Risk management as a discipline tends to focus on control in order to deliver continuity and a degree of certainty. Risk governance is charged with setting appetite for risk and determining the effectiveness of controls employed by risk managers. Neither function is comfortable with risk as future uncertainty or risk management as merely an illusion of control.
Dr Gerd Gigerenzer of the Institute of Risk Literacy in Berlin claims ‘certainty is an illusion’ in his latest book ‘Risk Savvy’. Additionally Professor John Adams of UCL in London in his book ‘Risk’ considers: ‘risk is a word that refers to the future, it exists only in the imagination’. As a result the perception of Chiron is not new but it does cause some discomfort to auditors, accountants and risk managers.
Risk management at a functional level concerns itself with systems and control to deliver business continuity and prevent interruption. Strategic risks, which are CEO and board responsibility, often fall outside the scrutiny of risk management. Partly because they are business-critical and sensitive and partly because they are risks inherent in strategic decisions – about direction not control.
Over the past 20 years surveys on strategic risk regularly highlight reputation as a top priority, yet few organisations display a strategy for reputation protection. Any PEST analysis will show that reputation damage can come from any direction; social media, regulators, disaffected staff, criminals or competitors. Reputation only becomes a priority once damage has begun and it is already too late.