Minimize Risk by Maximizing Accountability

Risk management only works when it factors into everyone's thinking. Kerri Grosslight of Wells Fargo lays out steps for getting there.

. What's this?

By Kerri Grosslight, risk management and compliance, Wells Fargo

January 14, 2010CSO

Faced with challenging economic times and heightened legislative and regulatory scrutiny, companies across all industries are increasingly compelled to keep risk management top of mind. Success depends upon customer and shareholder confidence in a company's ethical standards and its ability to make prudent decisions about handling risks. Whether a company's risk management framework is centralized, decentralized, or somewhere in the middle, what's most important are the people in that framework—those who identify and manage risks every day.

Kerri Grosslight on risk management and accountability

Only through a culture of accountability, in which it's clearly understood that risk identification and management is everyone's responsibility, can a company truly meet its risk management and compliance commitments and deliver for its customers and shareholders.

As a first step toward building a culture of accountability, an assessment of the company's risk management model and framework is essential. Ensure that everyone knows who's responsible for understanding and addressing risks in each part of the organization. From a divisional or business line perspective, who is responsible for executing against corporate policies and understanding what the business needs to do to adhere to the policies, including training and awareness? Who aggregates and looks at risk holistically? It's critical to know these things, because the accountability model starts with every employee understanding the potential risks that cross his or her desk.

All leaders must understand the risks in the businesses for which they're accountable and risk professionals must support employees and managers in risk mitigation. Beyond that, enterprise oversight is crucial so that risk is aggregated across the organization—this is particularly important if business groups are siloed.

Also see Jeff Spivey on Enterprise Risk Management


As a next step, CSOs and other personnel in charge of risk activity need to acknowledge and address potential blind spots—the areas of concern or potential threat that can be missed if one is not careful. Even the strongest cultures have them. Blind spots include:

  • The familiar sense that "It can't happen to us." To counteract it, continuously be aware of the fact that bad things can and do happen, and be on the lookout for potential risks.
  • When a leader must communicate his or her own mistakes or those made externally, there's often a reluctance to deliver this news; it may be equated to a sense of failure or punishment. Instead, open communication should be viewed as an opportunity to share risk awareness and help others avoid similar pitfalls.
  • If business groups are siloed, there's often a lack of transparency across the organization when risks arise. As mentioned above, an aggregated, enterprise view of risk trends and patterns is necessary, allowing business decision makers to connect the dots across the company, share risk awareness, and avoid one-off solutions.
  • When employees aren't clear about an organization's risk tolerance, they may get mixed messages around risk, which can be a real danger to a culture of accountability. A lack of clarity and insight around risk leads to assumptions that could negatively impact business or a tendency to take on more risk than is prudent.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER