Sunday, September 15, 2019

From Enterprise Risk Management to Enterprise Opportunity Management

 When a company embarks on a growth strategy, the risk curve will always be greater than a business as usual approaches.

We live in an era, full of uncertainty, velocity, complexity, and ambiguity. The result is higher risks of conflict and inertia. Thus, organizations must have solid risk management disciplines, make objective assessments, develop a high-effective management framework, provide backup options, and make the transition from risk mitigation to risk intelligence - the accumulation of enough resources to thrive by capturing opportunities in it and adapting to the uncertainty and changes smoothly.

Make an objective risk/opportunity assessment: The major source of limitation in any risk management is because of the risk of the unknown. The age-proven SWOT analysis (Strengths Weaknesses, Opportunities, Treats) is a very common process to help determine where the risks and opportunities are, and where value can be created in the organization rather than just protecting it. It’s a great tool that helps managers ask the right questions, answer them systematically, and understand them in context. In practice, try to identify all possible risks, the organization perhaps ends up in a huge list that may not be practical to assess. What is done is then some low risks are ignored by accepting them. The other pitfall is that the risk management system is detached from the real management of the business. Embed risk identification and assessment in operational processes and multiple management disciplines. It’s important to look at Trust in Humans, Trust in Processes. Trust in Technology. Besides identifying risks, spotting opportunities as well. There is possibly different scenario in which the identification of negative risks unearths an opportunity. This is all a matter of perspective. It requires the stakeholders to open their perspectives or framing on what they are observing. Every opportunity has risks in it, and every risk perhaps also has opportunities in it.

Develop an effective risk management model: In business, every day is a risk, but when a company embarks on a growth strategy, the risk curve will always be greater than a business as usual approaches. As long as risks have been identified and agreed with stakeholders as per business needs, then you can take place a risk models which effectively predict, optimize, and consider a continual and sustainable approach with multi-faceted perspectives, and specific threshold for justifying opportunities and business outcome. Too few business enterprises have appropriately aligned or devoted sufficient resources to their risk management efforts, and they should be or need to be appropriately integrated, with decent reporting structuring and streamlined processes. Assuming that in any risk management program, all the known and potential risks would have been covered and managed, and over a period of time, the enterprise risk management would be making continuous improvement based on the feedback from the risk management process and what would be left is what is unknown. Therefore, it’s important to develop an effective risk management model for integrating all crucial elements such as processes, technologies, tools, talent, communication, culture, etc. to model, manage, and measure risks, and manage opportunities systematically as well.

From risk control to risk intelligence: Statistically, more than three fourths of today's business value is based on their ability to embrace complexity, understand the future, opportunities, decide which one to go after and which one they will not go. Thus, the risk management needs to lift up from risk control to risk intelligence which can identify the potential business growth opportunities. Often, risk and reward are proportional from innovation management perspective. The revenue leaders cross-industrial sectors are the best practitioner for risk intelligence. Breakthrough innovation usually has much higher ROI but with much greater risk. Thus, as part of implementing an enterprise risk management system, companies should put in place a risk appetite system that goes beyond high level statements. Once the risks have been prioritized, you can then look to mitigate the most important risks to bring them within appetite. The enterprise risk management has to be expanded into enterprise opportunity management. GRC practices need to be converged into cohesive management disciplines, and well integrated into the key components of business strategy.

High mature digital organizations establish a set of well defined GRC principles, develop an effective risk management framework, have intelligence-led risk management mechanism embedded into both mindsets and process, harness a risk-awareness culture and a healthy risk appetite, and take a holistic approach to manage risks and opportunities, for improving both top-line business growth and bottom line compliance, to reach the next level of organizational maturity.


Post a Comment