The global economic environment is increasingly becoming volatile and high risk for businesses to operate in. A wide array of new enterprise risks are constantly emerging and threatening the survival and growth of their organizations. These wide-ranging risks include financial risks, strategic risks, operational risks, regulatory or compliance risks, value and supply chain risks, human capital risks, political risks, technology risks, environmental risks, reputational risks etc.
In these challenging times, risk leaders need to see through their organizations, move with speed and adapt to the new world of risk management. They must make significant changes to their risk management approaches.
To effectively connect the dots of risk across the enterprise, senior executives and their boards need to take a holistic view of enterprise risks and continuously monitor these risks. Enterprise Risk Management (ERM) gives senior management that required holistic view of organizational risks. It is no longer advisable for management and boards to consider risk management as a review process that is conducted once or twice a year. Instead, management need to monitor and address risks on a continuous ongoing basis.
The increased use of internet by organizations to communicate and carry out business has both its perils and benefits. As more and more organizations increase their online presence via social media usage, this presents new challenges. For most companies, they now have an online presence on Twitter, Facebook or LinkedIn. These platforms are making it easier for various companies to market their products or services, reach a wider audience, tap into existing and potential customer’s conversations and devise winning strategies that create and add value.
Social media has the potential to magnify the threats from an array of risks. For example, some companies have suffered severe financial losses as a result of confidentiality breaches and malicious rumours spreading. Social media conversations spread like a wildfire, especially negative company news, and this has a crippling effect on the organizations. It is therefore critical for business leaders to have an effective social media strategy and know what is being said about their products, services, markets and employees on these platforms.
Adapting to the new world of risk management requires senior management teams to stop paying lip service to risk management and instead elevate risk profile throughout the organization. There is need to close the fundamental gap between thought, talk and action among risk managers across all industries. This means creating risk awareness where everyone is accountable or takes ownership of risk. An individual’s ownership of risk depends on awareness which in turn predicts the effectiveness of the organization’s ERM program. Unfortunately, for the majority of organizations, people are unaware of what they need to do concerning risk.
The starting point in successfully creating a risk aware culture involves the management team changing their risk philosophy and making sure that everyone within the organization clearly understands the true meaning of ERM. Enterprise risk management is not just about risk mitigation or value protection but also a value creation process. With regards to risk conversations, these should not only happen in hallways, canteens or at photocopy machines but should be presented on the table. We now live and conduct business in a more complex and connected world. As such, discussions on risk management must lead to the identification of opportunities that actually turn into business improvements. Providing additional training for staff also help create risk awareness within the organization.
Having a formal risk management process allows senior executives to take ownership and accountability of risk management. In today’s uncertain environment, risks should not be managed on an adhoc basis. A centralized risk management model adds more value than a decentralized one. Centralization helps management identify key organizational risks through both a top-down and bottom-up process. When risk management is provided from top-down, individual managers become more responsible of managing, monitoring and measuring specific risks. In such companies, they have formed a risk analysis team that is dedicated to analyzing risks as they start emerging and this team regularly interacts with a cross-functional team of senior leaders that provide feedback and test assumptions.
Because the risk environment is constantly evolving, it is imperative that risk leaders re-evaluate their current risk management or ERM programs and benchmark these against leading practices. It could be that your current practices are outdated and need incorporating new analytical technologies. A more holistic view is required to manage risks effectively across the enterprise. It is important to intelligently assess and identify emerging risks and choose the focus of the ERM program. Being complacent about your ERM program will not help you drive your enterprise’s performance. Continuous improvement is critical. An effective ERM program identifies and prioritizes risks based on the organization’s strategic goals.
As the economic climate continues to change and volatility increases, risk monitoring should shift from a backward-looking approach to a more predictive continuous ongoing process. Key Risk Indicators (KRIs) can be used to identify potential changes in the organization’s or business’s risk profile. By investing in analytics that can leverage vast amounts of data, the organization will be able to gain better business insights and improve its risk management. It is also important to note that automation alone will not answer all your risk related questions. There is still the need for social interaction and oversight. Interpersonal conversations are more meaningful and productive. Some companies have benefited by participating in more networking and peer discussion opportunities that discuss leading risk management practices.
When adapting to the new risk management world, it is important for management to remember that risk management approaches vary considerably by industry. Because of different perceptions of risk, different allocation of resources and different organization of the ERM process, there is no “one size fits all” risk management model. The accepted practice and program must align with the organization’s management system and rooted in the DNA of the business. Investing in ERM may look like a losing proposition but in actual fact, it is not. Taking swift action can help your organization stay in the headlines for only the right reasons.