Risk management can be a defining factor between a business’ success and downfall. In the years prior to the recent global financial crisis and the ensuing economic recession, many organisations failed dismally in their risk management efforts resulting in both direct and indirect losses from inadequate internal processes, people and systems. Since then, it is evident that measuring and managing risk is most certainly becoming an essential tool to effective business management.
However, a number of barriers are still preventing some companies from reaping the benefits of investing in enterprise risk management initiatives. Some of the challenges that are faced when designing an effective Entertprise Risk Management system include the following:
• Cultural resistance
• Using a “Silo” approach of identifying and managing risks
• Lack of or minimal C-level support
• Overconfidence/Optimism bias which can impair a board’s and management’s ability to assess risk accurately
• Poor incentive structures
• Dominant financial or other backward looking risk indicators. This failure to identify what key risk indicators to choose and why has led many organisations to focus more on quantitative indicators at the expense of qualitative indicators.
• Failure to assess all the factors that create value
• A concentration on immediate rather than long-term goals. It was the focus on short-term goals and profits that brought large financial institutions to their knees during the global financial meltdown of 2008.
• Poor measurement of innovation, learning and change. Some companies are still failing to factor in the effects of market volatility and structural changes on business performance during their planning processes
• Lack of resources to design and deploy the ERM system
In light of all these challenges, companies therefore need to have a viable risk management platform that addresses existing and potential risks and provides feedback to relevant people to evaluate and resolve. In order to overcome these barriers, companies need to:
• Implement an integrated approach that is ingrained across the organisation and risk management practices. In other words, the organisation needs to have a coordinated risk management strategy instead of taking a narrow view of the risks affecting the business.
• Get rid of incentive structures that reward failure. Reward should be linked to performance. This also ensures risk ownership and accountability.
• Foster a culture that promotes and support risk management. This means C-level management communicating risk awareness and control procedures across and down the various functions of the organisation. There is also need to establish an environment that allows feedback from the operational team and other stakeholders to flow back to senior management. A consistent and easy to understand reporting and feedback process will assist management to effectively run their organisations.
• Move beyond concentrating on short-term goals only. Risk management is all about having the ability to look beyond “now” and into the future. This means having the ability and capacity to plan beyond 3-5 years and adjusting those plans when market conditions change. Profit and cash flow position need to be sustainable over the long-term period.
• Invest in predictive analytic and business intelligence tools to gain more insights on risk management that aid decision making. Instead of focusing on backward looking risk indicators, and because of their predictability capabilities, these tools have the capacity to turn data into actionable information for decision making in alignment with enterprise risk policy.
• Continuously and consistently perform risk-based operational audits of their systems, processes and people. This will help establish all the factors necessary for creating sustainable value. This is more than a “box-ticking” process and involves performing rigorous “what if” analysis in terms of risk identification.
• Ensure that they have the right people that fully understand how risk management operates and add value to the business. Having such people on board will help with continuous improvement efforts of processes and systems.