I’ll be the last one to tell you that a strong central risk management function is a bad thing. Unfortunately, many organizations make the mistake of investing only in a centralized function because it’s too difficult to federate, and push risk management to lower levels of responsibility in the organization. It’s a classic consistency vs. quality of information problem.
Accurate information lies at the business line level – a manufacturing company’s CRO may not know that you’re throwing away millions of dollars a year due to a lack of quality suppliers, but the supplier quality manager certainly does. The challenge is that it’s traditionally very expensive to consolidate this local lower level information. Organizations attempt to survey and assess process owners, but the information comes back in various formats, of various levels of quality, and it leads to information silos – it’s impossible to get an apples to apples comparison. Out of frustration, many of these efforts fail, leading to a strong centralized risk function.
Organizations must augment their centralized risk management efforts with localized, distributed data, and the only to reliably do that is to invest in automated technology solutions.