The global credit crisis has forced the financial services industry to acknowledge that it has a risk management problem. Many institutions have not been able to react to the market events affecting the industry and the internal stakeholders within their risk management trinity-the board, management and risk officers-have come to realize that they are not getting a consistent and complete view of their firm's overall risk profile. 

This distorted view stems, in part, from product innovation. Firms devote significant resources to new products, but these products typically create problems in their teenage years, when innovation and maturation can handily outpace the evolution of the risk controls needed to manage them. In order to be effective, the progress of product innovation cannot exceed that of risk management.

Every institution must find better ways to communicate risk across business units. Transparency of risk is a fundamental element of all successful risk programs, but many organizations lost sight of this factor during the run-up to today's credit crisis. By siloing risk within a series of complex risk measurement models, organizations may have created a false sense of precision around risk measures. 

Effective risk management is dependent on identification. Many risk stakeholders say, "It's not the risks that I know about that concern me; it's the ones that we have not identified." Institutions must reinvent the process of risk identification. They must eliminate "groupthink" situations in which viewpoints that differ from the majority are dismissed without adequate analysis and be mindful of unfocused debates that can skew the view of risk and create additional, unintended risk exposures.

Institutions should gauge the effectiveness of risk measurement programs against four goals. First, risk measures must be related to return measures. Second, a common currency for risk must exist to allow firms to look across all business units or risk types. Third, institutions need to take multiple snapshots of risk (value at risk, stress tests, single parameter measurements, etc.) rather than rely on just one view. Fourth, risk measures must be tied to business decisions.

With risk measurement and identification under review, institutions cannot ignore the "management" side of risk management. How they appreciate, respond and react to risk matters a great deal, and a companywide risk report-while critical-cannot compensate for informed communication and shared decision-making that addresses risk measurement shortcomings.

Enlightened institutions seeking to drive shareholder value will treat their risk management enhancements as a competitive advantage, moving beyond what is required by the regulators. They will end up with an enriched view of risk, better identification processes and a renewed emphasis on management principles. In the end, those individuals within the risk trinity will be empowered to do the jobs they are supposed to do: boards will set objective, measurable tolerances that frame the goals of management; management will drive firmwide risk and return decisions; and risk officers will become empowered stakeholders who help drive controls not only after, but during product creation, as well. 

So where is the starting line? Institutions should consider the following initiatives as they seek to improve their risk management activities:

1. Challenge the current culture of firmwide risk committees and risk reporting. 
2. Develop an objective statement of risk tolerances. 
3. Eliminate "groupthink" from the risk identification process; encourage and welcome all viewpoints. 
4. Recommend risk-based financial forecasts that link financial forecast and capital/liquidity adequacy to changes in macroeconomic conditions. 
5. Ensure risk-adjusted performance measures appropriately influence behavior and strategies. 
6. Integrate risk measures across businesses and risk types for market events. 
7. Implement multiple views of risk for increased transparency. 
8. Improve governance and control over all financial models. 
9. Expand static risk measures to include experienced-based simulations. 
10. Expand new product governance processes to include the challenges of the teenage years of new products. 

Hank Prybylski is the global leader of risk management financial services for Ernst & Young.