Given the millions of viewers watching the NFL’s Super Bowl each winter, there would be much to lose if risk events postponed or even cancelled the big event. Of course planning of each year’s Super Bowl involves a number of risk management related considerations; however, for the 2012 game, the Host Committee used enterprise risk management principles (ERM) to identify and mitigate risks. A recent article, authored by Mark Saltsgaver and Steven Strammello, in Risk Management magazine highlights this experience.

Why ERM?

The Super Bowl is a unique event made possible by a number of players, including the Host Committee, staff, and thousands of volunteers, who are all charged with a specific area of responsibility. The Host Committee realized that kind of organizational approach creates a number of opportunities for someone to fail to see the big picture and for a number of disconnected contingency plans to conflict with one another, if activated. ERM was seen as a way to help build an enterprise perspective and to cut across a number of silos that existed.

Focusing on Event Risk

The scale and complexity of the Super Bowl is on par with a number of businesses. However, one thing that set the Super Bowl’s embrace of ERM apart from an enterprise was the need to focus on “event risk” differently from “business risk.” In most business, the success or failure is measured by the bottom line. However, for the Super Bowl, the bottom line is secondary, while other nonfinancial risks, especially reputation risk, are front and center.

Additionally, consideration of time differed for the Super’s Bowl’s ERM implementation. As part of assessing risks, most businesses have to take into account the likelihood that a risk might occur over a specific time horizon. In the case of the Super Bowl, the concern was for a risk that might happen on a specific day.

Lessons Learned

The experience of using ERM principles to manage risks related to the 2012 Super Bowl provided a number of useful lessons:

  1. Not all risks can be monetized, but all must be quantified. Assigning dollar values to intangibles is difficult. So, the Host Committee considered other dimensions of impact, such as media coverage to quantify the impact of certain risk events.
  1. Focus on responses to risks, not just prevention of risks. Even the best risk management strategies can fail. Thus, it is critical for the organization to develop a comprehensive risk response plan in the event risk treatments fail.
  1. Risks are complex, thus response plans need to be multifaceted. So often, organizations over simplify their consideration of potential risk events as if those events occur like an on/off switch. Unfortunately, there are varying levels and intensities of risk events with each level creating different consequences.