Over the last few decades, there has been a proliferation and expansion of career categories and roles within large organisations, many of which add dubious value to their stakeholders.
Examples might include the exponential growth of the previously named “Personnel” department; the size of the Human Resources’ departments as a ratio of the entire company has generally expanded exponentially since, say, the 1980s.
This spawned the utterly pointless diversity military industrial complex, based mainly on a ridiculous 1989 essay by Peggy McIntosh.
Another example, perhaps less obvious, is the Risk department.
Financial institutions in particular, have an increasing footprint of staff with “Risk” in their job title. For those who have been lucky enough to not work with these people, “risk” is a code for “no responsibilities“.
Being a “risk professional” means never having to be accountable for anything.
That might sound like an inflammatory statement but it’s easily empirically-checked; there have been plenty of documented failure in organisations’ risk management over the last few years. Examples include Wokepac’s Paedophile Enablement Programme, CBA’s Mafia Laundry Scheme, and dozens of leaks of personal data by private and public sector organisations.
How many of those resulted in the resignation or firing of the most senior risk officer? Perhaps you could let us know in the comments if any “risk professional” lost their job as a consequence.
The Audit team, at least, serve a useful purpose of checking compliance occurred as required for critical activities. By contrast, the Risk team are generally worse than useless as they advise on avoiding things that might happen. Proving they have helped is an impossible task as it is like proving a negative; the car didn’t crash because we took the keys from you.
Risk is one of those departments capable of parthenogenesis. Decades ago, risk was mainly a safety or financial function; what can we do to not kill workers or how do we hedge against this financial transaction going to shit?
These days though, all sorts of risks are documented in Excel spreadsheets or expensive software products that are just glorified versions of spreadsheets. Risk “professionals” in a crappy mediocre retail bank pretend they can somehow quantity geopolitical risks or mitigate for earthquakes in Indonesia by facilititing post-it note workshops and acting like over-promoted junior police officers bullying and pestering those people whose job it is to actually generate revenue.
The science behind risk management is complete bollocks. Depending on which source you select, you’ll be shown a complicated methodology which pretends it can somehow grade probability and impact to provide a credibility-lite relative score of the risks to the organisation.
Of course, with all models, the input parameters and assumptions behind the calculations are critical to the likely accuracy of the result they give. GIGO – garbage in, garbage out.
The people in these risk roles are never impressive individuals either. As with any kind of critic, they are most likely providing feedback on people whose job they simply couldn’t do themselves.
Those who can, do.
Those who can’t, teach.
Those who can’t even teach, measure risk”.
An classic example comes to mind from my recent experience in an Australian bank. My interlocutor was a chap who seemingly had made a career out of being deeply unpleasant.
In one of those frequent coincidences with ugly personalities, he was also physically repulsive; no chin, terrible dentistry, a lopsided face (think Thom York without the talent). Better still, he suffered from extreme rhoticism; he pronounced “th” as “f” or “v” and “r” as “w”.
“Hi, I’m ve genewal manager of wisk and I fink we must gwade vese wisks“.
We once had an illuminating conversation over a corporate slide deck; there was wholesome picture of a young child on scooter. The kid was wearing a helmet and open-toed shoes. We had an argument about which was the greater problem.
My view; it’s almost certain the kid will rip her foot whilst scooting.
His view; if she bangs her head she might suffer a brain injury.
He seemed somewhat offended when I asked him how many children he had (spoiler alert; none, and little chance of that changing).
So how did it go for us, corporately and in government, with this massive army of risk managers keeping us safe?
Just as the lawyers of the world mainly missed writing the word “pandemic” in their definition of Force Majeure, the Risk team in most organisations have completely failed to do their job.
Of course, the most likely response to this will be to hire more, not fewer/better risk managers.
Wince and wepeat.