Last year I attended an international risk management conference and was quite shocked by one of the sessions I attended. One of the presenters said, “ERM’s job is to protect the balance sheet.” Enterprise risk management (ERM) is a function that must address all types of risk, not just financial risk.
Monetizing risk and normalizing risk are two of the biggest problems risk practitioners face. Monetizing and normalizing risk makes it very easy to report risk exposure and risk treatment cost but obscures the true risk impact. When risk impact is obscured or under valued, it causes decision makers to make very poor decisions. This is especially true for safety risk where poorly managed risk events can lead to loss of life.
How much is human life worth?1
When asked this question, many people’s response will be “Human life is priceless.” Unfortunately, the desire to monetize risk impact has given rise for the need to quantify the value of human life. The international standard for the value of human life is $50,000. The Stanford Graduate School of Business conducted research awhile back that indicates the actual value of human life is $129,000. Anyone who has lost a loved one would likely argue that these values are woefully inadequate.
Monetizing risk impact causes these values to be used by decision makers to make decisions about what safety guards are worthwhile and cost effective. Consider a safety risk event that has a risk impact of $2.5 million and the risk treatment cost is $4.4 million. Many decision makers would simply accept this risk because the treatment cost is nearly twice the potential impact, and it doesn’t make economic sense to spend $4.4 million to save $2.5 million.
There would likely be a very different outcome if this risk event was presented to decision makers as a safety risk event that could cause 50 people to lose their lives and the risk treatment cost is $4.4 million. I would like to think that decision makers would choose to spend the $4.4 million to save 50 lives. Please note, 50 lives multiplied by the international standard value of human life of $50,000 is $2.5 million. As you can see, monetizing risk impact can dramatically change the equation.
ERM’s job should be much broader than simply protecting the balance sheet. ERM’s job is to manage all types of risk including budget risk, schedule risk, quality risk, safety risk, reputation risk and mission risk.
Mayo will present How Culture Affects ERM at EuroCACS 2016 30 May – 1 June in Dublin.
1 Kingsbury, K. (2008, May). The Value of a Human Life: $129,000. Time.
Joseph W. Mayo, President, J.W. Mayo Consulting Services
[ISACA Now Blog]