Risk Management Reports

Is it possible that we just talk to ourselves? Each year I attend four or five risk management conferences, primarily to keep up-to-date on current developments. The registrants at these sessions—practitioners, vendors and academics alike—are the “choir” of believers to whom the speakers preach. They listen for the nuances and interpretations of the “priests” and never doubt their faith. They then return to their organizations to practice their specialties, congratulating themselves on their progress. But is anyone else listening or converting to the faith? Have the precepts of risk management filtered into the thinking of others in the organization? Is risk management becoming part of the organizational culture?

To check on purported progress, I decided to attend a January conference on strategic planning in New York, sponsored by the Conference Board. I listened to the eleven speakers in three general and three repeated concurrent sessions to see if some of our discipline’s ideas have been adopted. The results were encouraging. Of the six sessions, three directly referred to risk issues and how best to resolve them. The opening plenary presentations dealt with global change and “uncertainty,” followed by a concurrent meeting that addressed “Managing Across Multiple Cultures,” bringing risk issues into play. The most explicit session was entitled “Managing Global Business Risk.” Its first speaker, Merli Baroudi, from the Risk Services Group of The Economist Intelligence Unit in London, described her firm’s continuing analysis of ten operational risk categories that it measures in countries globally: security, political stability, government effectiveness, legal/regulatory, macroeconomic, financial, foreign trade/payments, tax policy, labor market and infrastructure. She suggested “bureaucrats are a bigger threat to business than terrorists,” that trade risks are exaggerated and that Latin America is the “riskiest” region,all based on the EIU database. It was a thorough risk analysis using the tools of the discipline, even though seeing risk primarily in its downside potential. She was followed by Paul Podolsky, from Fleet Boston Financial, describing his firm’s approach to the “fundamental irrationalities of the system” and its techniques (hedging, etc.) for reducing uncertainty. He defined risk primarily as volatility but recognized that it encompassed both gains and losses.

Other speakers recommended a renewed focus on “generating value for customers” as the primary strategic goal for any organization, through a better understanding of how customers actually use a product or service. “Create a leap in customer value,” suggested Craig Naylor of DuPont: the “value proposition” is to improve first the customer’s profitability and functionality. Risk thinking was evident in many of these comments.

Several speakers commented on two new risk issues that will demand our attention in the coming decade. The first is the privacy of customer information collected by sellers. The new “Auto ID” radio chip planned for many products will speed checkouts, reduce inventory shrinkage and improve inventory controls, but will it also give producers personal buyer information that could be improperly used? Will the consumer have any right to its storage and use? How will it be protected from others? The second risk issue is the growing dependence of organizations on both internal information technology systems and the external Internet. What can impair these systems? How do we protect them? Are we resilient enough to continue operations without them? 

Is anyone listening? Based on this one conference, admittedly a small sample, I am encouraged that risk management ideas are being slowly absorbed into organizations.