Business Risk Management and Martial Arts Principles


Eric Bonnell, Senior Vice President, Technology Risk, Atlantic Union Bank

Martial artists train to increase their skills (i.e. controls) while constantly assessing their environment to understand threats (i.e. the likelihood and extent of the impact of a probable attack). Essentially, this outlines the basics of a company’s Enterprise Risk program.

“All team members have something to contribute. Be aware. Be respectful. Be constructive. Be open to listening. Be ready to follow through to advocate for the implementation of controls in your industry. C this is how the ‘game’ is played and how we all win”

It follows that the company can learn from the discipline and principles of martial arts when building, operating, maintaining and improving its Enterprise Risk program. Below are some well-known martial arts quotes that represent seven basic principles for establishing and managing a truly transparent and effective risk management program.

Principle #1: “There are few people who will make mistakes with fire after being burned once.” -Yamamoto Tsunetomo

Risk management becomes easier with experience. Historical knowledge, although it does not guarantee against all risks, can certainly bring wisdom to an organization. It is unfortunate that the business often experiences a very negative challenge before it begins to take risk management seriously. Don’t wait any longer to assess and manage your risks! This principle is fundamental but absolutely essential to successful risk management.

Principle #2“If you want to be a lion, you have to train with lions” – Carlson Gracie

There are benefits to establishing controls and complying with regulatory requirements. These are designed to prevent bad things from happening. However, blindly establishing controls without understanding the intent or interdependencies of controls can lead to over-engineering of processes or gaps.

Engage experienced talent in your organization to guide you through the process of understanding goals, assets, processes, and risks. Strive to see the big picture and guide your teams to design and implement additional risk-based controls to promote security and efficiency. This is the principle of dedication.

Principle #3: “To know your Enemy, you must become your Enemy.” – Sun Tzu

When identifying risks, you should try to break your processes and systems. That’s what the bad guys do. Build an understanding of what could go wrong when different negative situations could occur (eg power outages, operational errors, inability to access your systems or data, etc.).

This understanding leads to solid contingency planning and helps you design and execute solid continuous improvement strategies. Applying this principle will greatly increase the effectiveness of your risk management program.

Principle #4: “The border between disorder and order lies in logistics.” – Sun Tzu

Be transparent and provide outreach and training for your program. Provide the right expertise to guide your lines of business through the process. Monitor each line of business, its operational metrics, level of participation in risk management, emerging concerns and strategic plans. This principle is the basis of a strong transparent risk management program.

Principle #5: “He who is prudent and who watches for an enemy who is not prudent, will be victorious.” -Sun Tzu

You should have an emerging risks part of the program. Look outward at environmental, political and social events to understand what could impact your business positively (i.e. strategic opportunities) or negatively (i.e. business opportunities). increase business resilience).

Be proactive and omnipresent in your analysis. Understand the likelihood, potential timing, dependencies, and multiple impacts of these events to build comprehensive plans. This principle reinforces the scope of your risk management program.

Principle #6“This game is ninety percent mental, the other half physical” – Yogi Berra

Yogi Berra may not be good at math, but he captures the spirit of martial arts. This principle is simple, “you get out of it what you put into it”. Half of all success is showing up; the rest is to be very present and contribute to the process.

Each member of the team has something to contribute. Be aware. Be respectful. Be constructive. Be open to listening. Be prepared to follow through to advocate for the implementation of controls in your industry. This is how the “game” is played and how we all win.

Principle #7: “Unfortunate is the fate of him who tries to win his battles and succeed in his attacks without cultivating the spirit of enterprise, for the result is a loss of time and a general slump.” – Sun Tzu

Enterprise risk is a shared discipline. Each of us has the ability to understand business impact and the skills to prevent negative outcomes from occurring. Conversely, an organization that is open to identifying opportunities and taking controlled risks can promote business growth. If the culture confirms this principle, the company is destined to prosper.

Wisdom bonus: “In the mind of the beginner, there are many possibilities, but in the mind of the expert, there are few.” – Daisetsu Teitaro Suzuki

When you look back at what you have accomplished, you will be amazed. The more you take the business through iterations, the better the process gets. You will find over time that the answers will become more obvious and repeatable as your program matures.


The principles above are designed to guide your risk management program through the maturity levels. Cultivate your company’s risk management culture. Reinforce your company’s understanding of the risk management program, the importance of constructive engagement, and the need to consider external and internal factors when developing contingency plans and strategic initiatives resilient.


About Author

Comments are closed.