Should We Still Be Using the Term Risk Management?

“What’s in a name” you ask?

Aside from “To be or not to be? That is the question,” this is probably one of Shakespeare’s most well-known quotes or idioms.

And coincidentally, it forms the basis of one of the biggest debate’s in the risk management world today.

Between risk appetite, heat maps, and the reliability of standards like COSO and ISO 31000, the risk management field has its fair share of debates.

Interestingly enough, the usefulness of the term “risk management” is another example of one of these debates. You read that right – there’s intense disagreement over exactly what term we should use to describe what we do.

LinkedIn is the primary spot where this debate plays out…

On one hand, thought leaders like Tim Leech, Norman Marks, and Grant Purdy say “risk management” is confusing and should be scrapped in favor of “certainty management,” “decision support services” and other terms, or as Tim proclaims in this LinkedIn post:

The terms “ERM,” “Risk Management,” and “Risk Manager” are dragging the profession down like a huge millstone. Words matter. Poor choice of words dating back decades is a big part of why most senior executives today see little value in risk-list ERM. It’s time to dump these flawed terms in favor of better words and methods that reflect the future and real opportunity of more structured uncertainty assessment and decision making.”

These well-respected experts cite a number of reasons for their stance, including:

  • According to surveys like NC State’s annual report, very few respondents (12%) indicate their “risk” processes provide a strategic advantage to the company.
  • Most mistakenly believe the term means managing lists of risks and that it is the risk professional’s job to actually “manage” risks, not the business’s job.
  • Consultants adopt this word to offer services that are ultimately of little value.
  • It has different meanings based on who you ask. Those with a more traditional “risk management” view believe it’s only about mitigating threats or providing coverage for insurable risks.

As Roger Estall and Grant Purdy explain in their book Deciding, the term “risk management” finds its origins in the insurance industry when it comes to the “risks” that are underwritten for insurance coverage. Over time, and especially in the last few decades, ideas and practices for improving decision-making were also given this label. However, Estall and Purdy explain:

In the same way that the ‘risk management’ label became attached to many different ideas, so too, inevitably, did the word ‘risk’ acquire many different meanings. This created the odd situation that the core word of an increasingly popular, yet ill-defined, expression was effectively meaningless – as was the expression itself!”

Not everyone agrees with shedding the “risk management” label though. Below are a few rebuttals to the aforementioned LinkedIn post from Tim Leech on this subject.

Supporters of scrapping the risk management label explain, correctly in my view, the extreme shortcomings of simply managing a list of risks and that many carry the mistaken belief that ERM is responsible for managing the risk.

Again, like these supporters, their detractors make some valid points, mostly around that it’s important not to throw the baby out with the bath water. I’m not sure I could be placed in one camp or another, but one thing that is certain in my view is…

How your company refers and views this function is strongly dependent on the industry, corporate culture, and other organization-specific factors.

In many cases, I try to avoid blanket pronouncements since every company is different.

In the case of the label of risk management, I hesitate to say there should be an across-the-board change. This isn’t a black and white issue – there’s going to be a ton of gray areas.

One reason is expectations…

Whether from regulators (depending on your industry), investors, credit ratings agencies, or other stakeholders, there’s an expectation you have a function or process called risk management. Calling it something else could lead to pushback from multiple directions.

And as I elaborate on here, there’s an expectation the Board play an active risk oversight role.

With this expectation from such a wide array of places, it would be very cumbersome to just decide willy-nilly to not use the term anymore.

Instead of a wholesale change, it’s all in how you describe what you do.

In the end, the phrase “what’s in a name?” is especially relevant since it basically means “the name of a thing does not matter as much as the quality of the thing.”

What this means for today’s topic is that it’s not so important the term(s) used, but rather the messaging and branding behind it.

When someone asks what I do for example, I give them the following:

I help insurance companies identify their goals, how they can best achieve their goals, and prioritize and allocate resources accordingly.”

For those who know what the specific terminology is, I add on: “To do this, I use various strategic planning and risk management techniques and tools.”

Therefore, instead of just dropping the term altogether, risk professionals need to clearly articulate their role and make sure everyone is on the same page on what this means for the company.

Again, I understand the perspective that the phrase is confusing, and lists and other formalities do not give the company a competitive advantage. However, I also believe it would be unwise to just chunk the label without careful consideration of the expectations of outside parties and whether doing so would lead to even more confusion.

In most circumstances, a clear understanding by everyone of what risk management means for the company will be much more helpful in the long run in my opinion.

Do you encounter confusion as to what risk management is at your company? Have you considered changing the name altogether?

I’m interested in hearing different perspectives on this and other issues. To share your thoughts, please feel free to leave a comment below or join the conversation on LinkedIn.

And if your company is struggling to articulate what risk management and ERM means and how it can help better achieve strategic goals, please don’t hesitate to contact me via email or through my meeting calendar to discuss your specific situation and potential paths forward.   

, , , , , , , , ,

Related Posts

2 Comments. Leave new

  • Carol, thank you for mentioning me but I have not said quite so bluntly that we should scrap the term risk management.

    I have said that using the term “risk” sparks a negative reaction from business executives.

    I have said that I prefer to use the phrase “what might happen”.

    I have also said I prefer to talk about success management or, even better, effective management and decision-making.

    But there’s a reality: corporate governance codes and the regulators are mandating (where they can) something they call risk management.

    We need to accept that reality.

    So, rather than abolish the term risk management, I prefer working to make it an effective practice in aid of the strategic and tactical decision-making necessary to achieve objectives, i.e., success.

    Se my related posts at normanmarks.wordpress.com

    Reply
  • Tsepang Molata
    August 17, 2022 2:21 am

    Thank you very much for sharing this insight information about the current situation related to our risk management issues, it’s only fair to have time to really understand what is the outmost important objective of our Risk Management Principles and the meaning of managing the uncertainties around any business objective, by that we shall fully appreciate the term risk management for various aspects. I personally appreciate the name so much that it does sound clear that we are managing the uncertainties and also provide informed decisions for businesses.

    Reply

Leave a Reply

Your email address will not be published.

Fill out this field
Fill out this field
Please enter a valid email address.