Managing Risk: A Checklist for Leaders

Managing Risk Checklist

Nano Tools for Leaders® are fast, effective leadership tools that you can learn and start using in less than 15 minutes — with the potential to significantly impact your success as a leader and the engagement and productivity of the people you lead.

Contributors: Michael Useem, William and Jacalyn Egan Professor of Management and Director of the Wharton Center for Leadership and Change Management, The Wharton School, University of Pennsylvania; independent consultant Ram Charan; and Korn/Ferry International Vice Chairman Dennis Carey, co-authors of Boards That Lead (2014).

The Goal:

Use a checklist of vital actions and considerations to help your organization better manage risk.

Nano Tool:

Appraising potential hazards and devising practices that will protect the organization from catastrophic risk (and help it recover quickly from disaster) are vital to the health of the organization. The dramatic catastrophes that have already dotted the twenty-first century illustrate the severity and cost of the threats, including the financial crisis of 2008–2009, the BP Deepwater Horizon oil spill, and the Japanese tsunami of 2011. In 2011 alone, there were $370 billion in total losses from natural and human-caused disasters, $116 billion in insured losses, the highest insured earthquake losses ever ($49 billion), and the highest insured losses ever for a single flood event ($12 billion, in Thailand).Other hazards come in the form of global competition, shifting demographics, and entrepreneurs who can swiftly overtake a market.

Directors and executives are increasingly devoting more time to risk management efforts. At the same time, some companies are also spending time identifying uncertainties that present fresh opportunities for advantage. Consistent monitoring of risk management, and making necessary adjustments to your current efforts, can help dodge downside consequences and seize upside possibilities.

How One Company Uses It:

Risk management in an era of increasing threats to the organization calls for leadership from the C-suite and the boardroom. An insider look into the sweeping changes General Electric made, and continues to make, to its risk management processes highlights the effectiveness of a partnership between senior executives and directors. It also illustrates the range of concerns, and the balancing act, such processes must address.

The financial crisis impelled GE‘s executives and board members to significantly bolster its enterprise risk management. With encouragement from the directors, CEO and board chairman Jeff Immelt and his lieutenants moved to create a framework for tracking and managing risk, appointing the company’s first chief risk officer, Mark Krakowiak, and director of enterprise risk management, Michael Eshoo, in 2009. Krakowiak and Eshoo set out to heighten risk awareness across the company, strengthen frameworks for identifying and managing risk within each business, and expand director and executive engagement in the oversight of both.

Rather than trying to avoid them, they wanted to understand the risks that the company was already taking, whether they were managed well, and if they were generating enough gains given the uncertainties. Each business unit was directed to make its willingness to accept risk explicit and, in doing so, help define the boundaries of its strategy. If the business’s boundaries were set too narrowly, it would miss opportunities to expand. If fixed too broadly, the business would take on an excessive level of uncertainty. GE’s medical business, for instance, had historically defined its boundaries with a simple statement: “We’re not going to go into anything that goes inside the body.”

Krakowiak and Eshoo needed a way to bring a stronger central touch into what should still remain a largely decentralized operation. A Corporate Risk Committee met quarterly to review each business’s appetite for risk, the risks to which it was exposed, and how well the risks were managed. This Committee worked closely with directors, reporting twice annually to the board’s Audit Committee on risks across the business and how they might combine to create systemic threats. The board also created its own Risk Committee, which reviewed the company’s risk assessment and management with the CEO and conferred separately with the chief risk officer. But although Krakowiak and Eshoo had created a preliminary dashboard of metrics for identifying and measuring risk by business and function, they continued to question whether it was sufficient, asking: How many indicators should the risk dashboard focus on? At what granular level? And how should the board best be informed? In financial services, regulators demanded a host of specific metrics, but how are those multiple data points best reported to the board? And finally, how could the board, CEO, and chief risk officer better scan for and guard against low-probability but high-consequence events?

See the Additional Resources links below for more examples and research findings.

Action Steps:

Risk management looks different in every company, but constant monitoring — not just of risks and their potential upsides and downsides, but of the process itself — is key to its success. To better monitor your risk assessment activity, follow GE’s example by taking a wide-ranging approach. Consider the following checklist, and use it consistently to make sure you are on track, making adjustments as necessary.

  1. Is your company’s risk appetite well defined and disciplined?
  2. Are your company’s risk management practices preemptive rather than reactive?
  3. Does your company properly balance downside risks and business opportunities?
  4. Is excessive risk well defined and properly avoided?
  5. Has the company prepared for low-probability but high-consequences events?
  6. Is risk management embedded in operating practices and the mindset of managers throughout the ranks?

Share Your Best Practices:

Do you have a best practice for monitoring your risk management process? If so, please share it on our blog at Wharton's Center for Leadership and Change Management.

Additional Resources:

  • The Checklist Manifesto: How to Get Things Right, Atul Gawande (Holt, 2009). Examines checklists as used in various professions, observing that no matter how talented or successful an individual may be, a well-designed checklist will prevent errors and improve outcomes.
  • Crisis Leadership Now: A Real-World Guide to Preparing for Threats, Disaster, Sabotage, and Scandal, Laurence Barton (McGraw Hill, 2008). Offers concrete solutions for managing disruptive events — from industrial accidents and acts of violence to embezzlement, product recalls, and terrorism.
  • Boards That Lead: When to Take Charge, When to Partner, and When to Stay Out of the Way, Ram Charan, Dennis Carey, and Michael Useem (Harvard Business Review Press, 2014). Advocates for a new governance model — a sharp departure from what has been demanded by governance activists, raters, and regulators —and reveals the emerging practices that are defining shared leadership of directors and executives.
  • Michael Useem teaches in Wharton Executive Education’s Boards that Lead: Corporate Governance that Builds Value, Advanced Management Program, Country Manager Leadership Program, and others.

About Nano Tools:

Nano Tools for Leaders® was conceived and developed by Deb Giffen, MCC, Director of Innovative Learning Solutions at Wharton Executive Education. It is jointly sponsored by Wharton Executive Education and Wharton's Center for Leadership and Change Management, Wharton Professor of Management Michael Useem, Director. Nano Tools’ Academic Director is John Paul MacDuffie, Wharton Associate Professor of Management, and Director of the Program on Vehicle and Mobility Innovation (PVMI) at Wharton's Mack Institute for Innovation Management.

Download this Nano Tool as a PDF