Wednesday, October 19, 2022


Security, risk, compliance, and governance should be converged into more cohesive management discipline to improve overall organizational agility, resilience, and maturity.

In business, every day is a risk, but when a company embarks on a growth strategy, the risk curve will always be greater than a business as usual approaches. To improve organizational resilience, give enough autonomy to the business for making its own decisions on risk management.

 It's important to develop an effective risk management model for integrating all crucial elements such as processes, technologies, tools, talent, communication, culture, etc. to model, manage, and measure risks, and improve business effectiveness systematically.

It’s important to integrate risk intelligence into business model reinvention:
Business is still fundamentally looking at risk in a negative context but more often than not, risks and opportunities co-exist. Integrating risk management into the everyday business model helps to move the organization a couple of steps forward in improving business resilience and achieving business excellence. With hyper-competition and shortened business cycles, to avoid fast obsolescence and survive in frequent disruptions, a strong business model needs to be both inspirational and practical. To improve business effectiveness, manage risks, and increase resilience, the business model designers should methodologically review a list of levers for business model components, and generate a list of potential business model options systematically.

Business models should be simple, intuitive, and tell the story. But at the detailed level, businesses need to identify the customer, tell how they are going to charge customers, and identify what value they provide. The evolution of business modeling evolves through various iterations from a very crude view to a refined view along a gradient of preciseness validated by customer feedback and employee brainstorming. They may need to emphasize analytic information or it requires that there would be any formal analysis. In fact, an in-depth risk analysis helps the business management predict risks, uncover hidden pitfalls, and improve business continuity.

It’s important to integrate risk management into organizational restructuring efforts and practices:
Due to rapid change, corporations need to create new structure schemes and organizational designs because business goals are not being met with current design and structure. Delayering becomes a lens through which it is possible to examine and fix many other issues including bureaucracy. A business system gains more and more energy until it crosses the point of system resilience. The level of organizational resilience depends on the interrelationships, interdependence across the organizational hierarchy. The business has to keep optimizing its structure and management pyramid to achieve the state of digital equilibrium.

Organization structure implies a certain level of alignment, accountability in it. So each time you reinvent the organizational structure, there is risk in it. Designing the organizational structure should have a clear business goal, and it is a co-responsibility of the related parties such as the senior leadership team, Enterprise Architecture team, information technology, talent management, finance, etc, need to be invited to bring up different perspectives. They can leverage the emerging collaboration platforms and tools, enabling not only the structured processes of the past but also the unstructured processes, take a hybrid physical and virtual approach to shape a people-centric organization. The risk management mechanism needs to be well embedded into soft business factors and put in place a mandated risk tolerance structure via escalation requirements based on current risk ratings. Also, it's crucial to provide information to the assurance lines that evaluate the business risk profile for analytical breakthroughs and managing the “shade of gray” effectively.

It’s critical to integrate risk management into budget planning, complexity or reusability management: Due to the increasing pace of changes, nothing is static, from strategic planning to budgeting. In many organizations, spending on maintenance and mandatory changes for legal and compliance reasons will remain stubbornly high; “keep the light on” budget is still high, a low percentage of the budget goes to innovation. But that increases the business risk from the long term perspective because organizations become irrelevant if their budget planning is not effective to build the long term business advantage.

Business becomes more complex, from process, business relationship, products/service design, development, integration, ecosystem perspective. Thus, risk is part of business reality, you just need to handle it structurally in managing business complexity and improving organizational agility. For example, app reusability is one of the important IT management practices to avoid reinventing the wheel from the scratch. However, many times, re-usability brings in additional complexity or risks to support re-usable aspects. Knows when to reuse and when not to reuse: where it may be bad, where there may be risks, but also where, if appropriately mitigated, the reuse could be good. It is always important to develop a set of next practices to better manage risks, these respective disciplines will converge through best practices to improve business risk intelligence.

Incoherent process, inconsistent practices, in-effective management approach could make business vulnerable to changes, increase risks in moving business forward smoothly. It’s important to understand the future, opportunities, and decide which one to go after and which one they will not go to. So risk management needs to lift up from risk control to risk intelligence which can identify the potential business growth opportunities. Security, risk, compliance, and governance should be converged into more cohesive management discipline to improve overall organizational agility, resilience, and maturity.


Post a Comment