Risk management professionals constantly preach that risk management is not compliance. Risk managers help set strategy. After their colleagues ask “what can we do to make money and how?,” risk managers then ask “what risks will we be taking, how can we manage them and is it worth it?” This is very different from traditional compliance, the discipline of ensuring an organization is acting according to a set of predetermined rules. In an age of “bubbles” and regulations that are continuously augmented in an attempt to make people “do the right thing,” companies are in jeopardy if they do not have an effective internal compliance function.
This is the second of a five-part series that examines foundational risk management issues through a practical lens. Click to read part one, Determining Risk Appetite, or part three, Time to Dust Off Your Risk Register – Steps to ERM Implementation.