Skip to content
Tech News
← Back to articles

The Art of Risk Management (2017)

2026-04-08 | original
read original get Financial Risk Management Book → more articles
Why This Matters

The article highlights the increasing importance of risk management across industries, especially after the global financial crisis, emphasizing that even firms with sophisticated systems can falter if risk practices are flawed. For the tech industry and consumers, this underscores the need for robust risk oversight to prevent costly failures and protect stakeholder interests. As technology companies become more integral to daily life, effective risk management is crucial to ensure stability, security, and trust in digital services.

Key Takeaways

The Art of Risk Management, which discusses the ten principles that should govern an approach to risk management, is part of a publication series by BCG on CFO excellence. The Art of Performance Management looks at the critical components of a best-in-class performance management system and operating model. The Art of Planning examines the ten principles driving best practices in corporate planning.

In the aftermath of the global financial crisis, companies worldwide have become more focused on risk management. What was once a concern primarily of senior executives in the financial services sector has now become a top-management priority in nearly every industry.

In a global survey of close to 1,500 C-suite executives conducted in the summer of 2011 by Harvard Business Review Analytic Services, more than two-thirds of respondents said that risk management had become somewhat or significantly more important over the previous three years. And in a March 2012 survey of finance executives by CFO magazine, 72 percent of respondents said their companies had increased the amount of time and resources devoted to risk management over the previous two years, with 23 percent calling the increase “significant.”

Risk management is essential in today’s volatile economy. And yet many of the very financial firms that took such dangerous risks before the financial crisis had some of the most sophisticated risk-management operations around. What’s more, some of the very few financial companies that had been praised for their deft risk management before the financial crisis have since gone on to make major errors. One dramatic example is JPMorgan Chase, which suffered a trading loss of $2 billion in 2012 due to trades that its CEO Jamie Dimon has termed “flawed, complex, poorly reviewed, poorly executed, and poorly monitored.”

We worry that in their headlong embrace of formal systems of risk management, many companies are making the same mistakes that companies in the financial sector made. Put simply, they are pursuing a highly technical approach to risk management—characterized by complex financial models and elaborate, formal risk-management systems—in isolation from the day-to-day activities of the broader organization. The result, as was the case at many banks, is that risk management may exist as a formal function, but it is not really embedded in the “mindset” of the broader organization and, therefore, is not shaping behavior and informing decision making.

To be sure, metrics, systems, and processes are important. And for the vast majority of companies, it probably does make sense to create a formal risk-management function. But developing the right risk-management mindset and organizational culture is even more important—and, in our experience, far more difficult to implement.

Companies need a new approach. They need to stop thinking of risk management as primarily a regulatory issue and to reconceive risk management as a value-creating activity that is an essential component of the strategic debate inside the company. The goal of that discussion should not be to eliminate risk, or even to minimize it, but to use it to create competitive advantage. And doing that effectively depends upon a far more dynamic interaction between risk management experts and the line organization.

Ten Principles of Risk Management

Creating a more dynamic managerial system for risk management is as much an art as it is a science. In working with our clients to develop this new approach, BCG has identified ten principles that should govern the art of risk management. (See “Ten Principles of Risk Management.”) We describe these principles below.

Ten Principles of Risk Management Risk management starts at the top. Risk cannot be managed from an ivory tower. Avoid relying on black boxes. Risk management is strategy, and strategy is risk management. Risk management is more than a policy; it is a culture. A risk-aware culture requires the free flow of information. What matters is the “talk,” not the “report.” The path is the goal. It is possible to prepare for unknown risks. Avoid the downside, but don’t forget the upside.

... continue reading

Explore topics: bcg cfo risk management harvard business review financial crisis
Related:
How Data-Driven Storytelling Can Point Your Business Toward Profit and Growth
Smarter Financial Decisions Start with Better Stock Market Knowledge
Fueling Creativity: The CFO’s Role
Uber and Pony.ai are testing a robotaxi service for Europe
A little-known Croatian startup is coming for the robotaxi market with help from Uber

© 2026 GoKawiil

About | Editorial Policy | Contact