Scorecard focuses on four primary areas of risk as they relate to a company’s strategic objectives (see figure below). Scores are calculated for each risk area using five critical components of risk mindfulness. With the scores in hand, companies can easily determine the direction they need to take in order to increase their risk mindfulness and create value.

To learn more about The ERM Compass™ and to schedule a complimentary review, email us at

Harvard Professor Agrees that Companies Need a Risk Scorecard

Earlier this year, Harvard professor Robert Kaplan (the originator of the Balanced Scorecard used by many companies in setting strategy and managing their businesses) sat down for an interview to discuss how companies can learn from the latest financial crisis. His answer to an inquiry into what has been lacking at companies is quite interesting and consistent with the thoughts of this blog. Here’s what he had to say.

If I had to say there was one thing missing that has been revealed in the last few years, it’s that there’s nothing about risk assessment and risk management. My current thinking on that is that I think companies need a parallel scorecard to their strategy scorecard – a risk scorecard. The risk scorecard is to think about what are the things that could go wrong? What are hurdles that could jump up, and how do we get early warning signals to suggest when some of these barriers have suddenly appeared so you can act quickly to mitigate that. [Risk management] turned out to be an extremely important function that was not done well by many of the [financial services] companies we talked about earlier. Risk management was siloed and considered more of a compliance issue and not a strategic function. Now we see that identification, mitigation and management of risk has to be on an equal level with the strategic process.

Professor Kaplan is right on point with what is needed today by companies in the complex, globally competitive world we live in. Wheelhouse Advisors has developed The ERM Compass™- a simple, straightforward roadmap for companies looking to develop a risk scorecard. If you are interested in learning more, please email us at

Risk Oversight at U.S. Companies Lags Behind

The American Institute of CPAs (AICPA) and the Chartered Institute of Management Accountants (CIMA) just released a study about the current state of enterprise risk oversight at major corporations across the globe.  The findings in the study that was conducted independently by North Carolina State University demonstrate the disparity in progress made by U.S. based companies versus the rest of the world.  The following are a few of the more telling results.

  1. 84% of U.S. respondents assessed their risk oversight processes as ranging from very immature to only moderately mature. In contrast, 61% of the global respondents assessed their risk oversight as falling in those ranges. Only 1.5% of U.S. respondents and 8.2% of global respondents assessed their risk management oversights as ‘very mature/robust.’
  2. There seems to be a noticeable difference in the extent that top risk exposures facing the organisation are formally discussed when the board of directors discusses the organisation’s strategic plan. Over 60% of global respondents indicated that the extent of discussion about top risk exposures facing the organisation was extensive to ‘a great deal.’ In contrast, only 39% of U.S. respondents rated the level of discussion to that extent.
  3. 46% of global respondents describe their risk oversight process as systematic, robust, and repeatable in contrast to 11% of U.S. respondents who believe they have a complete enterprise-wide risk management process in place.
  4. Most organisations have not formally designated an individual to serve as chief risk officer or equivalent, although global respondents indicated a higher occurrence (31%) in contrast to U.S. respondents (23%).
  5. 50% of global respondents and just under one-third of U.S. respondents indicate that their boards of directors are increasing ‘extensively’ or ‘a great deal’ their focus on risk management activities and processes.
Based on these results, it is apparent that U.S. companies are lagging behind the rest of the world when it comes to risk oversight.  In order to successfully compete on the global stage, U.S. companies must begin to narrow the gap with increased investment in enterprise risk management programs.  Otherwise, a significant competitive advantage to manage risks in an increasingly complex world will be ceded to others.

New SEC Ruling Promotes Better ERM Practices

U.S. public companies are now beginning to provide greater disclosure about their Enterprise Risk Management (“ERM”) practices due to a new Securities and Exchange Commission (“SEC”) ruling.  As these disclosures emerge, it is becoming apparent that companies are in varying stages of maturity.  In a recent webcast hosted by Marsh, executives from several companies described their experience with the new ruling.  Here is what one of the panelists had to say.

Denise Kuprionis, vice president, secretary and chief ethics and compliance officer for E.W. Scripps Co., a media company, said the new disclosure requirements are good, but they will not be easy for companies to implement.  At her company, she related, evaluating risk involves a wide range of management and requires the management committee that governs risk to both report on perils and give updates. Implementing ERM practices, she said, is not a hindrance to companies taking risk, but serves to encourage management to take a holistic  approach to thinking about risk. “Risk is good and companies have to take risk to be successful,” she noted.

As ERM becomes more widely understood, companies will begin to see how they can utilize it to their competitive advantage.  To learn more about ERM and how Wheelhouse Advisors can help, visit

How Trustworthy Is Your Company?

Last week, an executive roundtable session was held here in Atlanta at the Carter Presidential Center to discuss views on the increasing need to rethink corporate governance.  During the session, Walter Smiechewicz from Audit Integrity provided some compelling insights into measuring corporate governance practices and the overall value of having a strong corporate governance program.

Audit Integrity bases their analysis of corporate governance practices in a proprietary ratings methodology they refer to as Accounting and Governance Risk or AGR.  The firm has analyzed public financial statements and related disclosures to calculate an AGR rating for every U.S. publicly traded company.  Using these ratings, Audit Integrity has also determined a strong correlation between higher AGR ratings and higher shareholder returns.  As a testament to the accuracy of the AGR rating, Forbes magazine has used the AGR as the primary basis for their 100 Most Trustworthy Companies List for the past three years.

If you are interested in improving your AGR rating or simply want to learn more about better corporate governance, visit


Get every new post delivered to your Inbox.

Join 46 other followers