Effective Risk Management Does Not Equal Immediate Bottom Line Cost Savings

March 2017 Risk Management Insights

It is very important in your preliminary messaging to senior management to not promise immediate cost savings. Using a roadmap to outline the milestones, timing and estimated cost of constructing your program can be helpful.

Guest Post by David Nickles, Vice President, Business Leader - Operational Risk & Controls at MasterCard

Implementing risk management practices within an organization is an investment. The activities and ramp up associated with building risk programs is not like producing a widget or tangible product that generates instant revenue. There are many phases of maturity and reward.

What is your organizations risk appetite and management strategy?

It is very important in your preliminary messaging to senior management to not promise immediate cost savings. Using a roadmap to outline the milestones, timing and estimated cost of constructing your program can be helpful.

The implementation of a risk management program, when done correctly, positions an organization to be more efficient, effective, operationally and technically sound. The program when managed well will continuously improve over time. As risk professionals we should all be continually trying to maximize what we get out of our budget. This is a balance.

When do the savings to the organization kick in? This is a great question that I do not have an answer for. I encourage people to think about this question in the following content.

At any moment your organization is susceptible to:

· a large operational loss,

· a missed business opportunity because of poor documentation/outdated procedures,

· a data breach,

· compliance violations/fines due to lack of adherence to policy,

· and list goes on!

Risk programs don’t completely eliminate the possibility of these scenarios playing out, but they do significantly reduce the likelihood. With the data and technology at our fingertips today, we have the ability to protect our organizations from harm in ways we could not in the past. It is up to each organization how they will invest in best protecting their name and brand from harm.

I hope you found this post insightful and would love to have further dialogue if there is interest.

About the Author

David has over 17 years of direct experience in the first and second lines of defense with a heavy focus on Operational and Technology Risk Management. He has also supported and partnered with Internal Audit to drive strategic objectives. He has often been described as an innovative thought leader in managing organizations’ highest risk areas while implementing solutions focused on operating efficiently and effectively which benefits the overall company. He has demonstrated strong proficiency in program management, project management/delivery, people, process, systems, data governance, data integrity, data availability, data security, enterprise reporting, internal controls, compliance and quality disciplines. Companies he has worked for include Aon Hewitt, Fidelity Investments, GE Capital, BNP Paribas and Mastercard.

Share this
Loading...