"Not everything that counts can be counted
and not everything that can be counted counts."
The Risk Management Puzzle
Risk management processes can vary from industry to industry and also
from sector to sector. The level of risk that is assumed by any
enterprise is a function of its understanding of risk by its key
stakeholders: shareholders, clients, suppliers, strategic partners,
regulatory bodies, rating agencies, governors, and the enterprise's
officers and employees. In all organizations, there should be a process
to identify, quantify, and manage risk which can easily be communicated
to and understood by all stakeholders.
Once risks are understood by all stakeholders and the outcome of the
risk management review is consistent with their appetite for risk,
strategy development is a necessary by-product of the risk management
evaluation process. Although often considered mutually exclusive,
strategy development and its on-going assessment are simplified once the
organization's tolerance for risk is known as well as its ability to
manage that risk.
Once these two criteria have been established, senior management is in a
position to communicate with all stakeholders to ensure a clear
understanding of the organization's goals and its capability to manage
the identified risks.