No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

3 Things Large Corporations Can Learn from SMEs

by Alex Sidorenko
December 12, 2016
in Risk
improving risk management

Back in October, I was very fortunate to host one of the roundtables during the FERMA risk seminar in Malta. I am very thankful for the opportunity because the experience of brainstorming for 45 minutes with the representatives from various small and medium enterprises (SMEs) really highlighted some major problems with modern-day risk management and risk managers.

Here are three things I think all of us could learn from managing risk at SMEs:

1. SMEs simply can’t afford to waste time or other resources on an activity that does not generate direct value.

For SMEs, time is short, management teams are small, margins are limited and, as a result, management is very pragmatic about any new, sexy activities and initiatives. Risk management is no different. It has been around for years, yet few SMEs have properly adopted it. Something’s not right…

So can risk management make companies money? Of course it can. Do modern-day risk managers in nonfinancial companies in fact make money for their companies? Very few. Most of the modern-day approaches used by the risk managers are so academic and superficial that management has a tough job buying it.

I think it’s about time we had an honest look at some of the activities risk managers do:

  • Do risk assessments really change the way business processes work, change the manufacturing process, change the way products are sold?
  • Do risk managers bring something of value to the table when any important business decision is made?
  • Do risk assessments change the way executives make decisions and is risk analysis available on time to support every significant decision? Do they? Really?
  • Are risk registers looked at by the CEO before making an important decision?
  • Do risk owners check their risk mitigation actions regularly?
  • Do risk appetite statements in nonfinancial companies change the way company operates and the way decisions are made?
  • Do employees regularly read the risk management framework document?
  • Do managers call the risk manager before making a decision when faced with uncertainty?

I suspect the answer to most of those questions is “not quite.” This could mean one of two things: either the risk manager is not doing his job properly or he is properly doing a completely wrong thing. My bet is on the second. There is simply a better way than risk profiles, risk registers, risk frameworks, risk owners and so on. 

2. SMEs don’t do risk management to mitigate risks, they do it to make better decisions.

This I found most bizarre: we seem to have created a myth that risk management is about managing risks. Not so. Risk management is not an objective in itself. It’s just another tool to help managers make better decisions and achieve objectives. This is a big difference between SMEs and large corporations.

SMEs do risk analysis when a decision needs to be made, using whatever risk analysis methodology is appropriate for that particular type of decision. Large corporations do risk management when it’s time to do risk management, be it annually, quarterly or at some other regular interval. Unless your methodologies, approaches and tools allow risks to be analyzed at any moment during the day, when an important decision is being made or at every milestone within the core business processes, you are probably doing something wrong.

If there is one thing I’ve learned over the years, it’s that no one in the company – and I mean NO ONE – except the risk manager cares about risks. Well, maybe some soon-to-retire audit committee member as well, but most of them wouldn’t have the courage to deal with the real risks if you showed it to them. The rest of the company cares about making money, meeting objectives with the least amount of effort and getting nice bonuses as a result. You can assign risk ownership to them as much as you like, no one cares.

SMEs learned it the hard way: unless an activity directly contributes to achieving objectives, it’s not going to be done. Risk management is no different. I find it ridiculous when risk managers talk about high risks and the need to mitigate them when instead they could be saying things like “the probability of meeting this objective is 10 percent unless we change things,” “there is an 85 percent chance your business unit will not get bonuses this year based on our risk analysis” and so on.

3. Anyone can be a risk manager, but it’s not natural.

Despite what we, within the risk management community, have been telling each other for years, managers are not really managing risks every day. Thinking about risks is not natural for humans. The way system 1 and system 2 thinking operate in our brain make it literally impossible to see most of the risks associated with making decisions, let alone analyze or manage them. Since the 1970s, many scientists, including two Nobel prize winners, Kahnemann and Tversky, have discovered over 200 cognitive biases that prevent managers from seeing, understanding and dealing with risks.

This basically means risk surveys, most risk workshops and any kind of qualitative risk assessments are very unlikely to produce truthful results. But then what should risk managers use? There are plenty of alternatives, and much better ones.

So how was the rest of the FERMA seminar?

My feedback to the organizers stays the same as my last post on the FERMA forum in Venice last year. In short, it’s impossible to grow if the people you talk to at conferences are people just like you: risk and insurance professionals. Someone needs to play devil’s advocate. It would be good to hear from a CFO who says he doesn’t care about any of the work risk managers do and budgets based on his own methodology with no input from the risk manager. But then again, Europe is probably way too politically correct for that.


Previous Post

Understanding Reputation Risk: The Qualitative and Quantitative Imperative

Next Post

GDPR is About to Make Everyone a European

Alex Sidorenko

Alex Sidorenko

Alex Sidorenko is a risk expert with over 15 years of private equity, sovereign wealth fund risk management experience across Australia, Russia, Poland and Kazakhstan. In 2014, Alex was named the Risk Manager of the Year by the Russian Risk Management Association. As a VP at the Institute for Strategic Risk Analysis in Decision Making, Alex is responsible for risk management consulting, training and certification across Russia and CIS. Alex is the co-author of the global PwC risk management methodology, the author of the risk management guidelines for SME (Russian standardization organization), risk management textbook (Russian Ministry of Finance), risk management guide (Australian Stock Exchange) and the award-winning training course on risk management (Best Risk Education Program 2013, 2014 and 2015).

Related Posts

Phaxis 100 dollars

AML & KYC: Addressing Key Challenges for 2023 and Beyond

by Alex Roberto
March 16, 2023

(Sponsored) In today’s world, financial criminals are often a step ahead of regulators and financial institutions who struggle to effectively...

audit

IIA Survey: Technology Issues Widening Risk Landscape

by Staff and Wire Reports
March 15, 2023

The past year has seen internal audit staffing and budgets continue their recovery to pre-pandemic levels as organizations contend with...

Paul Weiss Economic Sanctions and AML Developments 2022_f

Economic Sanctions and AML Developments

by Corporate Compliance Insights
March 15, 2023

Sanctions start high and stay high 2022 Year in Review Economic Sanctions and AML Developments What’s in this report from...

insider fraud threat

As Layoffs Continue, the Potential for Insider Fraud Is Growing. Are You Ready?

by Chris Gerda
March 15, 2023

From startups to big banks, the technology and financial services sector have already seen tens of thousands of layoffs in...

Next Post
changes to data protection regulation

GDPR is About to Make Everyone a European

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT