Rethinking and Elevating the Status of Risk Management

Enterprise risk management (ERM) is at the heart of effective decision making and should be at the forefront of everybody’s thinking within the organization. Today’s risk-filled macroeconomic environment requires front-line employees, middle management, senior executives and the board to take a proactive approach in managing the various risks the business is exposed to.

Risks are increasing and impacting the business at a very alarming level, and as a result, senior management and their teams have to be more prepared to respond quickly than in the past. This means adapting a new view of the risk universe.

Whereas in the past risk management was seen as a compliance and box ticking exercise, this limited view no longer cuts it. Not to say that compliance management is a waste of time, the function still plays a critical role in helping the business achieve its objectives.

What is critical and required in today’s VUCA environment is view risk management with a different pair of lenses, assess its role in helping management successfully execute the broader strategy of the business and increase the overall value of the business.

It is no secret that over the past decade the number of corporate crises and scandals the world has witnessed have increased significantly.  From natural disasters, product-related mishaps, supply chain failures, employee fraud, to IT system failures and too-big-to fail company liquidations, the media hasn’t been short of a story to post as a headline.

Most of these risk events, maybe apart from natural disasters, would have been mitigated had the management and board played their critical role in the effective identification, assessment, management and oversight of risk management within the organization.

Unfortunately, in many organizations today, senior management and the board are turning a blind eye on important risks and effective risk management.  Risk management is considered an after-thought activity.

Instead of integrating risk management with strategic decision making, the focus is on short-term performance and incentives that are inappropriate and driving the wrong behaviour from the top and all the way down to the least ranked employee of the organization.

Although the board plays a critical role in ensuring effective risk oversight within the organization, risk management is everyone’s responsibility.

Employees, management and the board should have a clear understanding of the business model, the foundations and assumptions on which this model is based, the risks the organization faces and how they might combine.

Irrespective of which function you are working, there are risks emanating from that particular function and these risks in turn intertwine with the broader business. As a result, it is critical that each employee is aware of what risks are emanating from their line of business, at what frequency and how they fit into the overall risk strategy of the business.

If the tone of risk management from the top is rotten, how can the board except the tone below to be different? Remember the fish rots from the head down.

If the leaders are ignorant, then the whole organization will follow suit. It is therefore important that top leadership sets in motion the right organizational risk culture and lead by example.

As a starting point,  this means changing the role and status of those employees and management tasked with implementing the organization’s risk strategy so that they don’t feel inadequate but can confidently report all that they find to the board. One of the challenges facing many businesses is that of complacency.

There is a misguided belief that good times will last indefinitely. As a result, many businesses are failing to recognize the rapid change in the business environment. Risks change overtime, and it is essential that management and boards are aware of all the important risks capable of derailing their plans.

How competent is your organization when it comes to identifying and analyzing risks emerging from the company’s internal and external environment, as well as from the leaders’ activities and behaviour?

How often are you stress-testing the core of your business model?

To avoid falling into the complacency trap, management and the board must learn to ask questions all the time. For example:

  1. How is your company consistently producing exceptional results?
  2. What are the foundations of the company’s success and how sustainable are these?
  3. Even if the company’s strategy is implemented flawlessly, what other risks could undermine the business?
  4. Does your incentive structure promote any form of inappropriate behaviour?
  5. Are you focusing more on cost-saving and efficiency to the detriment of quality?

Asking the right questions helps management uncover surprises early enough and address these before they become big and damaging to the organization.  It also helps the board understand and evaluate the adequacy of the answers received.

In the financial services industry, many institutions are driven by short-term revenue, profit and ROE gains. This massive obsession with achieving short-term performance targets often results in employees bypassing internal controls and management turning a blind eye to risky behaviour.

We have witnessed cases where companies significantly rewarded an employee for making huge profits on behalf of the business, only for management and the board to find out later that these profits were made via questionable and unethical ways.

How robust and all-pervading are your company’s internal controls to monitor employee behaviour, even the most senior executives?

When the role and status of risk management is elevated within the organization, there is a free flow of information in all directions. That is up and sideways as well as down and from the very bottom to the top of the organization.

Encouraging free flow of information within the business is key to ensuring that any issues or circumstances and risks that are known within the organization, but not to the leaders, do not remain hidden from the leaders’ sight. Some risks remain unmanaged because employees are afraid of flagging these to their superiors because the manager often refuses to heed warning and advice that something is wrong.

When senior managers and decision makers are ignorant of intelligent and informed advice, risks remain unrecognized and unmanaged for longer periods than necessary. These Unknown Knowns inherently become dangerous and eventually become detrimental to the organization’s performance and reputation.

It is therefore imperative that when assessing and evaluating risk information, the organization considers all the sources of information at its disposal.

Rather than limit their focus to traditional risk areas, companies should take an enterprise-wide approach of risk, and learn from their own experiences as wells as other companies and industries. This helps identify not only challenges that might cause a particular strategy to fail, but also any major risks that might also affect long-term positioning and performance of the business.

Self-deception is often a result of failure to listen to outside perspective, and when this happens, business leaders can only see themselves as in a mirror. This often leads to poor decision-making with far-reaching consequences than would have been the case had the leader listened to outside perspective.

Risk management is not only about looking at the downside, but also at the upside. Thus, in order to take advantage of uncertainty and volatility in today’s environment, maximize gains and create value, it is critical that companies move beyond their corporate structures, and adapt more of an “outside-in” perspective when assessing their strategies, challenges and opportunities.

In today’s era of Big Data and advanced analytics, companies can also take advantage of these modern technologies and start making sense of the vast information at their finger tips, by sifting through the data, determine the most important risks and risk indicators and establish an effective enterprise risk management framework.

Effective decision-making demands the business leaders to have a more comprehensive picture of the challenges that are in front of the company. This requires integrating ERM into the overall business strategy and planning process, and changing the approach to managing enterprise risks.

ERM must effectively support the development and execution of business strategy. However, if risk management is considered a cost and not a value-adding process, there is a big risk that the business will fail to execute its strategy successfully.

Effectively implemented and aligned to the business, ERM can become an important source of information to the board as well as the business via its executives. For example, it can help them become aware of the new risks created by their strategies, evaluate the strategic impact of new technologies and identify investments that are necessary for managing risks and exploiting new opportunities.

On the contrary, if the internal audit and risk management teams are given a very low status and never listened to, they become less effective resulting in the company being exposed to unnecessary risks.

What level of status are you giving to your organization’s internal audit and risk management teams?

How does risk inform your company’s broader business strategy?

Thanks for sharing:

Leave a Reply

Your email address will not be published.

Subscribe to get notified of new posts by email

Recent Posts

Categories

Leading in Uncertain Times

One of the biggest challenges facing business leaders today is making the right decisions that will ensure their organizations succeed, survive, and remain competitive in an increasingly uncertain and complex environment.

A recent post, The best way to lead in uncertain times may be to throw out the playbook, by Strategy+Business has several good points.

The article is about the COVID-19 pandemic, how global companies navigated through the crisis, and how best to prepare for future disruptions. Here are some key points and my comments.

  • Rather than follow a rigid blueprint, executives must help organizations focus on sensing and responding to unpredictable market conditions.
    • Comment: Senior leaders play a vital role in providing clarity about the organization’s strategic direction, creating alignment on key priorities to ensure the achievement of enterprise objectives, and ensuring the business model is continuously evolving to create and capture value in the face of uncertainty. They must not rest on their laurels and stick to the beliefs and paradigms that got them to where they are today and hope they will carry them through tomorrow. Regulatory changes, new products, competition, markets, technologies, and shifts in customer behavior are upending many outdated assumptions about business success. Thus, the businesses you have today are different from the ones you will need in the future hence the importance of continuously sensing changes in the global economy. Employees and teams often feed off the energy of their leaders and tend to focus their attention where the leader focuses attention. If the leader is comfortable with current business practices and rarely embraces the future or challenges the status quo, then the team is highly likely to follow suit.
  • When it became clear that supply chains and other operations would fracture, organizations began scenario planning to shift production sources, relocate employees, and secure key supplies.
    • Comment: Instead of using scenario planning to anticipate the future and prepare for different outcomes, it seems most of the surveyed organizations used scenario planning as a reactionary tool. Don’t wait for a crisis or a shift in the market to start thinking about the future. The world is always changing. As I wrote in The Resilient Organization, acknowledge that the future is a range of possible outcomes, learn and develop capabilities to map out multiple future scenarios, develop an optimal strategy for each of those scenarios, then continually test the effectiveness of these strategies. This does not necessarily mean that every change in the market will impact your business. Identify early warnings of what might be important and pay closer attention to those signals. In other words, learn to separate the signals from the noise.
  • The pandemic forced the organization’s senior management team to re-examine how all decisions were made.
    • Comment: Bureaucracy has for a very long time stood in the way of innovation and agility. To remain innovative and adapt quickly in a fast-changing world, the organization must have nimble leadership and an empowered workforce where employees at all levels can dream up new ideas and bring them to life. Identifying and acting on emerging threats and potential opportunities is not the job of the leader alone but every team member. To quote Rita McGrath, in her book Seeing Around Corners, she writes, “Being able to detect weak signals that things are changing requires more eyes and ears throughout the organization. The critical information that informs decision-making is often locked in individual brains.” In addition to the internal environment, the leader must also connect with the external environment (customers, competitors, regulators, and other stakeholders), looking for what is changing and how.
  • It’s worthwhile for leaders of any team to absorb the lessons of sense-respond-adapt, even if there is no emergency at hand.
  • Sensing: Treat the far-flung parts of your enterprise as listening stations. The question leaders must ask is, “What are we learning from our interactions beyond the usual information about costs and sales?” Train your people to listen for potentially significant anomalies and ensure that important information is not trapped in organizational silos.
    • Comment: Cost and sales data are lagging indicators that reveal the consequences or outcomes of past activities and decisions. Although this information can help leaders spot trends by looking at patterns over time, it doesn’t help understand the future and inform what needs to be done for the numbers to tell a different story. In addition to lagging indicators, pay attention to current and leading indicators and understand the relationship between these indicators and outcomes.
  • Responding: Improve communication across intra- and inter-organizational boundaries. Leaders should view business continuity as an essential function that acts as connective tissue for the enterprise.
    • Comment: In addition to creating mechanisms that allow the free flow of information both inside and outside the organization, decision-makers should also be comfortable receiving information that challenges their personal view of the world, even if it’s not what they want to hear. Create a culture of psychological safety where people are not afraid to share bad news for fear of getting punished, but rather are acknowledged and rewarded for speaking up. Leveraging the diversity of thought enables leaders to anticipate the future as an organization, decide what to do about it collectively, and then mobilize the organization to do what’s necessary.
  • Adapting: Challenge assumptions, and question orthodoxies. There’s always the temptation to mitigate threats simply by applying existing practices harder and faster. One way to get at those deeper issues and encourage double-loop learning is to ask, “What needs to be true for this to be the right approach?”
    • Comment: In an increasingly uncertain environment, it’s difficult to survive and thrive with an old business model or outdated technologies. Many businesses fail because they continue doing the same thing for too long, and they don’t respond quickly enough and effectively when conditions change. As a leader, stay curious and connected to the external environment, look for market shifts, understand what needs to be regularly refreshed and reimagined, adopt new technologies and capabilities, and adapt in ordinary times but also during times of transition. Unfortunately for many leaders, it’s just more convenient for them to continually downplay the fact that conditions are changing than take the appropriate course of action that drives business success.

How are you preparing your organization for potential future disruptions?

Thanks for sharing:

The Collaborative Organization

These days the term collaboration has become synonymous with organizational culture, creativity, innovation, increased productivity, and success.

Let’s look at the COVID-19 pandemic as an example. At the peak of the crisis, several companies instructed their workers to adopt remote working as a health and safety precautionary measure.

Two years into the pandemic, they are now asking their employees back to the office full time or are planning to adopt a hybrid model.

The need to preserve our collaborative culture and accelerate innovation are two of the top benefits being cited by organizational and team leaders for bringing workers back.

Collaboration is indeed essential for the achievement of team goals, functional objectives, and the overall success of the organization.

Today’s breakthrough innovations are emerging from many interacting teams and collaborative relationships.

When teams, functions, and organizations collaborate, the whole is greater than the sum of its parts; group genius emerges, and creativity unfolds.

But, what makes a successful collaboration? What are the key enabling conditions?

  • It extends beyond the boundaries of the organization. Business success is a function of internal and external relationships. Instead of viewing your business in vacuo, understand that you are part of an ecosystem. External to your organization, who do you need to partner with to enhance your value creation processes, achieve/exceed your objectives, or successfully execute your strategy?
  • Ensure the objectives are clear and there is shared understanding by everyone. Unclear objectives are one of the topmost barriers to team and organizational performance.
  • Foster a culture that encourages opinions and ideas that challenge the consensus. People should feel free to share their ideas and not hold back for fear of others penalizing them or thinking less of them. Collaboration is hindered when one or two people dominate the discussion, are arrogant, or don’t think they can learn anything from others.
  • Groups perform more effective under certain circumstances, and less effective under others. There is a tendency to fixate on certain topics of discussion amongst groups which often leaves members distracted from their ideas. To reduce the negative effects of topic fixation, members of the group should be given periods to work alone and switch constantly between individual activity and group interaction.
  • Effective collaboration can happen if the people involved come from diverse backgrounds and possess complementary skills to prevent conformity. The best collective decisions or creative ideas are often a product of different bodies of knowledge, multiple opinions, disagreement, and divergent thought processes, not consensus or compromise.
  • New technologies are making collaboration easier than ever, enabling us to increase our reach and broaden our network. Although new technology helps, it will not make your organization collaborative without the right culture and values in place. First, define what you want to achieve through collaboration then use these tools to promote creative collaboration.

How else are you championing collaboration within your organization to create value and succeed?

Thanks for sharing:

Preparing for Geopolitical Shocks

Geopolitical instability has steadily increased over the past years, and uncertainty in the global economy is at an all-time high. Thanks to globalization and advances in technologies, we now live and work in a tightly interconnected world, one in which the boundaries that previously separated domestic from global issues have disappeared.

Threats are no longer confined to traditional political borders, social structures, and geographic boundaries. Geopolitical shifts have dramatically altered the global economic landscape and brought politics and business together.

The rise of China as an economic and politically influential power has threatened the dominance of the United States as the world’s largest economy. Although the opening of China and a market of 1.4 billion people have benefited both countries, it has also intensified competition and sparked U.S. economic and technological espionage accusations against China, leading to strained relations between the two giants.

U.S. companies operating from China have felt the impact of this tense relationship. The opposite is true for Chinese companies in the U.S.

Across Europe, national populism is on the rise and now a serious force. In 2016, the United Kingdom shocked the world when it voted to leave the European Union, generating reverberating effects across markets.

Banks and financial services companies that once benefited from the EU passporting system have had their cross-border banking and investment services to customers and counterparties in the many EU Member States impacted, causing them to reimagine their value proposition models.

The recent invasion of Ukraine by Russia is another example of a geopolitical event that has had devastating effects on human livelihood and businesses. Although the conflict between the two countries has risen over the years, I think it’s fair to say that few political analysts, governments, and businesses predicted a war to happen.

The war has created a humanitarian crisis, rattled global commodity and energy markets, caused prices to soar, and forced many international companies to temporarily suspend their Russian activities or completely cut ties with the country.

Global supply chains which are already fragile and sensitive due to the COVID-19 pandemic are now facing new challenges in the aftermath of the Russia-Ukraine crisis. Multilateral economic sanctions have been imposed on Russia. A state of affairs that was unthinkable months ago and is now threatening to derail the nascent global economic recovery from the COVID-19 pandemic.

Given the global domino effect of geopolitical events and the shrinking of the distance between markets and politics, the need to better understand and more effectively mitigate geopolitical risk has become more urgent. The business impacts, whether direct or indirect, vary by company type and industry sector.

Your company may not be able to prevent wars between nations, but you can anticipate and better prepare for geopolitical shocks:

  • Integrate strategy, risk, and performance decision-making. Consideration of risks to business success is an important part of the strategy selection and execution process, not an afterthought.
  • Develop a better understanding of geopolitical trends and how they are changing. For example, what are the megatrends in business, politics, and technology that are making geopolitical risks more diverse, prevalent, and consequential?
  • Assess the links between these geopolitical events and business performance. What are the events that matter most to your business? For example, how might current global political trends pose physical, business, and reputational risks to your parent organization?
  • Anticipate how these trends are likely to play out in the short, medium, and long terms, and develop mitigation strategies for each geopolitical scenario. Proactively anticipate and plan for radically different worlds, instead of reacting to problems as they arise
  • Review your mitigation strategies as the world changes. Are they effective enough in case of a major shock?
  • Develop capabilities for continuous learning to anticipate, address, and recover from geopolitical crises.

What do you think?

Thanks for sharing: