Home > Articles > Software Development & Management

  • Print
  • + Share This
This chapter is from the book

New Risk Management Paradigm

In thinking about a shifting paradigm for risk management, the recipe for boiling a frog is instructive. If you drop a frog into a pan of boiling water, it will jump out. But if you put the frog in a pan of cold water and gradually raise the temperature, the frog will stay in until the water boils, not realizing that its paradigm is shifting. In a similar fashion, the risk management paradigm has been shifting gradually for some organizations. Some of them may not have recognized the paradigm shift and the advantages of the new perspective on risk management.

Traditionally, most organizations have viewed risk management as a specialized and isolated activity: the management of insurance or foreign exchange risks, for instance. The new approach has its basis in keeping managers and employees at all levels sensitized to and concerned about risk management. Table 1.1 identifies three key aspects of this shift to an organization-wide perspective for risk management.

As noted in table 1.1, the risk management perspective for some organizations is shifting from a fragmented, ad hoc, narrow approach to an integrated, continuous, and broadly

Table 1.1 Key Features of the New Risk Management Paradigm is whether senior management will make the shift consciously now or make it after the water heats up and a debacle occurs.

Old Paradigm

New Paradigm

Fragmented—department/function manage risk independently; accounting, treasurer, internal audit primarily concerned

Integrated—risk management coordinated with senior-level oversight; everyone in the organization views risk management as part of his or her job

Ad hoc—risk management done whenever managers believe need exists to do it

Continuous—risk management process is ongoing

Narrowly focused—primarily insurable risk and financial risks

Broadly focused—all business risks and opportunities considered

Source: Economist Intelligence Unit, Managing Business Risks, 10. A similar analysis is presented in DeLoach, Enterprise-Wide Risk Management, 15–16.


This new perspective on risk management is sometimes referred to as integrated, strategic, business, or enterprise-wide risk management, and we use these terms interchangeably. The term "risk" includes any event or action that "will adversely affect an organization's ability to achieve its business objectives and execute its strategies successfully."10 The scope of risk covers all risks, internal and external, that may prevent an organization from achieving its objectives. Adding the word management to integrated, business, or enterprise-wide risk implies a "structured and disciplined approach" that "aligns strategy, processes, people, technology and knowledge with the purpose of evaluating and managing the uncertainties the enterprise faces as it creates value."11 Hence, the goal of an enterprise-wide risk management initiative is to create, protect, and enhance shareholder value by managing the uncertainties that could either negatively or positively influence achievement of the organization's objectives.

  • + Share This
  • 🔖 Save To Your Account