No More Business As Usual

The UK Institute of Risk Management (IRM) held the 8th annual risk leader’s conference, with the theme, ‘no more business as usual’. It was a gathering of risk leaders from different industries and sectors, and with participants from different regions of the globe. The conference focused on how corporate and individual behavior affects the ability of organisations to manage their risks, particularly in the context of the widespread political and technological changes that have been rapidly evolving across the world.

The recent past has seen political and social upheaval, together with change enabled by technology, which has forced us to re-examine some basic assumptions about the world we live in. We have seen fractures appearing in the European Union, the rise of populism and challenges to the ‘truth’ of the mainstream news agenda. What can be perceived as repeated failures and scandals have led to a loss of trust in ‘experts’ and a questioning of the motivations and ability of companies, organisation’s and institutions to deliver on their objectives as well as fulfil their role as good global citizens.

Given the increased volatility of the external environment, how should boards approach their governance and risk management responsibilities? What can be done to help organisation’s instil the behaviors at all levels that will meet the needs of stakeholders and enhance reputation?
Different papers were presented by subject matter experts, but the clear message was that Enterprise Risk Management (ERM) as a game changing advantage tool for corporate or government success is here to stay. Evidence has shown that the underlying concepts that make up ERM will survive through the test of time. Regulators and rating agencies are catching on and gradually beginning to use measurements of ERM maturity for evaluating the “soft” part of companies as opposed to its traditional “hard numbers” based approach. ERM is evolving from a nice-to-have tick-box system to be an enduring process and way of thinking.

Organisation’s that grow in their ERM maturity are more likely to outperform the competition. They will seize opportunities while still yet appropriately mitigate long-tail risks that could imperil their safety and soundness. By leveraging industry-agnostic best practices, ERM breaks down traditional risk silos across the enterprise—while still meeting the demands of regulators and staying competitive.

A paper presented titled – “What does good risk governance look like in practice”, emphasised the need to integrate risk management with strategic planning.
Studies have shown that companies that have consistently outgrown their industry peers while simultaneously making margin improvements over the last 20 years have relied on their ability to allocate capital to bigger, riskier bets. These riskier bets allowed them to become the “first-movers” in their industry while not spending any more on R&D or acquisitions than others. It all boils down to strategy.

If companies need to articulate their strategies and take risks to grow, then there is a role for risk management to play in helping with that. What needs to be understood is that, like cholesterol, there are good and bad kinds of risk. Bad risks are more obvious and distinguished by recklessness and wrongdoing. These are what the risk management function is normally associated with—putting controls in place to keep bad things from happening.

Coming home, it means all players – companies, SME’s, NGO’s and government MDA’s must get on the ERM train. Risk articulated strategies point and guarantee the way forward. Unfortunately, most players either don’t understand, or commonly forgo the need to analyse their strategic risks, often with severe consequences. Strategic risks are those risks that can undermine an organization’s business model and competitive advantage. These risks show up each and every time a new strategy is selected.

A used approach known as the Protiviti contrarian approach connects strategy-setting and risk assessment by identifying the assumptions underlying each business strategy. It basically prompts the question, “What if these assumptions turn out to be wrong?”
The challenge is that strategic risks are inherently difficult to handle because they could be difficult to quantify and measure. They also often manifest themselves over a longer period of time than managers are accustomed to evaluating. Assessing strategic risks requires managers to think about the downside of the business strategies that they are naturally optimistic about.

To overcome this, finance, strategy and risk management teams need to join forces. This presents risk management with an opportunity to demonstrate its value by enabling senior leaders to make high-risk growth decisions. For ERM to take root, risk leaders must have a good understanding of the company’s growth ambitions. Risk management must be involved in strategic planning conversations. Having a seat at the table during these discussions is critical. From there, risk leaders can communicate any associated risk implications to the strategic planning group, including finance. The risk profile that ERM generates from these exchanges can help the organization recognise what types of risk-taking make the most sense—which big-growth bets are most likely to succeed, and which of the potential impediments are most critical to address.

Risk managers also need to consider how they talk about risk appetite with stakeholders on the risk committee and the board. Too often, risk appetite is discussed using generalizations and jargon that do not give managers and employees a clear understanding of how to consider risk in their roles. When developing or reviewing their risk appetite, risk leaders should base the discussions on where the company wants to go, and what needs to change in order to reach those objectives.

Instead of asking what level of risk executives are comfortable with, risk managers should ask, “Where do we want to see management taking on more (or less) risk, and in what way?”
As the world moves towards ensuring objectives are met with more certainty, we should not be left behind.

Related Articles