Risk Management has more or less in some form or another always been on the corporate agenda. However the responsibility for risk management no longer lies with the company's treasury function. Risk management is now the responsibility of the board of directors and includes all risk-classes across business units, processes and functions.

The management of Risks requires a much greater integration of the firm's corporate finance and risk management functions and the investment program.

Companies can very likely achieve a competitive advantage when managing risk from a holistic view. The approach explicitly takes into account the fact that the various risk classes interact at both stochastic and sequential, and yet in more complex ways.

This "diversification benefit" is documented in the financial sector where a number of risk classes are notoriously easier to model. The thinking and methodology can be conveniently transferred to non-financial corporations. Most companies should develop and implement their own risk management systems.

We can all learn from the mistakes committed that lead to the financial crisis. We will however repeat the mistakes unless we strengthen risk management and increase the ‘diversity’ of the members of the risk committee who has new ideas to address the past sins.

The fact that some of the worlds leading banks have up to 50 risk committee with approx. 250 voting members provides immediate food for thought. It takes thousands of hours to make the correct analysis and making a decision. Analysts say there has been little improvement in an area that is as important as managing risk for financial institutions.

Cognitive Diversity

The various aspects and disciplines of risk management is even more vital/crucial in situations where quality, diversity and skill backgrounds are not taken into account in the selection of members to various committees.

Too often these are very homogeneous groups of similar people with almost identical background. This is a well known fact also on several boards of several Danish companies. Boards have to decide on the company's risk-aversion, tolerance and appetite.

  • How much risk is the company willing to take?
  • How much will the exposure for each risk class be, and how large is the total exposure?
  • Which risks should be mitigated, reduced or eliminated?

The analysis should be based on risk tolerance with continuous monitoring of risk positions. Unfortunately group thinking often reinforces views expressed by the strongest in the group. It’s a pity when Risk committees often reflect the worst of both worlds.

Both large and small companies lack diversity in their committees. The importance of cognitive diversity cannot be overestimated. The committees should be able to take optimal decisions in a timely manner when there is a variety of relevant knowledge.

We should not let such a serious crisis go to waste. Focus on Governance, Risk and Compliance may actually be value creating and avoiding future disasters.