Should We Still Be Using the Term Risk Management?

“What’s in a name” you ask?

Aside from “To be or not to be? That is the question,” this is probably one of Shakespeare’s most well-known quotes or idioms.

And coincidentally, it forms the basis of one of the biggest debate’s in the risk management world today.

Between risk appetite, heat maps, and the reliability of standards like COSO and ISO 31000, the risk management field has its fair share of debates.

Interestingly enough, the usefulness of the term “risk management” is another example of one of these debates. You read that right – there’s intense disagreement over exactly what term we should use to describe what we do.

LinkedIn is the primary spot where this debate plays out…

On one hand, thought leaders like Tim Leech, Norman Marks, and Grant Purdy say “risk management” is confusing and should be scrapped in favor of “certainty management,” “decision support services” and other terms, or as Tim proclaims in this LinkedIn post:

The terms “ERM,” “Risk Management,” and “Risk Manager” are dragging the profession down like a huge millstone. Words matter. Poor choice of words dating back decades is a big part of why most senior executives today see little value in risk-list ERM. It’s time to dump these flawed terms in favor of better words and methods that reflect the future and real opportunity of more structured uncertainty assessment and decision making.”

These well-respected experts cite a number of reasons for their stance, including:

  • According to surveys like NC State’s annual report, very few respondents (12%) indicate their “risk” processes provide a strategic advantage to the company.
  • Most mistakenly believe the term means managing lists of risks and that it is the risk professional’s job to actually “manage” risks, not the business’s job.
  • Consultants adopt this word to offer services that are ultimately of little value.
  • It has different meanings based on who you ask. Those with a more traditional “risk management” view believe it’s only about mitigating threats or providing coverage for insurable risks.

As Roger Estall and Grant Purdy explain in their book Deciding, the term “risk management” finds its origins in the insurance industry when it comes to the “risks” that are underwritten for insurance coverage. Over time, and especially in the last few decades, ideas and practices for improving decision-making were also given this label. However, Estall and Purdy explain:

In the same way that the ‘risk management’ label became attached to many different ideas, so too, inevitably, did the word ‘risk’ acquire many different meanings. This created the odd situation that the core word of an increasingly popular, yet ill-defined, expression was effectively meaningless – as was the expression itself!”

Not everyone agrees with shedding the “risk management” label though. Below are a few rebuttals to the aforementioned LinkedIn post from Tim Leech on this subject.

Supporters of scrapping the risk management label explain, correctly in my view, the extreme shortcomings of simply managing a list of risks and that many carry the mistaken belief that ERM is responsible for managing the risk.

Again, like these supporters, their detractors make some valid points, mostly around that it’s important not to throw the baby out with the bath water. I’m not sure I could be placed in one camp or another, but one thing that is certain in my view is…

How your company refers and views this function is strongly dependent on the industry, corporate culture, and other organization-specific factors.

In many cases, I try to avoid blanket pronouncements since every company is different.

In the case of the label of risk management, I hesitate to say there should be an across-the-board change. This isn’t a black and white issue – there’s going to be a ton of gray areas.

One reason is expectations…

Whether from regulators (depending on your industry), investors, credit ratings agencies, or other stakeholders, there’s an expectation you have a function or process called risk management. Calling it something else could lead to pushback from multiple directions.

And as I elaborate on here, there’s an expectation the Board play an active risk oversight role.

With this expectation from such a wide array of places, it would be very cumbersome to just decide willy-nilly to not use the term anymore.

Instead of a wholesale change, it’s all in how you describe what you do.

In the end, the phrase “what’s in a name?” is especially relevant since it basically means “the name of a thing does not matter as much as the quality of the thing.”

What this means for today’s topic is that it’s not so important the term(s) used, but rather the messaging and branding behind it.

When someone asks what I do for example, I give them the following:

I help insurance companies identify their goals, how they can best achieve their goals, and prioritize and allocate resources accordingly.”

For those who know what the specific terminology is, I add on: “To do this, I use various strategic planning and risk management techniques and tools.”

Therefore, instead of just dropping the term altogether, risk professionals need to clearly articulate their role and make sure everyone is on the same page on what this means for the company.

Again, I understand the perspective that the phrase is confusing, and lists and other formalities do not give the company a competitive advantage. However, I also believe it would be unwise to just chunk the label without careful consideration of the expectations of outside parties and whether doing so would lead to even more confusion.

In most circumstances, a clear understanding by everyone of what risk management means for the company will be much more helpful in the long run in my opinion.

Do you encounter confusion as to what risk management is at your company? Have you considered changing the name altogether?

I’m interested in hearing different perspectives on this and other issues. To share your thoughts, please feel free to leave a comment below or join the conversation on LinkedIn.

And if your company is struggling to articulate what risk management and ERM means and how it can help better achieve strategic goals, please don’t hesitate to contact me to discuss your specific situation and potential paths forward.   

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Receive Our Weekly Blog Updates

Meet Carol Williams, SDS Founder & Lead Strategist

To our readers:

This blog was launched to provide strategy and risk practitioners with a go-to resource to better guide their efforts within their companies. Thank you for bringing me and my team along to be part of your journey towards better risk management, strategic planning and execution, and overall decision-making. Happy reading!

Find more SDS Insights