Risks and opportunities are prevalent in today’s global economy. Organizations are constantly getting exposed to material risks (financial, strategic, operational, geopolitical, environmental, legal, compliance etc) yet the majority are not prepared for them.
Today’s uncertain business environment requires organizations to start taking a broader view of enterprise risks, focus on those risks with the greatest impact and occurrence and leverage performance management tools to manage and mitigate them
Factoring risk into the main areas of performance management positions the enterprise to better limit surprises and capitalize on upside opportunities. In order to plan for these risks, management must ensure that the organization must at least have some sort of formalized program to manage risks and conduct risk-adjusted forecasting and planning.
Identifying and defining the most important risks helps the organization evaluate current internal controls, management actions and evaluate whether the risks are at an acceptable level or there is need for additional actions. The board of directors and its senior management team need to know where the risks reside and if they are being properly managed. To achieve the desired results, it is important to understand that ERM requires collaboration across the enterprise.
Traditionally, organizations focused more on financial risks. Today, the risk landscape has changed and continues to evolve. In order to effectively execute strategy and deliver performance, organizations must go beyond the obvious financial risks, identify, assess, evaluate and manage the non-financial risks with the potential of impacting on the organization’s value drivers. Furthermore, there is need to understand how each risk might interact with others and the resulting compounding effect. This helps management make decisions with little or minimal implications on the overall performance of the business.
As mentioned earlier on, in order to manage risks, organizations must leverage performance management tools. This means use of historical comparisons of KRIs & KPIs, evaluation tools that set and specify risk thresholds, predictive analytics for measuring and monitoring risks, risk-adjusted forecasts which consider risk assessment an important part of decision-making, and process controls that are fully embedded in risk systems.
Integrating risk with performance management is critical. By doing so, organizations are more likely to identify potential risks faster, respond to them quicker and prepare for them better. To incorporate risk into performance management, organizations must:
- Prioritize risks based on greatest impact and likelihood of occurrence
- Create a line of sight working backward from the identified risks and their root causes.
- Correlate risks within and across silos.
- Adjust for the compounding effects of seemingly independent risk events.
- Plan for different scenarios. By identifying different scenarios, the organization will be able to develop various risk response plans that are applicable to many possible events, not just the specific scenario developed.
Furthermore, integrating risk with performance management means enhancing monitoring and reporting. Effective reporting helps organizations sense risk, respond faster and reduce its negative effects.
To successfully enhance their risk and performance reporting capabilities, organizations must incorporate risk into KPIs to identify problems; develop, implement and incorporate new KPIs for risk into the performance and risk dashboard; perform KRI trend analyses to enable identification of process deficiencies or other trends before they reach critical levels and monitor KRIs, in turn, to help gauge the effectiveness of mitigation strategies to reduce the likelihood and/or impact of a given risk.
Because of increased volatility, uncertainty and globalization which continue to hamper strategy development and execution, organizations need to approach risk management proactively as opposed to taking the back seat and being reactive. There is need to ensure that the organization is taking a holistic view of its risks.
Developing a more holistic view of risks requires management to identify and evaluate risks that most threaten value drivers of the business; determine if exposures are at acceptable levels; link contingency planning and risk management actions to the root causes of the organization’s risks; have a clear understanding of the organization’s risk profile and its position on major risks and the ability to determine and evaluate the impact of internal and external risks across business units, functions and geographies.
By developing a more holistic view of risks and integrating risk into performance management, organizations are better able to navigate the challenges of today’s uncertain and volatile environment and recover quickly from the surprises arising from this uncertainty and volatility.