• Home
• Site Map
• Privacy

About the Author

Steven Minsky, LogicManager CEO, highlights the differences between Compliance and true Enterprise Risk Management, which most importantly is about helping something to happen - not preventing something from happening. Steven's blog helps you think about risk in a new way and how to benefit practically from this rapidly evolving new field.

• Blog
• Events
• News
• Webinars

New Era of Risk Management

The Power of Expert Opinion: A Lesson in Risk Management

The book “Blink” by Malcolm Gladwell is a must read for risk managers. Chapter one opens with the description of the approach used by the J. Paul Getty Museum to perform due diligence on a famous statue?s authenticity prior to acquisition for their collection. This is a classic low frequency and high impact event with a price tag of $10 million for the statue. They hired a team of consultants and lawyers that did deep analysis. For example, a geologist determined the marble used for the statue was consistent with the statue’s origin and a legal team did a paper trail that validated the chain of ownership. After 14 months of investigation, the Getty Museum staff with the help of professional consultants concluded the statue was authentic, and the Getty Museum made their purchase.

However, when the statue was shown to art experts their conclusions were immediate that it was a fraud. These art historians sensed that although the statue had all the obvious telltale signs that it was genuine, their instinct told them it was a fake.

As a result, the investigations were revisited and the holes began to appear in what was previously determined a rock solid conclusion. Eventually, the statue was revealed to be a forgery dating back to Rome in the early 1980’s. How could 14 months of rigorous due diligence by highly trained and paid professional consultants be wrong? So wrong in fact, that art historians who relied on their instincts could come to the correct determination in a matter of moments?

The author, Gladwell, argues in his book, a powerful process in all of us is working subconsciously to sort through huge amounts of information gathered over a lifetime, make associations between data, and extract key indicators to arrive at rapid highly accurate conclusions.

This is also the process of Enterprise Risk Management (ERM). A few ERM best practices are illustrated in this story:

• Let your line management lead the risk management process for their areas.
• Capture this expert opinion with a framework of risk indicators and a root cause discipline to ensure the quality of capturing the expert opinion.
• Document their self-assessments of their operating processes to identify “What could go wrong?” based on their powerful expertise gathered from intimate knowledge of the subject matter.
• Evaluate the expert opinion to determine if action needs to be taken.
• Formalize the mitigation process to follow-up on these instincts to craft a plan of action that takes into account historical data and traditional analysis.
• Monitor the plan of action to make sure it actually achieves the goal rather than just appearance.

Other posts

• ERM vs GRC? SEC Says No to Myopic Approach: Costly Example from Goldman Sachs
• S&P Issues Risk Management Progress Report
• SEC Proposes Accountability for ERM at the Board Level
• Wake-up Call for an ERM Approach to Business Continuity
• New Congressional Report: A Call to Action for ERM Regulation
• Evidence links ERM directly to improved business performance
• Risk Management: Evolve or Step Aside
• Global Warming: What does it mean to your bottom line?
• The Institute of Internal Auditors: A champion of ERM
• New Audit Standard For Financial Reporting
• Information Security and Enterprise Risk Management
• Amaranth Advisors revealed; The Emperor has no clothes
• The Power of Expert Opinion: A Lesson in Risk Management
• BP Oil Pipeline Leak: A Cry for Enterprise Risk Management
• Risk Management: Problems with spreadsheets?