Compiled by Anton Kobelev at www.inarm.org
Communication Breakdown
- CEO thinks that risk management is the CRO’s job;
- Not listening to your CRO – having him too low down the management chain;
- Hiring a CEO who “doesn’t want to hear bad news”;
- Not linking the Board tolerance for risk to the risk management practices of the company;
- Having the CRO report to the CFO instead of to the CEO or Board, i.e., not having a system of checks and balances in place regarding risk practices;
- The board not leading the risk management charge;
- Not communicating the risk management goals;
- Not driving the risk management culture down to the lower levels of the organization;
Ignorance is not Bliss
- Not doing your own risk evaluations;
- Not expecting the unexpected;
- Overreacting to risks that turn out to be harmless;
- Don’t shun the risk you understand, only to jump into a risk you don’t understand;
- Failure to pay attention to actual risk exposure in the context of risk appetite;
- Using outsider view of how much capital the firm should hold uncritically;
Cocksureness
- Believing your risk model;
- The opinion held by the majority is not always the right one;
- There can be several logical, but contradictive explanations for one sequence of events, and logical doesn’t mean true;
- We do not have perfect information about the future, or even the past and present;
- Don’t use old normal assumptions to model in the new normal;
- Arrogance of quantifying the unquantifiable;
- Not believing your risk model – waiting until you have enough evidence to prove the risk is real;
Not Seeing the Big Picture
- Making major changes without heavy involvement of Risk Management;
- Conflict of interest: not separating risk taking and risk management;
- Disconnection of strategy and risk management: Allocating capital blindly without understanding the risk-adjusted value creation;
- One of the biggest mistakes has to be thinking that you can understand the risks of an enterprise just by looking at the components of risk and “adding them up” – the complex interactions between factors are what lead to real enterprise risk;
- Looking at risk using one single measure;
- Measuring and reporting risks is the same as managing risks;
- Risk can always be measured;
Fixation on Structure
- Thinking that ERM is about meetings and org charts and capital models and reports;
- Think and don’t check boxes;
- Forgetting that we are here to protect the organization against risks;
- Don’t let an ERM process become a tick-box exercise;
- Not taking a whole company view of risk management;
Nearsightedness
- Failing to seize historic opportunities for reform, post crisis;
- Failure to optimize the corporate risk-return profile by turning risk into opportunity where appropriate;
- Don’t be a stop sign. Understand the risks AND REWARDS of a proposal before venturing an opinion;
- Talking about ERM but never executing on anything;
- Waiting until ratings agencies or regulatory requirements demand better ERM practices before doing anything;
- There is no obstacle so difficult that, with sufficient thought, cannot be turned into an opportunity;
- No opportunity so assured that, with insufficient thought, cannot be turned into a disaster;
- Do not confuse trauma with learning;
- Using a consistent discipline to search for opportunities where you are paid to accept risk in the context of the entire entity will move you toward an optimized position. Just as important is using that discipline to avoid “opportunities” where this is not the case.
- undertake positive NPV projects
- risk comes along with these projects and should be priced in the NPV equation
- the price of risk is the lesser of the external cost of disposal (e.g., hedging) or the cost of retention “in the context of the entire entity”;
- also hidden in these words is the need to look at the marginal impact on the entity of accepting the risk. Am I better off after this decision than I was before? A silo NPV may not give the same answer for all firms/individuals;
- What is important is the optimization journey, understanding it as a goal we will never achieve;
More Skin in the Game
- Misalign the incentives;
- Most people will act based on their financial incentives, and that certainly happened (and continues to happen) over the past couple of years. Perhaps we could include one saying that no one is peer reviewing financial incentives to make sure they don’t increase risk elsewhere in the system;
- Not tying risk management practices to compensation;
- Not aligning risk management goals with compensation;