Functional performance  ·  Risk management

Most companies don't do risk management. They do risk avoidance.

High performance is the result of reconciling opposites. The risk function is no exception. Risk avoidance is one-sidedness in a policy — the pathology of a value cut loose from its opposite. It looks safe. It feels rigorous. It turns the function into a brake the business learns to bypass, until something breaks that no one was watching.

Real risk management is something different. It is the discipline of reconciling the tensions the business cannot resolve on its own — compliance and agility, prevent and enable, control and empowerment. The job is not to say no. It is to help the organisation take the right risks, well.

From risk avoidance, through risk acceptance, to risk management.

Why most risk functions struggle

Risk-aversion, on its own, becomes a pathology.

Most risk functions drift toward one side. The frameworks tighten. The reviews multiply. The "no"s start arriving faster than the "here's how to do this safely"s. On paper it looks like prudence. In practice it produces the predictable negative loop of a value cut loose from its opposite.

The other side never disappears. It returns as consequences. The risks that get taken are taken without the function's challenge — because the business has learned to route around it. The risks that get avoided cost the organisation an opportunity it needed. And the risk team, having protected the business from the wrong things, is the first to be questioned when the right thing breaks.

This is not a competence problem. Most risk functions have the technical skill they need. It is a tension problem. They are being held to one side of a dilemma that has two sides, and the longer they stay one-sided, the more the business compensates with informal workarounds, parallel processes, and decisions that never reach the framework at all.

Real risk management starts somewhere else. It starts by recognising that risk-aversion and risk-taking are not opposites to be chosen between, but a duality to be reconciled — held together in the way the function challenges, frames, and supports the decisions the business actually has to make.

"A value disconnected from its opposite leads to a pathology."

— Fons Trompenaars

When to bring us in

Three questions clients actually ask.

Each of these comes from a real conversation. Different sectors, different risks, same underlying problem: a function held to one side of a dilemma that has two sides, and a business that is paying the price for the unreconciled tension.

From a risk-avoiding to a risk-managing culture.

"Can you help our organisation change from a risk-avoiding to a risk-managing culture?"

The framework is in place, the team is competent, and the prevailing instinct is still no. We work with leadership to shift the function — and the dialogue around it — from blocking the wrong risks to enabling the right ones, deliberately.

Compliance is costing us clients.

"We are losing clients because our compliance regime is one of the strictest in our market. Help us change."

The choice on the table looks like rigour or growth. The reframe we work toward is rigour that accelerates growth — controls designed so that the right answer is the fast answer, and the slow answer signals a real disagreement worth surfacing.

We want to innovate. We don't know how to risk.

"We want to become an innovative company, but we are not used to making mistakes or taking calculated risks."

Innovation depends on a function that can hold both sides — the discipline to avoid avoidable harm, and the appetite to make the deliberate bets the strategy requires. We help leadership build the dialogue and behaviours that make calculated risk-taking a normal part of how decisions get made.

Risk management, reframed

From avoidance, through acceptance, to management.

There is a progression most risk cultures need to make, and the steps are not interchangeable. You cannot leap from avoidance to management. You go through acceptance — and you keep going.

Avoidance is the brake. Risk is the thing to stop. The function is feared, formally respected, and quietly bypassed. Decisions that matter happen in the side conversations the framework never sees.

Acceptance is the pendulum swing. Risk is acknowledged, tolerated, signed off. The function is in the room — but loses its edge. Sign-off starts to look like ratification. Tolerance starts to look like permission. The framework holds. The judgement weakens.

Administración is the through-through. The function is neither a brake nor a rubber stamp. It exists to reconcile the tensions the business cannot resolve on its own: compliance and agility, prevent and enable, control and empowerment. Its measure is not how many risks it stopped, nor how many it permitted. It is whether the organisation took the right risks, well — and declined the wrong ones, deliberately.

This is what the value of a value means in a risk context. Risk-aversion that strengthens the appetite for the right risks is doing its job. Risk-aversion that simply suppresses appetite is producing the pathology, regardless of how rigorous the framework looks. The framework is not the test. The reconciliation is.

"Risk management needs to lift up from risk control to risk intelligence which can identify potential business growth opportunities."

— Pearl Zhu

Take the right risks, well. That is what the function is for.

What the function reconciles

Seven tensions every risk function carries.

Across enterprise risk, conduct, operational and strategic risk, the same dilemmas keep returning. A function that reconciles them creates capability. A function that picks a side produces the pathology — and a business that has learned to expect it.

  • Prevent and enable.
    Risk appetite as a licence to act, not only as a limit. The test is whether the function helps the business take the risks it should, with the same conviction it brings to stopping the ones it shouldn't.
  • Compliance and agility.
    Rigour that accelerates decisions rather than slows them. Controls designed so that the right answer is the fast answer, and the slow answer signals a real disagreement worth surfacing.
  • Control and intelligence.
    Lifting the function from controlling the avoidable to identifying the opportunity inside the risk. The same data, read with a different question: not only "what could go wrong?" but also "what does this expose us to gain?"
  • Independence and integration.
    Distance from the business and closeness to it, both. A Second Line too integrated stops challenging. A Second Line too independent stops being heard. The value lives in holding both at once.
  • Standardisation and judgement.
    Frameworks rigorous enough to be reliable, open enough to admit context. The decisive question is not "does the policy permit this?" but "what does this specific decision actually need?"
  • Short-term safety and long-term resilience.
    Controls that prevent today's incident without starving the organisation's capacity to adapt to tomorrow's. A function focused only on the avoidable can leave the business fragile to the unavoidable.
  • Transparency and discretion.
    Surfacing risks fully without exposing the organisation needlessly. The discipline of telling the truth at the right level of detail to the right people, on time.

The function's job is to hold these tensions, not to resolve them by picking a side.

Approach

From risk appetite to daily behaviour.

A risk appetite statement on the wall does not change a decision in the room. The 4R apporach moves from the dilemmas the function actually carries, through the reconciliations that resolve them, to the behaviours, decision rights and dialogue routines that make those reconciliations a default — not a heroic act.

1 Recognise 2 Respect 3 Reconcile 4 Realise

From risk dilemma to daily practice. Four steps that move a risk function from a framework on paper to the specific tensions its role puts in front of it, and the reconciliations that turn those tensions into capability rather than friction.

1 Recognise

Map the cultural and business risks the function actually carries.

Our diagnostics map both the cultural and business risks your organisation is creating, and how ready it is to deal with them. The output is a concrete picture of where the function is one-sided, by risk type, by business unit, by decision forum — and the dilemmas leadership has to start reconciling.

2 Respect

Chart the differences as dilemmas, not compromises.

Blended workshops with risk and business leaders use our tools to assess the risk culture from both sides. The work surfaces why each side of a tension is partially right, and the pathology that appears when it is cut off from its opposite. Compromise is taken off the table. Constructive dialogue replaces it.

3 Reconcile

Turn risk into innovation through through-through.

Through our Dilemma Reconciliation Process we work the tensions that matter most — starting from the one at the heart of the function: prevent and enable. The shift is from either-or, through both-and, to through-through: more agility through compliance, more compliance through agility, more growth through control, more control through growth.

4 Realise

Root reconciliations in systems, processes and behaviour.

Our Values-to-Behaviour (V2B) process translates reconciled risk values into a Charter of Behaviour for risk and business leaders together — and into the risk appetite, decision rights, escalation routines and review cadences that root the reconciliation in the company's systems and processes, not just its slide deck.

"Until you can point to what a value means on a Tuesday morning — in a credit decision, in a product approval, in an incident review — you do not have a value. You have a slogan."

Go deeper

Books, articles, and diagnostics.

Publications

Books and articles from our research and consultancy on dilemma reconciliation, applied to the tensions every risk function carries.

Libros

  • Riding the Waves of Culture — Trompenaars & Hampden-Turner, Nicholas Brealey

Artículos

Seguir leyendo

Modelos

Proprietary models that make risk dilemmas explicit and reconciliations actionable.

Herramientas

Diagnostics that make the risk function's tensions measurable.

  • Dilemma Reconciliation Profiler
    Maps how the function and its business counterparts currently handle the decisive tensions in risk — where each side is one-sided, where reconciliations are emerging, and where pathologies are setting in.
  • Team Effectiveness Profiler
    Assesses how effectively risk and business teams collaborate, communicate and decide together — with insight into the behaviours that enable, and the behaviours that quietly undo, real risk dialogue.

Hablemos

Stop avoiding risk. Start managing it.

If your function is technically excellent and increasingly bypassed, your appetite statement never enters a real decision, or compliance is starting to cost you the growth your strategy depends on — let's talk about the dilemmas the function is carrying, and what it would take to reconcile them.

Book a discovery call

Our success stories

Success Story Risk Management - Rabobank
Regaining market share in the USA by implementing a risk culture change compliant with the Dutch regulations