Why risk failures occur and how to prevent them: did Toyota and BP lack the resources to minimize recent hits to their reputations? Certainly not. But successful risk mitigation often requires something more than conventional tools: a next-generation solution.

• Author: Bojan, William S., Jr.
• Position: RISK MANAGEMENT

Most risk management failures aren't the result of a lack of available risk management models, approaches, methodologies, process or tools. In many cases, it's not about spending more. Significant investments have been made by many organizations as part of their conventional risk management foundation, including infrastructure, risk identification, assessment, management, monitoring and reporting.

Yet conventional approaches to risk management are no match for the complexities of today's marketplace. That foundation is insufficient to produce appropriate protection and value for the organization in the area of risk management.

Most failures are rooted in the lack of robust execution--weaknesses in coordination (overlooking key risks and their interdependencies), collaboration (untapped value creation and connection with key management processes) and integration (deficient linkage among monitoring disciplines and a bridge for board risk oversight). The solution to preventing and reducing these failures is to improve the execution, including linkage to the organization's corporate governance. The roles of "execution" and "integration" cannot be overemphasized.

Financial executives need an effective roadmap to better risk management execution, the "how-to" that is so often missing in the dialogue about risk management. The next generation of risk management must integrate the key dimensions of coordination, collaboration and integration with the organization's business processes, and help it achieve improved corporate governance as well.

Next-generation corporate governance can be viewed as the new standard necessary to restore trust in an increasingly challenging and complex environment.

Appropriate Role of Risk Management

In a healthy organization, a triad exists in the form of checks and balances among senior management, the board of directors and risk management. This triad is analogous to the three branches of the United States government: The board of directors, as the legislative branch, establishes and oversees compliance with the rules regarding the organization's corporate governance.

Senior management is the executive branch, carrying out those rules, while risk management, as the judicial branch, monitors and reports on the appropriate execution of the rules.

When the power within the triad is balanced, the checks and balances function is in a healthy position and risk can be managed appropriately. When the role of risk management is diminished within the triad, the organization's sustainability is jeopardized because the process for speaking the truth about risks to the organization's health has been stifled.

This can lead to the types of problems that have surfaced with American International Group Inc., Toyota Motor Co. and British Petroleum Inc., among others. There is significant value that risk management--as monitor and reporter--can provide an organization.

An organization will realize an enhanced return on its...