Lessons Learned from “Personal” Risk Management

Published: September 24, 2008 | (2) Comments

By: Christopher Daugherty

Many of you reading this have purchased large ticket items like a home, condo, car, etc.  These purchases are somewhat calculated expenditures and typically a large investment of your disposable income.  If you are like me, these decisions are made after weighing alternatives while trying to predict future risks.  You undoubtedly ask yourself questions like:

• Will the home or condo appreciate and if so, at what rate? 
• What is the maintenance cost of the dwelling? 
• What repairs are needed and expected outlays? 
• Will the car hold its value, what is the anticipated maintenance, what is the automakers history for this model, etc…? 

The truth is, there are many more questions affecting these decisions than we could include here. 

This process is what I call “personal risk management.”  All of us have done it and will continue to do so.  Why is it, then, many companies have ignored following similar principles with the on-going health of the business?  This is a debate with many different answers so I ask you to select the best answer for your employer:

a) Have not ignored as this keeps me awake at night!

b) Please restate the problem, I cannot hear well with my head buried in the sand.

c) We passed our SOX audit so we checked this off the list!

d) We are informed of the challenge but we have a business to run and profits to make

e) Is this what internal audit and risk management has been telling us?

I believe the concept of risk management is making a comeback; however, for many of us it never left.  In the internal audit and risk management areas, it seems the past 5 years have been focused solely on becoming compliant with any number of state, federal, and international regulations.  This is not comprehensive risk management, although compliance management is part of an overall risk management strategy.  The regulations remain intact and are actually growing in number and scope with each passing day so we must learn to efficiently meet these requirements.  I continue to observe companies becoming more efficient in addressing compliance management allowing more time to devote to other endeavors such as business risk management.

I also see organizations, both businesses and professional service firms, improving overall effectiveness by leveraging the information gained as part of their compliance initiatives.  Companies are beginning to document processes beyond those of financial reporting and credit card processing to completely understand the business and flow of information.  This can lead to more comprehensive documenting of the processes, procedures, and ultimately the controls in place derived from these areas to map to business risks along with relevant compliance requirements.

In the end, we can all learn from this by following the risk management principles practiced in our daily lives in our professional lives.  Several compliance regulations are requiring companies to do just that by implementing a top down, risk-based approach when looking at business practices.  This approach is not only good for compliance efforts; it is good for the business by potentially reducing time, energy, and conversely audit fees.  This is a win-win for all parties involved.

Tags: best practices, compliance management, comprehensive risk management, regulations, Risk Management

Leave a Comment