Even though it’s the risk managers who run the risk management department and identify, measure and manage risk, they don’t do it for their own benefit. The risk management department is also not a profit center. The risk managers are just doing their job to maximize shareholder value at the direction of the senior management and the board.

The job of a risk manager is to evaluate the risks and communicate them to the senior managers or board. The board and senior management based on the firm’s objectives and the business strategy will decide what to do with these risks. The important question is what risk the investors are paying the firm to take. For example, should an airlines company take the oil price risk or not is the decision to be made by the senior management, not the risk manager.

The critical role performed by the risk manager at this stage is to effectively communicate the risk to the management. Even if the firm has the best risk management systems and policies in place, if the risk managers don’t communicate these risks effectively, then there could be more harm than good. This means that the top management should clearly understand the output and consequences to these risks.

The failure to communicate risks effectively was a prime reason behind the recent financial crisis.

“…a number of attempts were made to present subprime or housing related exposures. The reports did not, however, communicate an effective message for a number of reasons, in particular because the reports were overly complex, presented outdated data or were not made available to the right audience.”

- UBS report for its shareholders discussing the causes of its subprime-related write-downs

This article is based on the paper “Risk Management Failures: What are They and When Do They Happen?” by Rene M. Slutz, which is a part of the FRM syllabus.