Although the final shape and direction are as yet far from clear, the concept of risk management is shifting in a big way. Just as Finance was remodelled as a value-add function from its old caretaker model, Risk teams have been looking at ways to go on offense.
One challenge is that individual reasoning looks at risk as a product of uncertainty and impact, and makes estimates, but groups and teams don’t react to risk simply as an aggregate of reasoning individuals. The classifications and estimations of risk aren’t uniform or obvious across an enterprise.
But, when you think about the serious reputational dimension of many top risks, it is clear that galvanizing the group around both positive and negative motivators is very important. Harnessing teams to turn risk management into an enterprise building activity is the vision. There are many trends and directions in play, but a few cardinal points stand out:
1. Risk upside—Many risks, if not most, also contain opportunities, either financial or corporate. Furthermore, risk management is about reducing the cost of mitigation to reflect risk appetite, not just spending more.
2. Tempo—Risk velocity is increasing on a number of fronts, not least cyber, technology and information risks. Unless risk management is to be a backwards-looking or forensic exercise, cycles need to be tightened.
3. Continuity—Similarly, treating risk management as a static exercise or a fixed annual assessment is not only less valuable and responsive to significant changes, it tends to be less engaged with the front lines of the enterprise. Ongoing risk management diversifies perspectives as well as keeping the risk register fresh.
4. Participation, Insight and engagement—While out and out risk democracy is not a common occurrence, getting better, more relevant knowledge from non-risk-specialist team members is a growing priority. Simple tools that give basic risk literacy coaching to managers and other team leads are one way forward.
5. Integration – Organizations on the bleeding edge of risk management explicltly link annual strategic plans with risk management processes. In this way, the risk management process provides an ongoing assessment of progress or risks to achieving strategic objectives.
Our focus is on tools that facilitate agile, proactive risk management at the Enterprise level. Reach out to us today to find out more!
Miles Smit, PhD