It strikes me that risk management appears a bit similar; it is easy to hear what went wrong. Before I go any further, I admit my share of guilt for writing about risk management lessons from enforcement cases of the UK’s Financial Conduct Authority (here, here, here, here and
From the perspective of designing and implementing an ERM system, there are seven lessons I take from these success stories:
If I had to single out one lesson from the above for financial services, I would choose the link to the annual business plan. On a scale of 0 to 100, where 0 is no risk management involvement in the annual business plan and 100 represents the full integration of the risk management in the annual business process, what would be the score for your organisation?
More importantly, what would be your target score for the medium term? What would that mean in terms of different activities? What would you need to persuade your CEO to accept that involvement?