May 24, 2022

Enterprise Risk Management and the Principles of the Martial Arts

Eric Bonnell, Senior Vice President, Technology Risk, Atlantic Union Bank

Martial artists train to increase their skills (i.e., controls) while constantly assessing their environment to understand threats (i.e., likelihood and scope of impact of a likely attack). In essence, this describes the basics of a company’sEnterprise Risk program.

“Everyone on the team has something to contribute. Be mindful. Be respectful. Be constructive. Be open to listening. Be ready to follow through to champion the implementation of controls in your line of business. This is how the “game” is played and how we all win”

It follows that the business can learn from the discipline and principles of the martial arts when building, operating, maintaining, and improving their Enterprise Risk program. Below are some well-known quotes from the martial arts that represent seven basic principles for establishing and running a truly transparent and effective Risk Management program.

Principle #1: “There are few people who will make mistakes with fire after having once been burned.” – Yamamoto Tsunetomo

Managing risk becomes easier with experience. Historical knowledge, while not guaranteed to guard against all risk, can surely bring wisdom to an organization. It is unfortunate that the business often suffers a significantly negative challenge before it begins to take Risk Management seriously. Don’t wait to assess and manage your risks! This principle is basic but emphatically essential to successful risk management.

Principle #2: “If you want to be a lion, you must train with lions” – Carlson Gracie

There are benefits to establishing controls and complying with regulatory requirements. These are designed to stop bad things from happening. However, blindly establishing controls without understanding the intent or interdependencies of controls may lead to process overengineering or gaps.

Bring experienced talent into your organization to guide you through the process of understandingthe goals, assets, processes, and risks. Strive to see the big picture and guide your teams todesign and implement risk-based complementary controls to promote safety and efficiency. This is the principle of dedication.

Principle #3: “To know your Enemy, you must become your Enemy.” – Sun Tzu

When identifying risks, you should try to break your processes and systems. This is what the bad guys do. Build an understanding of what could go wrong when different negative situations might occur (e.g., power outages, operational mistakes, inability to access your systems or data, etc.).

This understanding drivessound contingency planning andhelps you to design and execute sound continuous improvement strategies. Applying this principle will significantly increase your Risk Management program’s effectiveness.

Principle #4: “The line between disorder and order lies in logistics.” – Sun Tzu

Be transparent and provide awareness andtraining for your program.Provide the appropriate expertise to guide your business lines through the process. Monitor each business line, their operational metrics, their level of risk management participation, their emerging concerns, and their strategic plans. This principle drives a strong transparentRisk Management program.

Principle #5: “He who is prudent and lies in wait for an enemy who is not, will be victorious.” – Sun Tzu

You should have an Emerging Risk portion of the program. Look outward to environmental, political, and social happenings to understand what might impact your company positively (i.e., strategic opportunities) or negatively (i.e., opportunities to increase company resiliency).

Be proactive and pervasive in your analysis. Understand the likelihood, potential timing, dependencies, and multiple impacts of these events to drive comprehensive plans. This principle enhances the extensiveness of your Risk Management program.

Principle #6: “This game is ninety percent mental, the other half of physical” – Yogi Berra

Yogi Berra might not be good at mathematics, but he does capture the martial arts spirit. This principle is simple, “you get out of it what you put into it”. Half of any success is in showing up;the rest is being very present and contributing to the process.

Everyone on the team has something to contribute. Be mindful. Be respectful. Be constructive. Be open to listening. Be ready to follow through to champion the implementation of controls in your line of business. This is how the “game” is played and how we all win.

Principle #7: “Unhappy is the fate of one who tries to win his battles and succeed in his attacks without cultivating the spirit of enterprise, for the result is waste of time and general stagnation.” – Sun Tzu

Enterprise Risk is a shared discipline. Each of us has the capacity to understand business impact and the skills to prevent negative outcomes from occurring. Conversely, an organization that is open to identifying opportunities and to taking controlled risks can enhance business growth. If the culture upholds this principle, the company is bound to prosper.

Bonus Wisdom: “In the beginner’s mind there are many possibilities, but in the expert’s mind there are few.” – Daisetsu TeitaroSuzuki

When you look back at what you have accomplished, you will be amazed. The more iterations you take the business through, the more that the process improves. You will find over time that the answers will become more evident and repeatable as your program matures.


The principles above are designed to guide your Risk Management program through levels of maturity. Cultivate your company’s Risk Management culture. Build your company’s understanding of the Risk Management program, the importance of constructive participation, and the need to consider external and internal factors when building resilient contingency plans and strategic initiatives.

Source link

Leave a Reply

Your email address will not be published.