Gartner Blog Network

One Simple Way to Get Your CEO to Embrace Risk Management

by John A. Wheeler  |  May 28, 2014  |  6 Comments

Why do most CEOs or other senior business executives cringe at the thought of having to meet with risk management professionals? By their very nature, CEOs are hard wired to seek out growth opportunities that will add value to their companies. However, risk management professionals are hard wired to find ways to minimize losses that will erode value. The goals are polar opposite to one another.

So, how can you get your CEO to embrace your risk management program? You must change the way you communicate about risk. For most risk management professionals, the focus of the conversation with their CEO is on the likelihood and impact of risks that a company faces. This is typically depicted by using a risk heat map such as the one below.

high low risk graphic

The problem with this exercise is that it is born out of an insurance mentality of minimizing or eliminating losses by reducing or avoiding high risk business activities. This is counter-intuitive for the CEO. CEOs are the ultimate risk takers in your company and rightfully so. However, what separates the successful CEOs from the unsuccessful CEOs is the ability to take the right risks. So, you must re-frame the conversation about risk from “high risks vs. low risks” to “good risks vs. bad risks”. Some of the very same “high risks” may actually be “good risks” when fully evaluated against the value created and the company’s understanding or appetite for taking the risk. A different way to view the risks is depicted below.

good bad risk graphic

Many of these “good risks” lie at the heart of innovation that have driven companies like Apple, Google and others to break from the pack to dominate their market. Gartner’s research and advice can help you make this simple shift in your risk-related communications with the CEO and others in your company. To learn more, view my latest research by clicking here or attend one of our upcoming Security & Risk Management Summits around the globe.



Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: enterprise-risk-management  grc  operational-risk-management  risk-management  

Tags: ceo  digital-risk-2  risk-appetite  risk-management  senior-executives  

John A. Wheeler
Global Research Leader - Risk Management Technology
9 years at Gartner
30 years IT Industry

John A. Wheeler is global research leader for risk management technology solutions and professional services. His areas of specialty include integrated risk management, executive leadership and corporate governance. Follow him on Twitter @JohnAWheeler Read Full Bio

Thoughts on One Simple Way to Get Your CEO to Embrace Risk Management

  1. Hadiza says:

    I like your profile in this community network and I think you are a nice person. Can we get in contact? I’m sorry if i am embarrassing you, I got curious to know you better after viewing your profile i think that i have something important to exchanged with you i shall explain more about myself including my pictures, please E-mail me to ( ) not in this site because i am a new in this community and i don’t visit this site often, I’d like to get to know you if you don’t mind
    Please i will Tell you more about my self
    thanks & regards

  2. […] One Simple Way to Get Your CEO to Embrace Risk Management [Gartner] […]

  3. Hi John,

    Good out-of-box thinking. I was seriously thinking in adopting it, but I got some concerns that prevents me from doing so. That said I would like to discuss them with you:

    1) All over the world, the reports use the GREEN color for good things. Shall I use the GREEN for Good Risks and everybody will think that the item is fine and must stand still. This is counter-intuitive regarding analyzing a report. This kind of report will be an exception that may confuse who gets used to analyze many reports.

    2) Is there anything between Good and Bad risks? Isn’t it something boolean, like true or false? You must take an option: “mitigate/avoid/transfer” or “accept”, so there is no reason to put the yellow line in the image.

    3) What about the action to take on the “Bad Risks”? The CEO should think “I will never bother about this risk”. How do you explain that even the “Bad Risk” also need to be mitigated/avoided/transfered? He may ask “Didn’t you say that it is a bad risk? Why should I care?”

    4) Which could possibly be the objective criterias to define the “Value” and the “Appetite”?

    I thought just using the Image 1 (Impact x Likelihood), inverting the colors, removing the yellow layer, renaming “High Risks” to “Good Risks” and “Low Risks” to “Bad Risks” may be a better representation instead of using “Value” and “Appetite”.

    I like the good and bad risks approach and already read some articles about it, although this approach does not seems to fit in a risk report.

    What do you think, John?

    Anderson Dadario

  4. […] One Simple Way to Get Your CEO to Embrace Risk Management (Gartner, 28.05.14) […]

  5. world news says:

    This is really interesting, You are a very skilled blogger.
    I’ve joined your rss feed and stay up for looking for more of your
    excellent post. Additionally, I’ve shared your web site in my social networks

  6. fourquadrant says:

    I like the good and bad risks approach and already read some articles about it, although this approach does not seems to fit in a risk report.

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.