“Risk comes from not knowing what you are doing,” says Warren Buffet. That’s why we need the right grasp and the right guidance to be in the know before acting. A seasoned enterprise risk advisor will not only tell you how to avoid risks, but also tell you how to take risks, calculated or uncalculated, [...]

Business Times

How risky is your risk management


“Risk comes from not knowing what you are doing,” says Warren Buffet. That’s why we need the right grasp and the right guidance to be in the know before acting.

A seasoned enterprise risk advisor will not only tell you how to avoid risks, but also tell you how to take risks, calculated or uncalculated, expected or unexpected – based on situational and holistically pragmatic platforms – and also on futuristic wisdom.

To do so, he or she should know the art, science, the commerce of risk treatment at its best sensibility at conceptual, strategic, procedural and application levels.

When fresh blood is essential for a patient undergoing an operation, if the blood injected in haste is contaminated in one or many ways, are we curing the (already complicated) situation or aggravating it – instantly or slowly – beyond the point of recovery and stability? This philosophy applies similarly in risk treatment too.

Sometimes the greater danger for business is not risk imperfection, but protecting what doesn’t really matter by titanic miscalculations and thus over-reacting and over-spending.

Therefore, one of the most critical elements to watch in enterprise risk management is, whether you tangibly mitigate the risks in your business or whether you unconsciously embrace new and bigger risks in the process of doing so.

Aftermath of bombs

When ethno-religious terrorism jolted the nation on Easter Sunday by way of six synchronised suicide bombings, it also created an ideal window for risk advisors to make a beeline to Sri Lanka from other countries.

That created an infiltration avenue for disguised fronts of off-shore intelligence operatives to subtly berth here – unsuspectingly – via business enterprises, working on a larger but veiled agenda, obviously not in the best interests of the country. They can infiltrate using fake credentials and also using some gullible (plus opportunistic) local agencies to vouch for their authenticity to the corporates.

Even though the reality is fragile, it’s surprising that even some corporates that carry out background searches for their employees know next to nothing about their off-shore risk advisors.

Risks in risk management

A witty humourous comment popped up recently in a corporate boardroom, when a director said, ‘in fact our biggest risk is our risk manager’. The reference was to an internal risk manager, who was dragged in haste from another portfolio to manage risks, which is not his competence and motivation – and that wisecrack tells us a story that could be applicable elsewhere too.

When the internal risk expertise is not adequate enough, the corporates ought to look for external expertise, either local or foreign.

Yet, corporates need to comprehend that an external risk auditor or a risk advisor is someone who, by virtue of the functional requirement – can go deep into the organisation, notwithstanding its information controls. There is always a risk of compromising your information safeguards – and it’s more so with overseas outfits that you’d know little or nothing about.

Overseas advisory outfits appearing from nowhere – by purpose – could mislead a business organisation, covertly representing an economic hit-man or an economic hit scheme. As an example, a blue-chip in Sri Lanka had an ownership crash owing to such misguided off-shore advisory in the past. Usually, once they fly away, the accountability also disappears despite legal implications.


Risk advisors alien to our settings may even over-estimate the current risk of terrorism owing to depth unfamiliarity, lack of authentic intelligence, erroneous grasping of the psyche of ethno-terrorism and in certain cases – even to justify/prolong their stay here. All that can lead to over-reaction by corporates which in turn presses for over-budgeting and over spending – a management flaw for which the cost is borne by the consumer market.

It is also required to understand that based on their ‘overall motive and handler instructions’ certain critical risks may not even be highlighted on purpose. Unless there is competent internal risk expertise to detect such deliberate omissions, such acute risks will remain unaddressed persistently.

In some cases, imprecise reading of the risk and inaccurate placement of it in the risk grid results in the wrong risk being addressed with greater efforts, while the actual risk is not addressed.

For instance, if a defamation drive or a market shrink is happening by way of less volume of customer patronage based on some mistrusted ‘corporate integrity’, the consumer questions the purity of the corporate gene – which demands character clearance – and not brand building or reputational endorsements as the immediate priority. Such wayward risk management falls widely off the mark, while failing to address the enterprise DNA risk – the core issue in the instant.

These are a few reasons why corporate managements must be mindful – and act responsible, not only in the protection of their own business, but also in support of national defence.

Way forward

Bringing in foreign advisors may look fashionable, but among other things, it also drains our funds to another country – and all inclusive cost component (assignment fee + airfare + accommodation + F&B + off the base allowances + local agent’s profit margin and so on), which is way above the local fee structuring – and as highlighted before as well, it eventually hits the consumer wallet.

In corrupt sourcing too, the crooked elements prefer overseas advisory, not because such advisory has got out-of-the-world competencies, but because it’s easier and safer to strike high-priced shady deals with a personal, but immoral benefit. This is an unfortunate development that the corporate boards need to be mindful of.

It is best that a corporate thoroughly looks for local risk expertise with a flawless track record first, before sourcing or accepting offers from overseas entities. In the case of mandatory policy dictations, such directives surely need a review. Sometimes, the offers may come from branded global entities, yet who ‘actually’ comes into your corporate is what really matters. In fact, depending on overseas elements should happen only when local expertise is not at all available.

Enterprise risk management is not about high-flown presentations, colourful risk pages in annual reports, numerous complex graphs and graphics, upsized manuals on glass-shelves – but about reading the risks right, developing ground realistic counter solutions and tirelessly driving the initiatives forward, right across the organisation. It’s about making it a culture by task-mastering than talk-mastering.

“Business leaders need to understand the psychology of risk more than the mathematics of risk,” said Paul Gibbons – and he stated so for a profound reason. He obviously did not fancy the ornamental jargon over functional sense!!

(The author is a foremost enterprise risk management specialist and a corporate risk trainer who serves as the CEO of Strategic Risk Solutions. He can be reached via eMail on solutions@sltnet.lk or via web www.solutions.lk)

Share This Post


Advertising Rates

Please contact the advertising office on 011 - 2479521 for the advertising rates.