The problems with risk today have their roots in the greenmail of the ’80’s, the high growth addiction of the 90’s, and irrational exuberance for over-quantification of everything even as cartels and mafias moved commodity markets and commoditization with a single breath. Boards, executives, and their lawyers and accountants all suffer from hyper-specialization and information and situational overload. Exhausted people use one more manual as a doorstop. Risk assessment has to be simplified, streamlined, de-jargoned, and “organically” related to what people do and see every day inside and outside the entity.
Too many organizations have only a fuzzy understanding of their risks; they stop at the point of knowing there is a risk and throw some self-deceiving analysis at potential financial impact with the intent of scorning or insuring risks away. In the process, they never get down to thorough examination of the risks they stumble across and identifying the risks they miss, let alone prioritizing real and even imminent risks.
Worst, even the most senior of leaders evade such risk examination while intoning their conviction that “the lawyers can take care of it if anything goes wrong.” And then the risks mature. By which time, of course, it’s entirely too late, except for litigation and, all too often, criminal defense.