The first risk management problem for both executives and directors is identifying the risks they need to be worried about. Some of the biggest problems are stealth risks – they seem to come out of nowhere.
At a recent seminar for corporate directors, the seminar leader, Dr. Krishna Palepu of Harvard Business School, suggested the following matrix as a good place to start.
Types of Risks
- Strategic – did you pick the right strategy?
- Execution – can you effectively execute the strategy you picked?
- Reputation – how could your corporate reputation be damaged?
- Compliance/Fraud – something bad happened; will it be caught in time?
- Legal – regulators, customers, etc sue the company.
Sources of Risks
- Pressure to perform – the hill is too high
- Incentives – the compensation system encourages inappropriate behavior
- Rationalization – people have a unique ability to convince themselves that what they are doing is okay when it is not.
- Competition/markets – aggressive competitors or changing markets
- Regulatory changes – someone changed the rules or the level of enforcement
- Technology – new technologies make what you are doing obsolete
- Society – the larger society decides it does not like something you are doing
While not exhaustive, the above lists can point you in the right direction.