In a recent speech Joshua Rosenberg, Executive Vice President and Chief Risk Officer of the Federal Reserve Bank of New York, highlighted misunderstandings that prevent organizations from getting the most out of risk management.
Speaking at the Central Bank of Nigeria’s Second National Risk Management Conference Mr. Rosenberg said:
- The first [misunderstanding] is that risk management is mainly a way to stop bad things from happening. Of course, risk management should help us reduce the frequency and size of negative events and then recover more quickly and effectively when negative events occur. But, risk management, in my view, should also help the right things happen by giving us tools to work more effectively. Innovation is an essential tool to manage risks, because not changing can be riskier than changing. For example, an incredibly powerful risk management activity is to transform a slow, manual process that often fails into a fast, efficient, automated process that can self-correct when there is a problem. Clearly, it is just as important to understand the risk of not doing something as it is to understand the risk of doing something. And, when we understand our risk appetite and our risks, we can comfortably conduct controlled experiments, learn faster, and innovate. We're no longer driving in the dark; we're getting where we want to go with headlights on, and we can stay inside the guardrails and not skid off the road.
- Second, risk management could be misunderstood as primarily the responsibility of risk management specialists. Actually, effective risk management is a way for everyone in an organization to help things go right. From the economic analysts to the cash processing operators to the software engineers, we can make better plans, decisions, and actions when we are prepared for change and have the capacity to adapt to surprises. So, most of the risk management that occurs in an organization will be done by people who don't have the word ‘risk’ in their job title.
- And third, risk management could be misinterpreted as an attempt to create a contingency plan for every possible thing that could go wrong. It is important to prepare by scanning the horizon, exploring the range of possible futures, and understanding how those futures could help or impair desired outcomes. We do want to invest in effective responses to key scenarios. However, no organization has the resources to prepare for all possibilities. And, no matter how creative we are, we still can't imagine every one of them anyway. As it is said, "Things that have never happened before happen all the time." So, effective risk management is more than planning. It is creating the capacity to adapt to and recover from unexpected shocks, which is what we often mean when we talk about resilience.
