Clowns Belong in a Circus, Not in Risk Management
Let us start by wishing that you and your loved ones are keeping safe in these challenging times.
Risk Management Fairy Tale
If there is one lesson that COVID-19 pandemic crisis has taught us, is that the charade of risk management practices and consultancies out there has been debunked and proven incompetent.
Risk management is not about pleasing your boss by filling colorful risk registers, so he can please his/her boss and tell him/her…”I implemented risk management in our organization”.. The proof is in the pudding, the real risk management is tested when an event occurs, then it will be too late to start reading what is in the colorful registers, if there was anything meaningful.
A functional risk management practice requires the following components
- An organization-wide embracement of the risk management culture;
- Empowered risk professionals who are competent and who can articulate risks in a comprehensible and practical manner;
- Stakeholders who can read, and have the ability to understand what is written and what action is required, and do it;
- Established accountability for every single person in an organization about managing risks;
- Integrate risk management in developing strategies and in every operational aspect within the organisation.
If one of the above is not fulfilled, you will end up with an overpaid bunch of form fillers. Well unfortunately now is no time to sugar coat our opinion.
Let us look at the latest NMC Healthcare scandal! A group of the top banking institutions regionally and globally, which are supposedly heavily regulated, with mature risk management practices, and highly paid risk managers, have had multi-billion US$ exposure lending to ailing NMC group.
Provided the risk management functions were effectively operating, it is incomprehensible how such an outcome could have happened. So the only conclusion is that they have not been effectively operating and these banks might as well add the compensation paid for these functions to the provision for loans loss.
Business Continuity Planning Debunked
Risk management is a center point in Business Continuity Planning (“BCP”), which we had the displeasure of learning that many professionals believe is an Information Technology related activity. No it is not.. a proper BCP would cover your physical assets, human capital and information systems including the Disaster Recovery Plan (“DRP”).
Now comes COVID-19 and even the priciest BCP’s prepared by leading consultancies proved to be lacking. So what went wrong? What are we trying to say?
We are trying to say that the exercise of developing BCP’s has been treated as a tick-the-box exercise for years, either to satisfy a government directive or to please some Board member or for some reason other than the conviction of the importance of having a functional BCP.
Accordingly, organizations opt to either go for international players to hide behind their brand, or attempt to cut cost by minimizing the scope so that the outcome they receive could probably be downloaded for free from the internet. We have been approached to conduct a BCP for an organization, and when we inquired about conducting simulations, the answer was that it is not required only a class-room awareness session would be enough. Enough said!.
What We Wish To See Post Crisis
Now all efforts are combining to counter this pandemic. We are all in this fight and while it is scary, history has taught us that there is always light at the end of the tunnel, so sooner or later this crisis will be over (preferably sooner). Once COVID-19 crisis is over, many more crises will be coming our way or for the next generation…So we hope that you this wake up call would change stakeholders’ attitude towards Risk Management and BCP as well as assurance functions like Audit. We wish that they will invest in the right caliber, empower them, establish accountability and be receptive to bad news.
It is human nature that we like to hear good, uplifting stories; however, over and over that human trait takes the better out of some stakeholders, where they entertain the uplifting stories, even if they are not true, while avoiding the ugly truth. That needs to change..before it is too late to change.
Are We Saying That We Are Better Than Others
We are saying that we live by our eight Values:
- Service Excellence
In the core of all is our integrity and commitment to quality. We work hard on developing solutions that are customized to our clients’ business. The better practices we promote are the practices best for each individual client.
So in a nutshell we are confident that we do not provide commercial services, we do care about what we do… But it takes two to tango.. Our clients should have the conviction of the importance of such services and together the sky is the limit.