By Lisa Hochgraf
Try this. Really.
Take a quick walk down the hall outside your office and ask the first three people you meet to define what “risk” means for your credit union.
OK. Get up. Head out.
Welcome back! Did you ask three people? Did they give similar definitions—or were some of their ideas about what constitutes a risk for your organization quite different?
Taking the time to develop an organization-wide definition of risk that everyone agrees to is one of the key foundational steps in developing an enterprise risk management program, according to John Bugalla, who recently spoke to CUES' Premier Networking Group Enterprise Risk Management.
Various people in your organization may think risk is:
- uncertainty,
- an adverse event,
- an unexpected gain/loss,
- an expected loss or
- an adverse variation from an expected outcome.
"Some people think it’s a combination of all of these,” Bugalla said. “You need to define common terminology for both risk and ‘risk tolerance.’ It’s a common language thing so when you’re all in a room together it’s nice when everyone is speaking the same language."
Doing the work of defining terms, Bugalla suggested, will leave your CU’s leaders ready to discuss perhaps an even more difficult but very important question: If you’re about to face an unacceptable risk outcome, what are you going to do about it?
Lisa Hochgraf is a CUES editor.
Learn more about CUES Enteprise Risk Management presented by Vital Insight.