Wanted: Masochist Renaissance Men (and Women)

So you get into the office and somebody asks you about counterparty risk on some new financial agreement. Then you get a call and somebody talks about estimating the chances that a submarine cable could be cut. An email arrives and it is about arranging insurance for a satellite. On your coffee break, a colleague starts telling you about negotiating with the regulator. You have a meeting with HR and the topic of succession planning comes up. Another email arrives - a story about the latest research on the health implications of mobile phone use. Over lunch you discuss the rumours about a competitor dropping their prices. It is only half way through the day and you have touched on everything from strategic planning to office workers tripping over cables. You get back to your desk and your boss wants to know if you have the enterprise risks all under control. Well, do you?

You don't have to be a da Vinci, an Ibn Khaldun or a Ben Franklin to work in Enterprise Risk Management, but it would help. It would also be useful if you have the stamina of an ox, the fortune telling powers of Nostradamus and the ability to go without sleep for a week at a time. But you cannot manage the risks in your business by taking responsibility for them all. The trick is to get all staff to take responsibility, and to talk to them about how they do it. Of course, you need to talk to them in a language they understand...

The process cycle in the ISO 31000 ERM standard makes it sound so easy. You need to establish the context, identify risks, analyse risks, evaluate risks, treat the risks and all the while you should communicate and consult, monitor and review. As they say in Britain, that sounds easy peasy lemon squeezy (a phrase that comes from an old detergent commercial). But when you think about the array of risks we deal with in communications providers, you realize that comedy writer Armando Iannucci coined a more suitable phrase: difficult, difficult, lemon difficult.

Given how difficult risk management is, why spend precious time participating in the TMF's ERM community? The straight answer would be that if we work together, and come up with common solutions to common challenges, we can make our working lives easier. There is a gulf between the processes described in ISO 31000 and the processes described in the eTOM, but we might as well pool resources when working out how to bridge the gap. Another answer is that the community is an exercise in group therapy. Risk managers, the rest of the world may not understand... but we do.