The COSO Framework for Internal Control
February 12, 2025
In the previous articles, we discussed how decision making in these times is fraught with risk, uncertainty, and ambiguity. In this article, we examine a key dilemma facing managers in these times when economic conditions are gloomy. For starters, managers face the unenviable task of returning high profits in a time of inflationary pressures. This […]
Scarcity and Abundance We often hear the terms scarcity and abundance mindsets of employees and employers in addition to leaders. These terms are used to refer to the mindset of the individuals who think in constrained or scarcity mindsets as opposed to those who think in terms of abundance. Indeed, even in our daily lives, […]
In recent months, there have been several instances of women across the economic and social groups coming forward with complaints and retelling of the cases of sexual harassment and gender discrimination against authority figures. For instance, Harvey Weinstein, the Hollywood Director and Scriptwriter have found himself in the center of a raging storm where several […]
Etiquette helps individuals behave in a socially responsible way. In simpler words, etiquette transforms a man into a gentle man. Remember employees need to behave sensibly and appropriately to make their position secure at the workplace. No organization likes to have someone who lacks etiquette. Respect the place where you earn a living for yourself. […]
Communication is said to be the basis of every interpersonal relationship. Infact effective communication is the key to a healthy and long lasting relationship. If individuals do not communicate with each other effectively, problems are bound to come. Communication plays a pivotal role in reducing misunderstandings and eventually strengthens the bond among individuals. A relationship […]
The field of risk management has undergone a sea of change in the past few decades. At one point in time, risk management decisions were based on individual expertise and gut feeling. However, now the decisions are based on sophisticated mathematical models.
From relying on human intuition to moving on to embrace artificial intelligence, the field has come a long way. A lot of money has been lost and lessons have been learned in this journey. Some of the most important mistakes have been jotted down in this article in order to help future generations of risk managers to avoid making the same mistakes.
In the earlier days of risk management, many organizations built governance structures only because the regulatory bodies mandated that such a structure is in place. However, over time, organizations realized that good governance is not for the benefit of the regulator. Instead, it is the backbone of a well-managed risk program. This is the reason that companies spend a lot of money and other resources to ensure that motivated, trained and competent people head the risk governance team. This is because the attitude and skills of the leader are mirrored in the rest of the organization. The board of directors is also often involved in the workings of the risk governance committee.
Over the years, the field of risk management has become highly sophisticated and hence the advanced mathematical models tend to take all the limelight. In the pursuit of the next advanced model with more advanced features, companies often forget that risk management is a lot about communication.
All the information about risk is not generated in a single department. Instead, the information appears sporadically in a scattered manner across various departments in the organization. Hence, the risk management department has a very important job of collating this information in a timely manner and then providing it to the relevant stakeholders at the right time. Hence, risk management professionals must make sure that they don’t get lost in a sea of numbers and must remember that communication is key in the long run.
Just like individuals have a risk appetite, firms also have a risk appetite. This risk does not and should not change on a day-to-day basis. It should also not change depending upon the person who is managing the risks at the current moment.
The risk management policy of the company has to be consistent. The risk-taking should not be too less. This is because many times avoiding too many risks and playing it too safe means that the company has to let go of many opportunities. On the other hand, taking on too many risks can also be detrimental to the firm.
The inability to measure risks and to ensure that the risks remain within the bounds of a certain lower and upper threshold can prove to be a huge mistake for any organization.
Risk management teams tend to be versatile in nature. This means that the same people may often need to play different roles. However, if the roles and responsibilities of the different team members are not clear, there could be an overlap or some responsibilities could even be missed out. It is therefore important to ensure that at any point in time, all the members of the risk management team are aware of their stakeholders and their responsibilities. It would be better if measurable goals are provided to the team members since this increases clarity.
Pretty much every risk management process makes it mandatory for the users to collect data about the risk. However, in most cases, this is done during the beginning of a project. Over time, the risk profile may change.
If the risk management department of the organization does not make an effort to stay current on the various risks that the system poses, they may not be able to predict and mitigate the risks. The risk management department must always assume that the risks are dynamic in nature and hence they must be monitored at regular intervals of time.
A large part of risk management focuses on past data. However, it is important for organizations to realize that the past data is only for one part of the analysis.
With advances in technology and changes in the external environment, the risks which materialize in the future may be very different from the past. Hence, building models which rely heavily on past data is one of the common mistakes made by the risk management department.
Risk management can be quite stressful. This is because when the risks actually materialize, the speed of losses being triggered can make anyone nervous. Hence, it is likely that managers may take emotional decisions irrespective of the sophisticated models that they use.
Companies that do not prepare their employees emotionally for the ups and downs which a career in risk management brings may be setting them up for failure.
The bottom line is that even though risk management has become very mathematical and statistical in nature, it is still somewhat of an enigma. Organizations have been trying to figure out the mistakes that can be avoided in order to increase their probability of success.
Your email address will not be published. Required fields are marked *