As human beings, we often struggle with the concept of risk management and our ability to effectively interpret and understand inherent risks. For example, consider your own personal travel biases for a moment. Most people will tell you they believe it is safer to travel by car versus traveling by airplane. Now, statistics will clearly illustrate the opposite, suggesting travel by air is much safer and has inherently lower risk compared to making the same trip by car. Yet most folks are unable to come to this same conclusion on their own. For whatever reason – perhaps it’s the need to feel more in control, or that we only know what we know and are comfortable with – our perceptions of risk are blurred.
In business, however, we cannot rely exclusively on a gut feeling or individual knowledge source. Risk management is a strategic business discipline that supports the achievement of an organization’s objectives by understanding its inherent risks and mitigating those risks as effectively as possible. The process begins with assessing where various risks may exist through gathering insight and perspectives from the entire organization. Doing so ensures all impactful business processes and dependencies are identified and accounted for when considering potential risks. Establishing an effective risk management program is paramount with respect to an institution’s ability to understand its overall risk profile. And a risk management program offers guidance for an institution on where best to focus its resources when prioritizing mitigation efforts. Ideally, we could reduce risk to a point that it no longer exists. Unfortunately, however, risk can never really be eliminated – only mitigated.
Given the recent financial crisis, increasing cyber security threats and a heightened focus on regulatory issues, regional and community financial institutions (RCFIs) are starting to give greater attention to improving how they manage and mitigate risk – which is a great thing. From the boardroom – where risk management has recently risen in significance – to day-to-day operations, RCFIs are realizing the importance of and getting on board with company-wide risk management education and action plans.
Of course, it’s an ever-evolving work in progress, and at many institutions, operational risk management capabilities are still under development. While most RCFIs have basic programs in place, there is frequently a struggle to develop more mature methodologies. Internalizing the basic principles will help institutions improve how they function, operate and ultimately succeed. This, of course, requires a certain level of discipline and perspective. But institutions’ newfound awareness and foresight to concentrate on the “business” of risk management is by far the best first step in the process. You see, the purpose of risk management is not to explain the past, but to improve the future.
A great group of RCFIs is gathering with me for NAFCU’s new Risk Management Seminar in Denver, Colo., from Aug. 3-5. I’ll be moderating with my organization, Q2, and discussing everything from enterprise risk management (ERM) models to how regulatory agencies such as NCUA are focusing on risk issues. I hope to see you there to share more information on this important topic.