Enterprise Compliance Today

Risk 2018 and the missed opportunities of 2017

Posted by Greg Carroll on Wed, Jan 17, 2018 @ 08:35 PM

In my 2013 book "Mastering 21st Century Enterprise Risk Management" I quipped “just as the Wild West of the 1890's had disappeared without trace by the Roaring 1920s, so too will the business world of the 1990s, be long forgotten by the 2020s”.  Just 5 years on and not only has the world changed emphatically but the rate of change is accelerating.



Both COSO ERM & ISO 31000 revisions fail to meet needs of 2020s. In the innovator’s mindset risk is opportunity and interactive not a record.

Have a look at how FastTrack can help you achieve a truly proactive ERMERM

From driverless cars and drones delivering pizzas, to blockchain destroying utility oligarchies, the 2020's will not be recognizable to a Rip Van Winkle from the 1990s. Even with my exposure as the Technical Director at the leading end of the IT industry, I am continually astounded, not by the rate of innovation within the industry, to which I have become accustomed, but by its zealous pursuit of imagining the possible. This will change to world as we know it.  Not sometime in future but within the current business planning cycle.

To quote Stephen Hawking, “Intelligence is the ability to adapt to change”. As such, it’s time senior management stepped up to the plate and prove they’re deserving of their inflated pay packets by harnessing and utilizing the almost bewildering array of innovation and technology at their fingertips today. 

As covered in “Misunderstanding Innovation”, innovation is not invention but the application of invention as a practically solution to real world issues. Unfortunately, the cloistered world in which inventors live isolates them from the real world which in the past has acted as a barrier to innovation. 

Enter the era of Gen-Y and Millennials. Unencumbered by social norms, their enthusiastic pursuit of the possible has become the driving force of innovation and what today we call “disruption” i.e. their lack of acceptance of what is and a mindset of “different is better” leads to a perpetual quest for the use of the “new”.  Existing management need to take note and adapt if they don’t want to be run over by this train.

Management has to come to grips with the concept that innovation is not an activity or function but a mindset. Innovative thinkers don’t think about innovation but instead look at every aspect the world with a view of betterment. Their biggest challenge is containing themselves. Look at Elon Musk. Apart from being the co-founder, CEO, and product architect of Tesla, he is also the founder, CEO, and CTO of SpaceX; co-chairman of OpenAI; and founder and CEO of Neuralink; co-founder and former chairman of SolarCity, co-founder of Zip2, and founder of X.com, which merged with Confinity to become PayPal.

So where does risk fit in?  In the “innovator’s mindset” risk is opportunity.  When an Innovator identifies a risk their immediate reaction is that it is an opportunity for innovation, normally through the application of “new”, be it technology, business models, or changing the ground rules.  Think about this.  Instead of "implementing Controls” which is reactive, negative, defensive and costly, they are changing their world which is pro-active, disruptive, and value-adding. Pro-active and value-adding by definition requires interactive involvement.  That is 21st century Enterprise Risk Management.

2017 was to be a watershed for risk management with release of both COSO ERM and draft ISO 31000 revisions,  Sadly both failed to live up to expectations to meet the overwhelming needs of the brave new world we will face in 2020’s. Although there are references to supporting decision making and business functionality (the true purpose of risk management), they are still firmly focused on risk recording.  Again to paraphrase myself, all they managed was to enable you to be “the best wagon builder in the Wild West, not Henry Ford in 1920s?  Both are still anchored in the last century’s risk management concepts of the reactive prevention of risk.  And like most anchors they weigh you down. 

The so-called “disruption” everyone is talking about is not a phase but a paradigm shift in how business operates that has already happened.  The Health & Safety approach to risk management that still dogs business is obsolete and needs to be ditched.  Controls, the risk matrix, heat maps, and risk registers are all failed tools to which you are wed. Before you explode about my "dissiing" of Risk Controls, like remedial action in CAPA, they are a necessary but minor component in the process but certainly should not be considered management tools. 

So what is your future? Are you just marching time until your profession goes the way of computer operators, newspapers, or taxi drivers. You will be happy to know that if you change your mindset your powers of observation, analytic thinking and ability to enable change, are the skills and tools that can empower risk management in the 2020’s (see Why most ERM systems don't work).

What should a 21st Century ERM look like then?  That I will cover in my next article.


Related articles you may be interested in:


ERMRisk Management Data Sheet
How Fast Track provides truly proactive ERM


FastTrack 3min ERM Demo
Shows FastTrack's Enterprise Risk management (ERM) software delivers a comprehensive real time ISO 31000 solution for large enterprises.

hero-productguide-180x172.pngFastTrack Product Guide
Technical specifications, pricing, and more.

Tags: corporate governance, risk management, decision making, Innovation