Saturday, May 14, 2022


For leading organizations, corporate risk management is already an integral compe­tency to improve business agility, speed and maturity.

With faster pace of change, unprecedented uncertainty and ambiguity, risk management is a broad concept which spans the organization from business strategy to operations; from methodology to technology. In many organizations, risk management is still running in silos. The more diverse, the more regulated, the more geographically dispersed an organization is or becomes, the more important an integrated or federated risk management approach becomes. 

In addition to concerns about the effectiveness, efficiency, and expectations, even more, good risk managers see that risk can provide very exciting opportunities; risk management is not an isolated discipline, but an integral solution that significantly improves business agility, intelligence, and maturity.

Integration between the enterprise risk management process and the business planning processes:
Risk is part of reality in running business today, however, most of today’s risk management is reserved for huge and costly endeavors. The problem with this is that the lack of risk awareness creates more blind spots uncovered and gaps unfilled, so strategic planning fail to be implemented successfully. Thus, the management needs to ponder: Is your market sector volatile or relatively stable? What are the biggest risks in risk management? How to manage risk holistically? Etc. The purpose of assessing risk against consequence criteria is to determine what risk must be managed, and who needs to be involved in that management, transforming from risk mitigation to risk intelligence.

In many organizations, business planning and risk management were run as parallel exercises. Very few organizations manage to incorporate the enterprise risk management output into their business plans and standard operating procedures. There is a lack of integration between strategy management and business risk management, creating the silo effect, losing the benefit of cross-sharing and cost-saving, impeding strategy alignment and execution. Both quality and quantity are critical to improve risk management maturity. The premise of trying to quantify the value in a monetary sense is only relevant to the extent you want to evaluate options to mitigate the identified risk. By understanding the business value of risk management, the approach to manage risk is to look at the effectiveness of the risk management strategy, not just its financial value; manage risk and opportunities holistically.

Risk Management is integrated into hard organizational elements such as processes or procedures, etc: Assuming that in any risk management program, all the known and potential risks would have been covered and managed, and over a period of time, the enterprise risk management would be making continuous improvement. In quite many organizations, the risk management system is detached from the real management of the business, silo setting, business relationship frictions, culture inertia, etc, all increase risks significantly. It’s important to scrutinize process, structure, technology, people, the critical success factors of the business, and collect feedback from the risk management process. Embed risk identification and assessment in operational processes and multiple management disciplines.

Besides identifying risks, spotting opportunities as well, putting in place a mandated risk tolerance structure via escalation requirements based on current risk ratings, getting the balance right should result in the future vision aspects, providing a holistic process for connecting the dots on risk across the orga­nizations; providing information to the assurance lines that evaluate the business risk profile for analytical breakthroughs.

Risk Management mechanism needs to be well embedded into soft business factors such as corporate culture:
Consider each risk in terms of its immediacy, impact on the organization and the organization’s ability to absorb the shock and survive to repair itself in the worst case scenario. Instead of risk management being viewed as the role of a few people in risk management or internal review, it needs to be viewed as the responsibility of every person in the organization that makes a decision and involves risk. It’s critical to understand the risk appetite of business management, improve the risk attitude of staff, embed risk management mechanisms into corporate culture, and increase clarity of individual accountability for risk management objectives. So opportunities and risks can be managed structurally to generate value cost-effectively.

Top management commitment is important to build risk awareness culture successfully. Management puts emphasis on risk management to risk intelligence transformation; set good policies to encourage good risk attitude and behaviors; deepen their understanding of potential risk, collect more information on risk culture assessment, automate and optimize important processes to eliminate unnecessary risks. So strong risk management can be integrated into organizational culture-collective mindset and behavior to run a risk intelligent organization.

In business, every day is a risk, solid risk management enables the accumulation of enough resources to thrive by capturing opportunities in it and adapting to the uncertainty and changes. Highly effective Risk Management is not just about risk mitigation or controlling, but more advanced as risk intelligence. For leading organizations, corporate risk management is already an integral compe­tency to improve business agility, speed and maturity.


Post a Comment