Skip Navigation Links.
Collapse IRMI OnlineIRMI Online
Expand How To Use IRMI OnlineHow To Use IRMI Online
My Paid Publications
Expand What's NewWhat's New
Expand DashboardsDashboards
Expand Commercial Liability InformationCommercial Liability Information
Expand Commercial Property InformationCommercial Property Information
Expand Commercial Auto InformationCommercial Auto Information
Expand D&O, PL, E&O, EPLI InformationD&O, PL, E&O, EPLI Information
Expand Workers Compensation InformationWorkers Compensation Information
Classifications and Cross-References
Collapse Risk Mgt. and Multiline InformationRisk Mgt. and Multiline Information
Expand Risk Management -- Why and HowRisk Management -- Why and How
Collapse Free Expert CommentaryFree Expert Commentary
Expand Brand Equity and Product RecallBrand Equity and Product Recall
Expand Catastrophe Risk ManagementCatastrophe Risk Management
Expand Claims ManagementClaims Management
Expand Construction Case StudiesConstruction Case Studies
Expand Construction QualityConstruction Quality
Expand Construction SafetyConstruction Safety
Expand Corporate AviationCorporate Aviation
Expand Corporate Fraud PreventionCorporate Fraud Prevention
Expand Courts and CoverageCourts and Coverage
Expand Cyber InsuranceCyber Insurance
Expand Drafting and Interpreting Insurance PoliciesDrafting and Interpreting Insurance Policies
Collapse Enterprise Risk ManagementEnterprise Risk Management
Add Spreadsheets to Your Risk Inventory (July 2009)
The Role of the CIO in the Risk Intelligent Enterprise (February 2009)
Where Was Enterprise Risk Management? (November 2008)
Critical Role for the Chief Audit Executive: Aligning Risk Assessment (October 2008)
Chief Audit Executives and Risk Management Silos (March 2008)
Risk Management's Chief Audit Executive (December 2007)
Prescribing Risk Intelligence for the Life Sciences Sector (December 2007)
Enterprise Risk Management in Uncertain Times (October 2007)
Taking Risks To Create Value—It's What Capitalism's All About! (September 2007)
Risk Management Practices Cannot Be "Bolted On" (July 2007)
When Risks Marry and Multiply (June 2007)
Balancing Risk Probability and Vulnerability (May 2007)
Addressing the Full Spectrum of Risks (May 2007)
Bridging the "Silos" (April 2007)
Traditional Risk Management Inadequate To Deal with Today's Threats (March 2007)
The Alchemy of Enterprise Risk Management: Examples from the Investment World (December 2003)
Practical ERM Applications: Risk Integration (September 2003)
Implementing Enterprise Risk Management: Getting the Fundamentals Right (June 2003)
ERM Lessons Across Industries (March 2003)
Practical ERM Applications: Capital Allocation (November 2002)
Practical ERM Applications: Assessing Capital Adequacy (September 2002)
The Language of Enterprise Risk Management: A Practical Glossary and Discussion of Relevant Terms, Concepts, Models, and Measures (May 2002)
Implementing Enterprise Risk Management: The Emerging Role of the Chief Risk Officer (January 2002)
ERM and September 11 (November 2001)
Modeling the Reality of Risk: The Cornerstone of Enterprise Risk Management (July 2001)
Enterprise Risk Management in the Financial Services Industry: From Concept to Management Process (November 2000)
Enterprise Risk Management in the Financial Services Industry: Still a Long Way To Go (August 2000)
Enterprise Risk Management: What's Beyond the Talk? (May 2000)
Expand Environmental Risk ManagementEnvironmental Risk Management
Expand EthicsEthics
Expand Global ImpactGlobal Impact
Expand Insurance ArchaeologyInsurance Archaeology
Expand InternalControlInternalControl
Expand Litigation ManagementLitigation Management
Expand MaritimeLawMaritimeLaw
Expand MediationMediation
Expand Political RiskPolitical Risk
Expand Privacy IssuesPrivacy Issues
Expand ReinsuranceReinsurance
Expand Risk Management TechnologyRisk Management Technology
Expand SecuritySecurity
Expand Terrorism Risk Management & InsuranceTerrorism Risk Management & Insurance
Expand IRMI InsightsIRMI Insights
Expand IRMI Update Newsletter ArchivesIRMI Update Newsletter Archives
Expand Risk Finance InformationRisk Finance Information
Expand Construction InformationConstruction Information
Expand Personal Lines InformationPersonal Lines Information
Expand Insurance IndustryInsurance Industry
Expand Glossary of Insurance & Risk Management TermsGlossary of Insurance & Risk Management Terms
Expand SearchSearch
Terms of Use
Privacy Statement
System Requirements
Support

Bridging the "Silos"

April 2007

If we learned anything from September 11, 2001, it's that first responders must be able to communicate with one another. The inability of emergency personnel to remain in contact and share information proved one of the most debilitating failures of the terror disaster.

by Mark Layton and Jody Noon
Deloitte & Touche

Although obviously not of the same magnitude, a similar problem plagues risk management efforts at many organizations today. Corporate risk managers routinely assess and respond to risks of all kinds while isolated and disconnected from their counterparts across the company. Yet, without regular and frequent communication among risk managers, corporate-wide integrated risk assessment and response are not possible.

Given the way most companies institutionalize risk management, inadequate communication should be no surprise. Whether risk is defined as avoiding threats, identifying opportunities, or hopefully both, responsibility for risk management often lies with risk specialists at the department level who typically dig themselves into a vertically oriented "silo" within the broader organization.

While risk specialization is an essential component of intelligent risk management, inward-looking risk specialists trained to see potential risks through the perspective of departmental agendas are ill-prepared to recognize, much less deal with, risks that transcend silo boundaries. The customer relations snafu that quickly becomes a public relations disaster, or the data breach that becomes a major litigation issue, might have been better dealt with if word were sent quickly up and across the chain of command.

Unfortunately, the flow of information integral to optimal risk management is not supported in an environment of department-bound risk managers. Nor is this isolation problem limited to communications. Other problems endemic to "silo-based" culture include:

  • A failure to standardize risk management methodology, terminology, and benchmarks to evaluate performance and results
  • An inability to rely on contributions by risk managers in other departments
  • Consequent duplication of effort throughout the organization
  • An increased burden on business functions at all levels

Such conditions fail to promote the sharing of multiple risk assessments and recommendations within the enterprise which can make it difficult—if not impossible—for top managers to obtain an accurate and comprehensive "portfolio view" of the nature and level of risk to which the entire company is actually exposed.

To mitigate the impact of a "silo sensibility," some companies have transformed their chief risk officer into a risk czar. Typically, such arrangements transfer risk assessment responsibilities from multiple points to one point within the organization. The impact is to transform an ineffective decentralized process of risk management into an ineffective centralized process in which mandates from the C-suite discourage risk assessment closer to operational realities. Neither approach works. Neither positions corporate leadership to deal effectively with either threats or opportunities.

The Risk Intelligence Approach

What does work is what we call a "Risk Intelligence" approach that bridges compartmentalized departments by establishing a mutually supportive, reciprocal, and shared responsibility among risk managers and high-level decision makers. It consists of:

  • Establishing common risk methodologies, terminology, and metrics to ensure consistent risk management and reporting across the enterprise.
  • An inclusive risk scenario process designed to quickly assess risks and produce actionable cross-department risk mitigation plans.
  • Increasing adoption of a corporate-wide perspective on the part of risk managers while they maintain a thorough understanding of departmental agendas.

Simply put, neither departmental risk managers nor centralized risk czars should be the true owners of corporate risk. That ownership belongs to business unit executives and top leadership, both of whom are informed, educated, and prepared to deal with potential risk when risk managers throughout the organization are able to offer risk assessments and recommendations in an integrated and self-sustaining process characterized by a simultaneous bottom-up and top-down collaboration.

How to put such a process in place? Incrementally, through evolution not revolution. The effectiveness and credibility in dealing with risk that comes from true risk intelligence cannot be established overnight. It must be earned in a step-by-step repositioning of people and resources over time that ultimately will effectively deal with both threats and opportunities.

Jody Noon, RN, JD, is the National Practice Leader for Life Sciences & Health Care Regulatory at Deloitte & Touche LLP. She can be reached at jodynoon@deloitte.com or at (212) 436-2558.

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.

More Risk Management Information from IRMI
Books, Manuals, Newsletters IRMI
Online 		SilverPlume
Sage
Practical Risk Management IRMI Online SilverPlume Sage
The Risk Report IRMI Online SilverPlume Sage
Construction Risk Management IRMI Online SilverPlume Sage
Contractual Risk Transfer IRMI Online SilverPlume Sage
Risk Financing IRMI Online SilverPlume Sage
Exposure Survey Questionnaire IRMI Online SilverPlume Sage
Guidelines for Insurance Specifications IRMI Online SilverPlume Sage
How To Draft and Interpret Insurance Policies
IRMI Insurance Checklists IRMI Online SilverPlume Sage
RMIS Review IRMI Online
Free Risk Management Articles in IRMI.com
25 Risk-Conquering Ideas
Risk Management
Effective Contractual Risk Transfer in Construction
Risk Management - Why and How
Insurance Continuing Education Courses from IRMI
Litigation Management (CE)
Contractual Risk Transfer in Construction (CRIS CE)
Check It Out
Save 36% with the IRMI Professional Library
© 2000-2009 International Risk Management Institute, Inc. (IRMI). All rights reserved.