Many analyses of the financial crisis have highlighted the inefficacy of banks’ analytic risk management practices before the event. Many corporate risk practitioners have quickly distanced themselves from the lessons that banks’ risk management functions have sought to learn from the crisis. But perhaps the greatest unlearned lesson is that, prior to the crisis, banks’ risk managers and executives believed their risk management to be effective – just like most corporate risk managers and many non-executives today. If bankers and banks’ risk managers were guilty of hubris (as many assert), what does that mean for corporate risk managers now? Asked to review research in risk management and ERM for an ACCA forum in London last Friday (16 March 2012), we reviewed a selection of recent (post-2007) contributions on risk management and ERM. The selection is not meant to cover everything published; most that is published is just assertion or opinion. Our presentation is also available for download: ACCA CRSA ERM research update PRL. We have created a page on this blog site with links to the papers reviewed.
The conclusions may not make for comfortable reading. Despite the stratospheric growth in ERM in recent years, the jury is out on whether executives and non-executives in corporate sectors find much of it useful. What little research evidence is available suggests that risk management practice and ‘linear’ risk management models (COSO, ISO, etc) may not be as effective as their proponents assert. Furthermore, there are serious methodological criticisms of many common risk management tools including risk maps and risk registers.
The bottom line is that there is almost no empirical research backing the effectiveness of most risk management as it is commonly practised today. More research is needed urgently to show – one way or the other – whether common risk management techniques actually work. In the meantime, learning the lessons of reality may be more constructive than wishful thinking.