Skip to content

Risk Management: In need of an upgrade

December 23, 2013

In general, the quality of commercial risk assessment and management is poor.

While most major organizations have developed sophisticated risk management systems, the extent of value leakage from their contracts is just one piece of evidence that they are lacking in effectiveness. My observation is that significant causes of risk are quite simply overlooked; and risk management is too strongly focused on dealing with risk consequence, rather than reducing probability.

This topic will be a major theme for IACCM in 2014. For now, as evidence, I will offer a couple of examples based on conversations I had last week.

The first was with the European General Counsel of a major international software and services company. He shared with me the approach his organization has taken in developing project lifecycle managers with a strong commercial and contracts background. In itself, this is not of course unique, but he highlighted the fact that it was driven by an understanding of how poorly a traditional functional business structure actually understood or mitigated risks. As an example, he pointed t0 the Legal department and its traditional fixation on securing terms that protect in the event of litigation. “When we did an analysis of actual risks, we realised that litigation comes close to the bottom of the list”.

The second conversation was with a group of credit managers, all from large corporations. We were discussing the role of contracts and negotiations in handling issues around payment. This led to a list of ‘desired terms’ – not just the payment provisions themselves, but mechanisms such as the right to impose interest, delay delivery or terminate the contract. In most situations, such terms are unrealistic – and arguably, they are often irrelevant. But what became apparent in the conversation was that there is a woeful lack of data to support intelligent management of risk. Specifically, there is a disconnect between risk probability assessment and the terms to manage risk consequence. As a result, contract and negotiation strategies frequently miss the key point about risk.

In the end, risk management should be attempting to reduce the probability of risks occurring, yet a lack of consolidated data regarding the frequency or possibility of risks means that instead there is focus on dealing with consequences. Often those efforts result in real risk issues being ignored (e.g. poor communications, wrong focus for reporting, absence of right level sponsors), or of key issues simply being pushed aside in the urgency to ‘win the deal’.

Today’s technology means that there is an opportunity to massively improve the management of commercial risks. A few organizations are grasping this. Most are not.

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: