The Risk Culture Builder asked a very pertinent question which should be on minds on many risk managers as well: How much money is your risk management department adding to the bottom line?
There is no doubt that the question is interesting and thought. Is Risk Management group left to become a Cost centres or they can exhibit and evidence their contribution to business’s over bottom line.
I have yet not come across a framework or model which can help to “quantify” the answer.
Risk management function in a mature organisation would help business to assess riskier opportunities with balance approach (benefits versus pitfalls). Cloud computing is one good example on my mind, where at times Compliance and Security teams are able to scare shit out of the business owner and they feel happy to maintain status quo or delay their plans to remediate the issues faced.
Risk Management team here can step in and work along with business owners to help them understand the security and technological nuances so that risk based decisions are made instead of gut feel.
Also a scenario based analysis should be performed to understand what would go wrong with or without risk management function. Do we really need a risk management desks if yes why? Most of the time business feels this team is there due to internal policy / regulatory requirements.
Plus despite risk management being there for almost few decades now I find number of myths about principles of risk management on mind of business manager make me nervous and empathise.
Classic is “ Risk assessment results would directly impact the Regulatory capital adequacy requirements.
I strongly feel that risk fraternity failed to represent themselves to be partner to business objectives / missions . There are many reasons for same, you know much more and better than me.
Anyhow do share paper or model to quantify – How much money is your risk management department adding to the bottom line?