I have written before about enterprise risk management, which is an essential piece of both performance management and corporate governance. Every aspect of business entails risk. Everyone who makes a business decision is – whether consciously or not – making trade-offs between risk and reward. Assessing risk is tricky in business because it means different things to different people depending on where they work and their specific role in an organization. From a broad view, risk management becomes an “enterprise” issue for three reasons. One is to ensure that risk management is harmonized across the company and consistent with the corporation’s risk tolerance. A second purpose is to manage cross-functional risks – things that happen in one part of the company can have negative impacts on other areas. The third is to address the risk elements of what’s called the agency dilemma.
I recently commented on why I believe companies must manage taxes more intelligently. One dimension of this is optimizing tax risk exposure. Most corporate tax codes are notoriously complex and at times ambiguous, leaving room for companies to interpret their application. These interpretations fall on a scale of “conservative” to “aggressive,” in which companies weigh the risk of penalties and other negative outcomes against that of paying more taxes than necessary. It strikes me that few of the companies that should be paying attention to these sorts of trade-offs are doing so. I suspect there are a couple of important reasons.