Quick recipe for a failed Risk Management Function

Ingredients:

• 2 cups of Siloed Thinking
• 1 generous dollop of Reactive Problem-Solving
• 3 tablespoons of Ambiguity
• 4 tablespoons of Lack of Accountability
• A pinch of Ignored Data (to taste)
• 1 heaping cup of "Tick-the-Box" Mentality
• 2 cups of Understaffed and Underfunded Resources
• A sprinkle of Complacency

Instructions:

1. Start with a Base of Siloed Thinking: Begin by firmly isolating your risk management team from the rest of the organisation. Allow various departments to operate with minimal coordination, ensuring risk professionals remain detached from front-line functions. This isolation is vital to building up critical oversights and misunderstandings about risks across the business.
2. Add a Generous Dollop of Reactive Problem-Solving: Embrace a mindset prioritising dealing with risks only once they've fully escalated. Avoid proactive solutions at all costs; stick to short-term fixes over sustainable strategies. Ensure root cause analysis remains elusive so that recurring issues can cycle through, keeping the team busy with more and more firefighting.
3. Mix in Ambiguity: Keep roles and responsibilities in the risk function as vague as possible. A well-mixed dose of ambiguity will nurture a strong "pass-the-buck" culture where everyone assumes someone else is in charge. This confusion will foster unaddressed gaps in coverage, setting the stage for "who's to blame?" moments when things go wrong.
4. Add a Healthy Dose of Lack of Accountability: If possible, eliminate accountability entirely. Poorly managed or completely overlooked risks should go unpunished and ignored. This laissez-faire attitude is crucial to fostering a culture where subpar decisions go unchecked, creating fertile ground for cascading failures.
5. Season with Ignored Data to Taste: Make sure the team gathers lots and lots of data — but avoids actually using it. By disregarding key risk indicators or dismissing trends, you can ensure a delightful lack of foresight, almost guaranteeing unwelcome surprises in the future.
6. Incorporate a Heaping Cup of "Tick-the-Box" Mentality: Ensure compliance activities revolve around ticking boxes and completing checklists rather than adding value. By focusing on mere policy adherence, your team will effectively do the bare minimum, driving productivity towards the paperwork instead of actionable risk reduction.
7. Understaff and Underfund for Perfect Consistency: Keep the team small and restrict budgets, limiting their ability to plan strategically or implement comprehensive controls. By stretching resources thin, you'll guarantee they focus on immediate tasks rather than future threats, always playing catch-up.
8. Sprinkle Complacency on Top: Foster a culture of Complacency where past successes are held in higher regard than adapting to new challenges. Complacency will allow vulnerabilities to grow and emerge unchecked, leading to crises that will strain resilience and damage reputation.

Serving Suggestions:

Serve immediately for a rapid erosion of organisational resilience, employee trust, and shareholder confidence. Combine it with shortcuts in other departments and a general disregard for due diligence for a more substantial effect.

While humorous, this "recipe" reveals the pitfalls that can erode a risk management function from the inside out. Success requires intentional, proactive, and accountable approaches. Proper risk management isn't just a gatekeeper; it's a culture enabler, empowering informed and strategic decision-making across the organisation.