Printer Friendly
The Free Library
14,504,670 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

The top ten mistakes in risk management.


1. Assuming "It won't happen to me!" Within every business practice, there is an element of risk, and ignoring this fact is an invitation for catastrophe. Right now, your company is vulnerable in some way. Hoping that the exposure won't eventually result in dire consequences is a gamble. Wake up and take the first step: undergo a comprehensive risk assessment by independent experts.

2. Failing to understand the consequences and long-term business impact of risk. Fifty percent of all businesses that suffer a catastrophe close within a year. If this were more widely understood, you could bet that companies would be better prepared. Unfortunately, due to either naivete na·ive·té or na·ïve·té  
n.
1. The state or quality of being inexperienced or unsophisticated, especially in being artless, credulous, or uncritical.

2. An artless, credulous, or uncritical statement or act.  or bravado bra·va·do  
n. pl. bra·va·dos or bra·va·does
1.
a. Defiant or swaggering behavior: strove to prevent our courage from turning into bravado.

b. , too many businesses believe they will be able to weather a storm. For half of them, this is fatal assumption.

3. Believing that "risk management" simply means "buying insurance." Insurance policies are a component of what you need to protect your company, but it doesn't stop there. There are a host of tools and services you need to manage risk--from disaster recovery plans, to anti-virus software anti-virus software nAntivirensoftware f , intrusion detection See IDS and IPS.  and firewall technologies, etc.

4. Employing external providers whose impartiality is impaired. Asking your insurance agent to assess your risks and then sell you products and insurance policies to mitigate those risks creates a conflict of interest. How can someone be impartial if they are paid as a result of sales of products and policies, rather than by what you save? The best advice comes from independent sources, not tied to product suppliers, who are paid to make sure your risks are mitigated at the lowest possible cost.

5. Not understanding the overall costs of risk, or how to reduce these costs. Right now, you may be spending 35 percent more than necessary on risk management. If you lack a clear overview of all the products and services you are using company-wide, then you are most likely duplicating efforts. Or, even if you have centralized control 1. In air defense, the control mode whereby a higher echelon makes direct target assignments to fire units. 2. In joint air operations, placing within one commander the responsibility and authority for planning, directing, and coordinating a military operation or group/category of , you may be paying unnecessarily exorbitant costs for a customized risk management information system (RMIS RMIS Risk Management Information System
RMIS Resource Management Information System
RMIS Restoration Management Information System
RMIS Raw Materials Information System
RMIS Record Management Information System
RMIS Reprographics Management Information System ).

6. Allowing risk to be assessed and managed by the resources that create the risk. Was your information technology security policy created by your own technology staff? Lack of external oversight leaves open the possibility for internal attacks on your network and intellectual property. This is just one of several ways that managing risks at the source can increase your vulnerabilities.

7. Not managing risk as a focused and centralized cen·tral·ize  
v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es

v.tr.
1. To draw into or toward a center; consolidate.

2.  discipline. Your systems administrator undoubtedly performs a series of actions to ensure the integrity of your network, protecting you from viruses, hackers and crashes. While these measures may be effective, each can function properly in only a secure environment. This requires application of solutions and policies outside your system administrator's core competencies A core competency is something that a firm can do well and that meets the following three conditions specified by Hamel and Prahalad (1990):
  1. It provides customer benefits
  2. It is hard for competitors to imitate
  3. It can be leveraged widely to many products and markets.
 or control. Your systems administrator's actions are useless if you lack comprehensive internal security policies, detailed disaster recovery and business continuity planning Business Continuity Planning (BCP) is an interdisciplinary peer mentoring methodology used to create and validate a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical function(s) within a predetermined , and ultimately the employment of effective risk transfer and insurance mechanisms.

8. Failing to maintain continuous and measurable risk management initiatives. You might have a disaster recovery plan on file, but it's likely that the last time anyone updated it was two years ago. Risks are always evolving; new vulnerabilities emerge every day. Risk management is not something you do once and then forget about. You need updated, real-time overviews of your risk-mitigation activities in a format that doesn't bog you down.

9. Ineffectively prioritizing and inefficiently allocating resources to deal with risk. Once you have completed your risk assessment, you are faced with the often-paralyzing task of figuring out what to do next. Which problem demands the most attention and money? There are hierarchies of risk, and a good risk manager can help you systematically tackle the most pressing needs first.

10. Not properly preparing and educating your employees for emergencies. A tool is only as effective as the person using it. If your employees are not properly trained to implement your contingency plans A plan involving suitable backups, immediate actions and longer term measures for responding to computer emergencies such as attacks or accidental disasters. Contingency plans are part of business resumption planning.  and security policies, your risk management efforts will be wasted. When you are busy, it may seem impossible to allocate time to educate your staff on what to do when the server crashes, the phones go down or the office floods. But, when disaster strikes, you will be relieved you did.

Peter C. Teuten is the Chief Development Officer for Business Risk Management Solutions (BRMS BRMS Business Rule Management Systems
BRMS Backup and Recovery Media Service
BRMS Backup Recovery and Media Services ), an independent risk management services provider. BRMS is a division of The Keane Organization, which supplies compliance and risk management solutions to Fortune 1000 corporations, financial services The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page.  firms and mutual funds.
COPYRIGHT 2005 Financial Executives International
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Author:Teuten, Peter C.
Publication:Financial Executive
Geographic Code:1USA
Date:Sep 1, 2005
Words:754
Previous Article:C-suites gaining another member: increasingly, larger companies are naming a chief risk officer to oversee complex risk management strategies....
Next Article:CFOs positioned to drive BI integration: two major CFO challenges--improving performance management and improving access to information--can be...
Topics:



Related Articles
Learn from your marketing mistakes. (Marketing)
Who admits blunders? (Illustration)
Survey: executives rank fire, disruptions top threats.(Loss/Risk Management Notes)(Brief Article)
Tax tips and strategies: www.taxhawk.com.(General Interest Sites)
A winning verdict: avoid demolition estimating mistakes to win cases in the court of profits and losses.(Demolition Estimating)
Art of Project management.(review)(Brief Article)(Book Review)
Executives: supply chain is greatest risk.(risk management)
Iraq: The Last Word.(on the right)(weapons of mass destruction )
Mistakes matter.(for Robert E. Mittelstaedt)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles