Risk Management | The role and purpose of enterprise risk management

In a world that has been on a multi decade trajectory of ever increasing globalisation and interconnectedness, society has become addicted to efficiency. Businesses have been centralising their processes, relying on their just in time supply chains and offshoring to shared service centers to cut costs.

Redundancy, often seen as the opposite of efficiency, is perceived as a dirty word and seen as an impediment to short term profits. However, recent history showed us how fragile the systems have become that we created in our craving for efficiency and short term thinking. Cutting intensive care beds in good times because “we don’t need them”, invisibly makes you fragile to a health crisis. Shutting down nuclear power plant because “we can currently meet power demand with cheap gas”, makes you fragile to a supply shock. While chasing efficiency might improve your P&L, you are adding hidden risk and fragility. Complex systems (like organisations) need redundancy to survive and absorb shocks, hence businesses should embrace and imbed redundancy to mitigate risk and increase performance in the long-run.

The following series of articles tries to provide a different perspective on risk management by using analogies from real life which help to understand the role and importance of enterprise risk management. Also, the idea will be presented of dealing with uncertainty and randomness, propose adjustments to well-known risk management frameworks, how understanding and applying incentives is key to effective risk management, and how to use first principles when solving complex problems.

At a Glance

  • Our lives are way more complex and random than we can observe, hence the number of unpredictable events is not limited and often random in nature.
  • Why redundancies act as a shock absorber, and are essential for long-term performance.
  • Avoid the efficiency trap, embrace redundancy to win.

The role and purpose of Enterprise Risk Management

“To finish first you first have to finish”. A very intriguing line from Olav Mol, a Dutch Formula 1 commentator, which perfectly summarises the essence of risk management. While observing the sport, arguably, Formula 1 teams can be considered as the ultimate risk managers and should be an example to any risk management professional.

Often Risk Management is perceived as adding inefficiencies and being an impediment to operational efficiency and progress. However, redundancies should not be seen as a bug, but a feature, and vital to the longevity of any company. Let’s take Formula 1 teams as an analogy; what if they would only care about engine performance, and neglect the risks that they inevitable will face? The engine will blow up, the tires will wear or the driver will crash, meaning “you won’t finish”. Instead, the driver adjusts its speed, manages the tires and the team monitors everything they can, to detect and prevent any risk from materialising.

Viewing the processes of monitoring, speed adjustment and tire management in isolation might give the incorrect perception of redundancy. When seen in relation to each other and the influence these measures have on long-term performance, they are obviously essential. Doing 30 very fast laps is not relevant at all if you crash in lap 31.

In other words, the goal of risk management in a business, similar to a F1 team, is to find the optimal balance between straight line performance and redundancy, where the redundancy serves as a shock absorber. To avoid the risk of ruin, processes need to be embedded in your organisation that do add redundancy, but enable monitoring, detecting and preventing impactful events from occurring which ensures the longevity of your business. Having three great years of performance and growth is irrelevant if in year 4 a risk materialises that ruins the company. Reducing risk makes you win in the long run by slowing down in the short run.

Or as generations of sailors have famously said to prevent their ships from capsizing: “slow is smooth, and smooth is fast”.

With racing, some risks are hard to forecast like rapidly changing weather conditions, and certain risks are not foreseeable at all like another driver crashing into you or objects on the track. But it is important to realise, the real world is way more complex and random than the confined space of a game or sport. Hence the number of unpredictable events is not limited and often random in nature.

To illustrate this, let’s move on from the F1 teams as risk managing masters, and discuss the inverse in the real world, where the sole focus on efficiency and performance can be disastrous and the role of redundancy becomes even more clear.

One of the most occupied and busy railway systems is operated in the Netherlands. The schedules, the train’s seating, the stations, all is optimised for optimal efficiency, which is very impressive as long as it works. However the annual frustration among the Dutch is that one leaf at the start of autumn or one snowflake during winter breaks down the system completely and leaves thousands of people stranded. The railway operator will blame the weather as being unpredictable but neglects the hidden fact that their system is extremely fragile to unpredictable events.

Now compare this to the Swiss railway system. They are known for being extremely punctual, despite the weather conditions. Rain, meters of snow, or any other unpredictable event, a Swiss train is always on time. What is their secret? Are their trains better suited/equipped? No, they understand randomness and embrace redundancy. Instead of aiming for maximum efficiency, the schedule is designed to allow for unexpected events to occur and are prepared to any situation presented on their path. Customers know what to expect and can rely on the schedule, resulting in reliability, hence very high customer satisfaction.

As a risk management function, aim to work together with the business as a F1 team, and design the organisation to be like the Swiss railway system. Accept that life and business is complex and random. Embrace redundancy to win.


Brent Bodenhorst
Brent is Senior Manager at the Business Performance Improvement Consulting Practice of Protiviti in the Netherlands, which provides various advisory and implementation services. His main expertise is designing and implementing Internal Control Frameworks, often through ...