A while ago I started saying that the goal of risk management is to take the best risk, not the least risk. Many telco people will hear the echo of an earlier industry debate, when some brave souls pointed out that least cost routing sounds like a good idea, until you end up using routes that are so poor that customers get irritated and hang up. Instead of aiming for the very least cost, they realized they wanted the best cost which also delivered acceptable quality. The same thought process can also be applied to risk management.
If we wanted the least risk we should sell the telco, take the cash we made, dig a deep hole in the ground and bury it. But that would be a terrible investment. The best approach to investment is to recognize where we are best at taking risks – where we have the skills, technology and experience to gain the most, whilst also being best at mitigating downside risks – and investing in those activities. To maximize shareholder value we should seek to take the best risks, and risk managers will not help if they mindlessly aim for the least risk all the time.
Sometimes the best risk is the least risk; nobody wants to see somebody suffer a fatal injury due to a workplace accident. But often the best risk differs from the least risk, and risk managers should be helping the telco to understand the scale of the difference between the two, so the rest of management always makes informed decisions and properly factors risk into everything the telco does. Just pulling in one direction – towards least risk – encourages equally stubborn and mindless resistance to risk management. The least risk approach discourages managers from adopting better techniques to manage risk. It also leads them to see risk management as an unproductive burden which is imposed upon them, rather than viewing risk management as an intrinsic element of decision-making. And so the least risk approach promotes a tug of war between risk managers and other managers, whilst the best risk approach encourages a more conciliatory approach where we all pull together to satisfy common corporate objectives.
Risk guru Norman Marks (pictured above) always gives excellent insights. His way of conceptualizing and discussing the issues is different to mine, but I encourage everybody to read a short but excellent piece he wrote earlier this year, entitled “Why Do People Take Risks?” It is a healthy reminder that there would be no risks to manage if we did not have objectives we wanted to fulfill in the first place. As a result, we must always keep those objectives in mind.