The cost of risk management-- both in price and in reputational terms-- is increasing for businesses everywhere. There are many points of stress that companies must leverage with their profitability such as-- cyber threats, increased regulations, geopolitics, and environmental awareness of consumers. When boards and senior management do not approach the management of their risk profiles in a data-driven, more holistic manner-- they leave themselves vulnerable to loss. But what if risk management was considered another part of a business plan-- and something that was constantly updated and employees prepared for? Companies can tackle risk head on with some serious changes to their current methods, and by actively incorporating data analysis to their process.
In this article, we’re going to examine:
Unfortunately, boards of directors and senior management have not kept stride with risk management at various types of companies. Financial institutions are heavily regulated, and therefore are an exception-- they have many ways to monitor people and companies and are bound by law to keep pace with anti-money laundering (AML) regulations and politically exposed person (PEP) screenings.
Most boards rightly keep their focus on strategy and profitability-- but they are missing a key component-- which is effective and well-rounded risk management. It is never a good idea to employ a reactive approach to risk-- and deal with it when it happens. Companies do not use this method when it comes to problems with production or customer satisfaction-- so why are they still doing it when it comes to risk?
Senior management should be responsible for setting up an effective risk strategy-- one that has been tested and based on data analysis to determine whether it works-- and whether a company’s performance can still be measured accurately against these risks. When there is a plan in place to deal with threats before they arise-- employees are trained and better able to manage the problem before it is allowed to get out of control.
Depending on what sector your business is in-- there are different types of risk environments that depend on a wide variety of influences. Each company needs to come up with their own specific risk management plan-- one that takes into account the variances and nuances of their particular sector. In the automotive industry, most major companies need to monitor and prepare for supply chain risks so that their end product is not disrupted. They also need to be aware of the drive to use other means to power vehicles-- and mitigate the risk that alternative methods for fuel such as electricity as well as advances in self-driving cars.
In another sector such as the pharmaceutical industry-- their biggest risk isn’t in supply-- but rather in the substantial investments into research and potentiality for the development of new drugs. There is the possibility that these drugs could fail or never make it to the marketplace. This risk must be balanced against the need to keep new drugs safe and available for human consumption based on current regulations.
When presented with differences such as this-- it makes it easy to see why each company should have their own risk management profile. Companies in similar sectors can learn from one another-- comparable analysis is a very helpful tool for businesses to see what tools competitors are using to regulate their own risks. Ultimately it is up to the top level executives to create a specific plan to proactively engage with and confront risk.
Now that we know that different companies will be required to take diverse risk-based approaches to their strategies, we are going to examine how to foster a more effective risk management style.
An effective way to to make strategic decisions is to take the biases out of it-- when you take out the psychological or sociological biases out of decision making, it helps to strengthen a company’s business model and approach to risk management. When risk is actively reviewed and accounted for, businesses can make more informed and better decisions based on accurate performance data.
Similar to removing the biases inherent in some decision making, companies should also take the time to evaluate whether or not biases have caused them to overlook a potential risk. It is important to know whether a company can weather a potential risk-- and come away unscathed. This is why stress testing is key to developing an appropriate business model for risk management. Figure out where your greatest threats will manifest from and create models of responses to that threat. Test to see if it holds up under the weight of the problem-- if it does-- you can work toward incorporating that into your business plan to mitigate risk.
When companies invest in creating quality products and implement effective safety standards, there is a evidence of significantly increased returns. If companies do not have to deal with the costs associated with accidents because the safety training or protective equipment is of a higher quality-- there is less cost and less risk. In addition, when quality control metrics prove that the company places value on its products, services, or processes-- they see an increase in demand for them, as well as enjoy a better reputation with consumers.
While navigating the world of risk management, it makes sense to have some controls in place to help deal with potential risks. Automotive companies as well as tech firms should have some risk management strategies in place in case of a supply chain disruption. This way-- when a problem does develop-- they can avoid costly remediation. Supply chain risk management can lead to improved cost predictability as well as the ability to maintain an optimal amount of inventory.
Ethical controls can be put in place for all aspects of company management-- social responsibility is rewarded with increased brand awareness as well as heightened reputation. Customers are willing to pay more for a product from a company that has standards.
A risk management strategy should be applied in everyday business practices-- and should be a part of the company’s business model. In order to do this, senior management must create an approach that engages three core strategies:
In order to create a robust model, an enterprise risk management (ERM) framework should be used to identify risks across the company. Once the risks are identified there should be a plan in place in order to report on and deal with the risks. Not only should this model deal with the highly-likely risks-- it should be effective at managing any emerging risks as well. Timeliness when responding to risks can make all the difference. The risk operating model should take into account these necessary components:
The risk operating model will be governed by a structure with clear accountability. This is achieved through three lines of defense:
Crises will happen-- but by implementing a risk management plan, companies can reduce their likelihood of occuring. It is essential the board members plan for and know what the greatest risk are that could happen in their industry. It is then up to the company to develop working action plans based on their data analysis, and to train managers and other employees in what exactly to do in certain situations. When companies know how to respond to a threat because they have simulated or trained for this situation before-- it can cut down on the response time and neutralize the threat quickly.
Managing your company’s risks shouldn’t be something that gets relegated to a backburner-- it should be a part of your everyday business practices. When senior management takes proactive steps to mitigating risk-- and does it in a more holistic and analytical manner-- companies are prepared and ready to respond to any emergency.