Much has been said and written about leadership and risk. From military and world leaders to business entrepreneurs, a common theme is that taking no risks leads to earning no rewards. As Facebook's co-founder Mark Zuckerberg has observed, "The biggest risk is not taking any risk. ... In a world that is changing really quickly, the only strategy that is guaranteed to fail is not taking risks."
In the 21st Century, the risk/reward dynamic takes on the added component of the harrowing speed at which risks can emerge, change, and impact. I have written often of the need for internal auditors to audit at the speed of risk, which is no easy task. Leadership at the speed of risk can be even more daunting.
Today's business leaders must decipher a vexing risk/reward puzzle that can include disruptions in global supply chains, geopolitical instability, cybersecurity threats, and technological breakthroughs that can morph yesterday's state-of-the-art into tomorrow's quaint curiosity.
Those leaders who have excelled at finding the right balance among risk, reward, and speed are highly valued. From Zuckerberg to Jobs, the great entrepreneurs are those who comfortably anticipate and manage risk. Today's greatest business leaders are, in a word, risk-centric. They recognize that failure to identify and manage rapidly emerging risks can prove lethal.
I believe that contemporary leaders who excel in "leading at the speed of risk" share four risk traits that set them apart — risk awareness, risk intuition, risk acceptance, and risk courage.
Leaders who are risk aware are those who can identify threats and manage situations so that those around them are attuned to the risks. These leaders understand that risks cannot be ignored until they impact the organization. They anticipate risks and successfully execute plans to mitigate them before it's too late.
Leaders who possess risk intuition seem to have an innate ability to sense risk in situations, and instinctively know how to navigate through it. But that intuition is supported by a commitment to improving their ability to identify and address risks. They understand there are better ways to manage complex risks than relying on what worked for them 20 years ago.
Leaders who accept risk understand that taking intelligent risks is the path to accomplishing organizational objectives. Successful strong leaders don't treat risk as one-dimensional threats to be avoided, but understand the upside of taking smart, well-calculated risks.
Leaders who possess risk courage are not afraid of risk, they are adept at managing it. But they maintain a healthy respect for its potential to damage the organization. As American President Teddy Roosevelt observed, "Risk is like fire. If controlled, it will help you; if uncontrolled, it will rise up and destroy you."
In internal auditing, we encourage organizations to address risk holistically, and to identify risk strategies and risk appetites. Audit plans are based on providing assurance on organizational efforts to mitigate the biggest perceived risks. But these tools and techniques can provide a false sense of security without strong risk leadership.
In the current business environment, management executives and board members can't be blamed for becoming more risk averse, particularly when one considers the growing list of challenges and responsibilities placed on them. But risk avoidance can in itself become a risk.
Great leaders understand and respect risk. They also have the courage and knowledge to use it in their favor.
I'll close with a quote from Nora Denzel, a member of the board of Ericsson and AMD, "If you don't take risks, you'll always work for someone who does."
As always, I look forward to your comments.