Planning for risks is crucial to an organisation’s success.

#Governance and risk #Risk management #COVID-19 #Risk Mitigation #ERM
risk-3576044_1280

The past year offered organisations worldwide an opportunity to update their risk management process.

The COVID-19 pandemic reminded organisations how fast and impactful risks can be.

Businesses that addressed risk management strategically in 2020 were able to adapt better to the impacts of the pandemic.

A strategic approach to risk management includes:

  • Focusing on new and emerging risks.
  • Monitoring potentially observational risks that are currently under control.
  • Establishing a strong corporate risk culture.
  • Creating a risk committee separate from the board’s audit committee.

Existing enterprise risk management (ERM) practices were re-examined. However, in some organisations, ERM is still a work in progress because of competing priorities and inadequate resources.

 

There are several steps to improve the organisation’s approach to enterprise-wide risk management.

 

1. MANAGEMENT’S PERCEPTIONS ABOUT THE CURRENT APPROACH TO RISK MANAGEMENT

 

Every organisation is effectively managing risks when in operation. It is important for leaders to obtain the perspectives of senior executives about the organisation’s current approach to risk management.

 

ISSUES TO BE CONSIDERED

  • Whether the emphasis of risk management on business operations, will lead to a view of the organisation’s most critical risks.
  • Whether the coordination and implementation of risk management activities across the organization is mostly ad hoc or informal.
  • Whether executives are aware that related risks appearing in different parts of the business can escalate into enterprise-wide issues.
  • Tendency of existing risk management process to focus on already known risks mostly linked to internal operations and compliance issues.
  • The accepted belief of the risk management process as bureaucratic and non-value adding.
  • Effectiveness of process in prompting management to find unspecified, but identifiable risks.

 

2. CONSENSUS ABOUT THE MOST SIGNIFICANT ENTERPRISE RISKS

 

The volatile business environment is generating newer risks for many organisations. Executives must constantly seek consensus on emerging risk issues. This will them focus on the correct risks and to minimise risk.

 

ISSUES TO BE CONSIDERED

  • How far the senior executive team has reached consensus on figuring out the enterprise level risk most critical to the organisation.
  • The clarity of the ownership and accountability for managing enterprise level risks.
  • The level of understanding that the senior executive team has about the organization’s response to top risk exposures.
  • The level of confidence that the senior executive team has of the implementation and effectiveness of responses.
  • Frequency of engagement of management with the board of directors about the top risks.
  • Agreement between management and the board about which critical risks are the most critical to the organization.

 

3. THE USE OF OUTPUT FROM RISK MANAGEMENT IN STRATEGIC PLANNING

 

Organisations must be willing to take risks to generate higher returns. Risk management activities contribute important strategic value. Organisations must formally consider existing risk exposures when evaluating new possible strategic opportunities. Organisations must include risk exposures in strategic planning discussions.

 

ISSUES TO BE CONSIDERED

  • Failure of risk management process in the provision of important strategic information about potential risks.
  • Over emphasis of current risk management process on operational or compliance issues.
  • Mapping of top risks to the most important strategic initiatives.
  • Prompting management to look outside the entity for risk triggering external events.
  • Identification of risks from the strategic initiatives in the strategic plan.
  • Frequency of interaction between risk management leaders and senior executives.
  • The accepted belief that the organisation’s risk management process as an onerous administrative form filling exercise.

 

4. ACCESS TO ROBUST KEY RISK INDICATORS

 

Few organisations have a robust set of risk indicators included in their management dashboards to help them monitor risk conditions.

Most organisations have key performance indicators (KPIs) to help them monitor the performance of the business. However, KPIs are historical in nature and they tend to focus on things internal to the enterprise.

 

ISSUES TO BE CONSIDERED

  • Forward looking metrics.
  • Metrics that monitor both internal and external trends.
  • warning signs of risk concerns.
  • The executives responsible for monitoring those signals.
  • The trigger points signalling for the executives to act.

 

5. READINESS OF ORGANISATION IN MANAGING A SIGNIFICANT RISK EVENT

 

The risk event itself is the worst time for the organisation to find out its lack of risk management preparedness.

This could cause immense harm to its brand and reputation.

A robust enterprise risk management process is not likely to prevent all possible types of risk.

Senior executives involved in ongoing robust risk management discussions tend to be better in dealing with a significant risk event.

 

ISSUES TO BE CONSIDERED

  • Confidence of senior executives in ability to handle significant risk event.
  • Vulnerability to unexpected risk events.
  • Availability of Standard Operating Procedures to respond to risk exposures.
  • Navigating a risk event that has gone viral over social media platforms.

 

FINAL THOUGHTS

 

Risk management should be an integral part of strategy.

Strategic risk management is not only for pre-empting threats. It also means analysing and taking advantage of any opportunities presented to them. Some businesses discovered opportunities presented by the pandemic. There were new opportunities in the supply chain and new product market dynamics.

The most mature ERM processes could not have responded well to an event such as the COVID-19 pandemic.

More organisations should take the necessary steps to evaluate the robustness of their risk management approach. And from there, take the necessary actions to put them in a stronger position for subsequent events.

 

Leave a Reply

Your email address will not be published. Required fields are marked *