Desktop version

Home arrow Management


Being in business, however, is about taking risks. Examples include expanding new product lines, investing in research and development, looking for mergers and acquisitions, and exploring geographical expansion. Organizations undertake these and other activities to grow the business. All involve taking risks. None are guaranteed successes. Managing the threats associated with taking risk is required (traditional risk management), but so should identifying and assessing the upside gain of the opportunities associated with taking those risks (speculative risk management). Measuring both the downside and the upside of risk taking in terms of a metric that is meaningful to the organization, such as earnings per share for a publicly traded company, provides a context that can be utilized to determine the type and amount of the resources needed to support the favorable outcomes as projected by the strategic planners and executive management. An additional benefit is that, by analyzing the range of possible outcomes against what was actually achieved, executive management may also gain insights into individual operational performance capabilities.

Identifying and assessing both risks and opportunities simultaneously might seem obvious, but it is atypical – at least in the first decade of the twenty-first century. One reason is that the two most widely utilized tools and techniques currently employed during the ERM risk identification and assessment process are a risk register and a risk heat map. They received their monikers for a reason. The focus of both is the perceived threats to an organization. There is no consideration of the value that could be created by taking on risks.

Academics have now spent many years researching the benefits of risk registers and risk maps.[1] While it is undeniable that risk registers and risk maps do have value, our research and analysis conclude the following:

• If the organizational goal is to respond only to known, identified risks, and the ERM process is viewed as an extension of audit and compliance, then risk registers and traditional risk maps can be useful.

• If the organizational goal is to respond to known threats (risks) and opportunities, and also to gain risk intelligence about emerging risks on the horizon, a traditional risk register and risk map fall short. This is because they fail to show both the upside of risk and the relationships between events and volatility.

• If the organizational goal is to grow the business and create value for stakeholders, a traditional risk map is useless. Again, this is because risk maps fail to enable executives to see the upside of taking risks and relationships between risks, and fail to show trends.

• A new tool is required to measure both risks and opportunities – which we call a "value map."[2]

  • [1] Examples of the benefits of risk registers and risk maps include wp-content / uploads/2012/09/ Risk_register_September2012 .pd f,™q=TMesrc=sTMsource=web™cd=7™ved=0CFUQ,Cri tical_Control_Risk_Registers.doc™ei=zCemUvrvG6Xr2QXEhoFI™usg=AFQjCNFWX ZqE8_kS9HA9aK9NZQskOEkpOQ™bvm=bv.57752919,d.b2I, and blog
  • [2] John Bugalla and Dr. James Kallman, "How to Map Your Risks,", February 2013.
< Prev   CONTENTS   Next >

Related topics