Risk-Based Decision Making

A few years ago, I led an enterprise risk management (ERM) research project on Asian bank risk management. In one meeting in Beijing I met with the CRO of one of the largest Chinese banks. We reviewed the four components of ERM implementation governance structure and policies, risk assessment and quantification, risk management, and dashboard reporting and monitoring (refer to Figure 21.2). He asked which one of the four components I think is the most important to get right. Before answering his question, I asked him for his opinion. He suggested the risk assessment and quantification component, since it provides accurate identification and analysis of the risks. I respectfully disagreed and instead proposed that risk management is the most important because it is the only one of the four components that actually impacts the risk/return profile of the organization. We debated the question and agreed that while all four components are important, the only way to add economic value to the business is through risk management decisions and actions.

That conversation reinforced what I believe to be one of the greatest challenges in ERM: how do we integrate ERM into business decision-making processes in order to create value? This chapter will specifically address this critical question.


In the design and implementation of ERM, it is critical to support the decision-making processes of the organization. The Pareto principle, ...

Get Enterprise Risk Management: From Incentives to Controls, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.