In these days of uncertain markets – and an uncertain economy – risk can seem almost omnipresent in business. But how do you manage risk prudently – yet still grow your company?
That timely question reminds me of an interesting talk I heard this past summer by Harvard Business School professor (and MIT alumnus) Robert S. Kaplan. Kaplan is perhaps best known for his work codeveloping the Balanced Scorecard concept.
But, as Kaplan explained to a Harvard Business School Executive Education class this summer, he began exploring the topic of risk management in the wake of the 2008 financial crisis, after he saw venerable firms such as Lehman Brothers and Bear Stearns collapse – despite having risk management functions.
Here are a few of Kaplan’s insights on the topic of risk management.
There are three categories of risks. The first category, Kaplan said, are risks from employees’ undesirable and unauthorized actions. “These risks are the ‘known knowns,’ and the organization gets no benefits from allowing them to occur,” according to Kaplan. So, he advised, “enterprises should strive to completely avoid ‘Category I’ risks.”
Category II risks, on the other hand, are the kind of risks a company can’t avoid: the risks of not achieving the enterprise’s strategic objectives. “All interesting strategies have some kind of risk,” Kaplan pointed out.
And the third category of risk, according to Kaplan? Risks from certain uncontrollable external events, such as a volcano eruption that affects air travel — or a tsunami that affects your supply chain. Many companies, he observed, don’t even know that they don’t know about how such external events can undermine their strategies.
Learn from close calls. When it comes to Category I risk from employee actions, “you’ve got to look at…‘near misses’ and why they occur,” Kaplan observed. In particular he noted, as your business expands and gets more complicated, your internal auditors may not have the control systems and competencies to understand your new businesses – which can be a problem, because new business are where you’re more likely to have problems. In Kaplan’s view, the recent trading failure at UBS, which cost the CEO his job, is an example of a Category I risk that should have been avoided.