Microsoft rejected the approach of a risk management committee comprised of executives, believing it to be impractical since executives have heavy responsibilities and this focus on risk is an “extra” for them. In its place Microsoft instituted the Risk Management Group, composed of experts in risk management, who serve as a source of risk experts and evangelists. They constantly collect data from sources external to the company as well as analyze data collected within the company. They teach people how to use tools for informed decision-making about risk. People in the Microsoft Risk Management Group provide face-to-face time with leaders and teams to support and encourage effective risk management.
All five companies have demonstrated risk management maturity to stage 4, but what of stage 5, where uncertainty is not only a source of risk, but also a source of opportunity to save money or time and have better than expected outcomes? Each company has been able to move in this direction to varying degrees through the paradigm of integrated risk management. No longer are risks managed within functions or silos, but across the entire enterprise in one consolidated view. Enterprise risk management means that risk management is done by different areas across the business using the same framework. Each unit is not doing its own version of risk management. Under the framework, risk management is structured and consistent across units. A common risk language and common risk management framework across the organization allow for value creation.
Having comparable risk data from all units allows for common metrics and the availability of data which can be synthesized for improved decision-making and improvements in the way the company does business and seizes opportunities. One example is the risk map used by Microsoft and Unocal. Management can see all the risks facing the company across all areas and see where they haven’t adequately managed a risk or allocated enough resources to risky areas. United Grain’s integrated view of risks has allowed them to see where they could save money and transfer risk.
Risk management is a uniquely human capacity and is one of the defining characteristics of our modern business and personal lives. “The future is with those farsighted managers who take risk management to higher levels – who adopt an enterprise-wide approach. These managers will benefit from a full awareness of their key business risks and the satisfaction of knowing plans are in place for managing those risks in a coordinated, sophisticated way.” [1]
[1] Barton, T., Shenkir, W., Walker, P. Making Enterprise Risk Management Pay Off: How Leading Companies Implement Risk Management .New Jersey: Financial Times/ Prentice Hall PTR, 2002: 224.