Risk Management as Governmentality in Organization

Abstract

Risk management becomes an essential technology for every organization, especially those grouped in medium and big size enterprise as it provides additional layer of protection to the organization against risks from the business environment. Acting as the organization’s defense system, the organizational actors fail to see the capabilities of risk management system beyond its conventional purpose. With this narrow expectation on the contribution and function of risk management practice to the organization, the organizational actors were only focus on the compliance of risk management practice instead of using it strategically. The technology now emerged inside the organization and embodied the organizational actors, process and structure of the organization without being aware by the organizational actors. This could lead to the underperformance of risk management capabilities to improve organization performance and continues to make the organizational actors in a state of ignorance on what is actually happening inside the organization. Hence, by conducting an extended single case study method, the study aims to explore the other capabilities and purpose of risk management practice in the organization, particularly to addresses one big question of how risk management practice embodied the people, process and structure of organization and act as governmentality. By conducting a series of interviews with risk management officers, line management managers, technical staffs in risk management department of an organization, as well as three months’ observation on the organization’s risk management practice, from that the study found several interesting findings. Firstly, risk management practice in the organization has transform from a knowledge about protecting the organization from the side effect of risk into a type of discipline that is used by the authorities such as the government, the top management and the risk champion to control and discipline people, task, process, and system inside the organization. Secondly, by implementing risk management system in the organization, the authority is extended to the group of people or institution from outside of the organization which has been given power as according to the risk management framework to involve in the organization’s decision-making process such as in doing investment activities. The study suggests the organizational actors, particularly risk management officers to be equip with wider understanding on the risk management practice in the organization which allow them to use risk management strategically and to enhance their knowledge on how risk management practice influence themselves and the organization.