How can we apply democratic principles to risk management?
Wednesday, March 22, 2017
Former British Prime Minister Winston Churchill seemed to have a problem with democracy. He famously said, "Democracy is the worst form of government, except for all those other forms that have been tried." Greek philosopher Plato agreed, putting democracy near the bottom of his list of five types of government (aristocracy, timocracy, oligarchy, democracy and tyranny).
Most people agree that democracy is a good thing, but does it relate to our professional lives? More specifically, is it possible to develop a democratic approach to enterprise risk management (ERM)?
One key characteristic of democratic systems is decentralization. This has been evident in government structures and policies since the 19th century, and it has also influenced the business world as a strategy for developing organizations and procedures.
Is the same true of ERM? Many people view ERM as a centralizing function in an organization, enforcing a single "right way" to do risk management, and collecting and combining risk information to present to senior leaders in support of their overall management of the business.
What would "Democratic ERM" look like? We should expect it to be characterized by decentralization, in the following ways:
ERM usually involves a central risk department with responsibility for overseeing risk management across the organization, perhaps with a chief risk officer in command. But this centralized approach can lead to nonrealistic outputs if the ERM function becomes detached from the rest of the organisation.
Instead, everyone across the whole organization should have responsibility for managing risk in their areas of responsibility. Risk practitioners should also be in place throughout the organization to provide support and guidance to project, operational and functional teams.
This more decentralized approach to managing risk is a feature of Democratic ERM, and it will ensure that risk is managed at the right level, closest to where it affects the organization.
Risk is defined in relation to objectives. Decentralization leads to the top-down development of a coherent hierarchy of objectives at multiple levels throughout the business, with lower-level objectives aligned to the strategic objectives of the overall organization. It is then possible to manage risk at each level, linking risks to the objectives at that level.
Democratic ERM coordinates the various levels of risk management, ensuring that common standards are applied, escalating risks as required. An ERM approach that only considers strategic objectives is more like dictatorship than democracy.
It is appropriate for overall risk policies and standards to be set at ERM level, to be followed by the whole organization. But Democratic ERM allows lower levels of organization the freedom to develop their own specific risk procedures, with flexibility to tailor the risk approach within the overall minimum requirements set by ERM.
Risk management is not "one size fits all."
The same is true for the risk infrastructure across the organization. Effective risk management does not require a single risk tool to be used for all purposes, although it might be efficient in some circumstances.
Democratic ERM allows different risk tools to be used for different purposes, as long as they are used consistently and properly integrated.
Centralization is not an inevitable feature of ERM. A decentralized approach can be much more effective. To promote Democratic ERM within the organization, the ERM function should:
- Coordinate, support and encourage the efforts of others who are taking responsibility to manage risk at their own level in the business
- Ensure that all identified risks relate to specific objectives that are aligned with overall strategic objectives
- Set minimum standards for risk procedures, and allow the risk approach to be tailored to meet the specific needs of different parts of the organization
- Provide consistency in risk information by managing interfaces across risk tools
If Churchill or Plato knew about Democratic ERM, they might have had something positive to say about it.
- 10 negative employee behaviors that undermine success
- 101 bad business buzzwords — and why you should avoid them
- US vs. Europe: Comparing different approaches to renewable energy
- Can solar energy compete with fossil fuels?
- 7 key elements of an effective new employee orientation program
- Selling your business? What tenants need to know about their lease
- 3 secrets to successful leadership
- Step aside, millennials — Here comes Generation Z
- How does BCRA impact jobs in healthcare?
- Possible link between marijuana use in young people and schizophrenia
- Take the time to close the communication loop
- Study: Patients with cirrhosis at increased risk of stroke
- Report highlights ways to improve cybersecurity in healthcare
See your work in future editions
Your content, Your Expertise,
Your Industry Needs YOUR Expert Voice & We've got the platform you needFind Out How