Home > Blogs > Risk Management - What Is The Real Score In The Management Of Risks

Risk Management - What Is The Real Score In The Management Of Risks

By  Feb 7, 2009

Topics: Business & Management

Most companies have the wrong notion about the true meaning of Risk Management. Unknown to many company executives, risk management addresses not only issues at the tactical or operational levels but also the more important strategic viewpoints.

I have setup Risk Management programs and structures in some large credit card companies and some Fortune 100 companies, which includes a formal course. In the process of doing so, I am getting a lot of questions from clients to resolved their own local issues and clarify their concepts and ideas.

I was asked quite a few times whether there is an existing certification for Risk Management. No, there is currently no certification specifically for this. The industry is really just figuring out if it is needed and I find that a majority have no real idea how to do this.

Another question I am getting is how should the training for risk management be conducted? To be honest, you can't do the training well without tackling the management issues at the strategic and tactical levels. It is just a waste of time just training either the operational level by itself or even just the tactical level by itself. It is the strategic level that have to make decisions based on risk - business, financial, and security. The key element is to get a security governance piece up in place so that useful risk elements can be identified and then used in informed decisions by the upper levels of management.

It is really unfortunate that we even call this Risk Management because most companies have the narrow view that this term only means BUSINESS Risk Management and they think they have it covered. When I tell companies that they need a Risk Management program in place, I commonly hear that they have one – don’t need it – and don’t want me to try and ‘sell’ them something they already have. There is a learning curve I always have to deal with when working with organizations on the difference between their current business and financial risk management structure and security governance. They need to be incredibly linked – but it takes a while to get people properly educated and to get the actual processes in place to make it actually useful to an organization

The time and cost is something we would have to discuss, because I don’t believe just a regular class really does the trick here. I CAN do just the training and that might open the eyes that a bit more is needed just because most people in any organization do not fully understand how to IMPLEMENT Risk Management.