Volkan Can, enterprise risk manager of a global building materials company, and board member of the Enterprise Risk Management Association of Turkey, explores why entwining risk with day-to-day operations is a common but critical mistake

Risk management is a nuanced and intricate art that extends far beyond rigid frameworks, such as COSO and ERM.

In today’s world, critical risks are in constant flux, mirroring the ever-changing global corporate agenda that includes pandemics, ESG concerns, business continuity, and more.

Change directions

Risk management must walk apart from operations, so it can adapt to ever-changing risks


These risks have now firmly embedded themselves in the risk inventory of every astute risk manager.

However, a glaring mistake often made by companies is the entwinement of one of these risks with day-to-day operations, effectively making it an inseparable part of their risk management.

While integrating risk management into operations, especially for critical risks, has its merits, a subtle pitfall lies within this approach.

The demarcation line between operations and risk management is paramount; sometimes, it blurs, and sometimes it remains distinct.

Employing a metaphorical lens, likening companies to human bodies and their functions to organs or limbs can provide clarity and simplify this intricate process.

”The demarcation line between operations and risk management is paramount”

Imagine risk management as akin to stem cells in the human body. Stem cells possess the remarkable ability to adapt and transform into any cell or tissue as needed.

Similarly, risk management can adopt an operational role for critical risks, acting as a dynamic, adaptable force. It steps into a specific area of the organisation, creating control mechanisms and mitigating risks, ensuring they align with the accepted risk appetite.

Once its mission is accomplished, it seamlessly transitions to address another risk, akin to stem cells shifting their focus to different tissues and organs as required.

However, it is crucial to avoid the trap of making risk an indistinguishable part of operations for every emerging critical risk.

Doing so would necessitate creating a secondary operational entity under the aegis of risk management, which can inadvertently stifle the dynamism of the risk management process, rendering it static and inflexible.

”Risk management should be equally nimble, ready to participate wherever and whenever required within the organisation.”

Effective risk management must mirror the fluidity and adaptability of stem cells. Just as stem cells remain ever-ready to engage with various bodily functions, risk management should be equally nimble, ready to participate wherever and whenever required within the organisation.

This fluidity is what distinguishes strategic risk management, allowing it to add tangible value to companies.

In conclusion, risk management is not a monolithic entity but rather an art form that thrives on adaptability and foresight.

By maintaining a separation between risk management and operations while deploying it strategically as circumstances demand, organisations can ensure that risk remains a dynamic and formless force ready to safeguard and enhance their resilience in an ever-evolving world.

This fluidity is the essence of strategic risk management, empowering companies to navigate the uncertain terrain of the modern business landscape with agility and confidence.