Bfore.AI Blog, Blog
3 ways to stimulate and reinvent effective risk management in the face of uncertainty | Bfore.AI
Today’s environment is not only characterized by increased risk, but also by prolonged uncertainty. By blurring the lines between business-as-usual risk management, crisis management, and resilience, it is possible to be agile in the face of an uncertain future. The impact of the coronavirus pandemic and its economic fallout has been significant and the failures in risk management numerous. Indeed, regardless of how your organization was affected, there is much to learn about risk management from this crisis.
Even after the last 20 years of continuous upheaval, risk management is too often misunderstood or misunderstood as a compliance function. But while compliance regimes can work well for known risks, with clear implications and proven mitigations in a relatively static environment, COVID-19 demonstrated that the environment is anything but static. Risk is not a well-behaved guest, and the impact of COVID-19 was impossible to predict. And every executive, board member or risk manager whose organization thrived despite, or even because of, COVID-19 should clearly understand: next time it will be different. The volatile, uncertain, complex and ambiguous environment virtually guarantees that the next crisis will be no more predictable than any other in the past 20 years.
The opportunity to improve and reposition risk management, that is, to reposition risk management, is one of the real opportunities this crisis presents to risk managers, leadership teams and organizations. This is not a repositioning in the sense of defining yet another action plan, but rather the definition of a renewed approach. It is about reimagining, refreshing and reinvigorating risk management and all its elements to face a very uncertain future. The concrete outcome of this repositioning is a risk leader’s program and mandate – and a risk management function – tailored to the critical risks the organization faces in pursuit of its purpose, mission, strategy and objectives.
The following three guiding principles can help initiate a repositioning of risk management and guide it in directions appropriate to the uncertainties of our time.
I. Taking the risk of trust: cultivating trust among stakeholders
To cultivate stakeholder trust, risk managers must think more broadly and deeply about the organization’s stakeholder ecosystem. Relevant risk programs are designed with the needs and expectations of all stakeholders in mind – customers, employees, board of directors, suppliers, partners, investors, media, community and society at large.
When an organization and its stakeholders truly trust each other, they become partners in risk management, alerting each other to emerging risks, collaborating to mitigate them and creating greater value for each party. This has been demonstrated through mechanisms such as customer councils and preferred supplier programs, as well as among extended enterprise partners, in which key stakeholders are “brought into the organization” to enhance relationships and build trust.
By considering stakeholders more broadly and deeply, and cultivating trust with the stakeholder ecosystem, the risk leader is in a position to:
- Identify all groups in the organization’s stakeholder ecosystem and their relationships, not only with the organization, but also with each other
- Articulate the needs and expectations of each stakeholder group vis-Ã -vis the organization.
- Understand the set of risks that could compromise the organization’s ability to meet the needs of each group and satisfy their expectations.
- Understand the interdependence of stakeholder expectations and how stakeholder groups influence each other, and understand the interdependence of associated risks.
- Question management about potential flaws in strategy, mistakes in execution, and areas where the organization could fall apart, while highlighting opportunities, solutions, and potential fixes-this second part is essential to avoid being seen as a naysayer.
- Ensure that the risk management program proactively monitors, mitigates, and manages risks that could affect the organization’s ability to meet stakeholder expectations, as well as the confidence of key stakeholder groups.
II. The best of all possible worlds: strengthening the role of risk management
Positioning risk management enhances the role of risk by identifying new opportunities for value creation as well as addressing actual and potential threats. This increases the C-suite’s confidence in the risk function by providing more relevant information, including predictive information, and solving the compliance conundrum created by the need to continually create controls, processes and reports in response to new mandates.
Successful repositioning also requires risk leaders who understand not only risk, but also business strategies and their implementation. These leaders, with an eclectic background and extensive business experience, can translate the often abstract concept of risk into concrete impacts on strategies, initiatives and decisions. They can help the executive team and the business identify, monitor, mitigate, manage and respond to risk.
Here are some actions that can help elevate the role of risk management:
- Re-examine the organization’s approach to risk, then streamline and right-size risk-related activities – particularly compliance activities, which can often be automated – and reinvest in higher-value, higher-return activities.
- Integrate risk management by removing silos and activities from the organization.
- Streamline risk management by focusing people, processes, technology, and investments on the most important risks-those that could compromise the ability to meet stakeholder expectations.
- Quantify the cost and value of risk management outcomes.
- Adapt risk management to an environment of ongoing uncertainty by providing improved risk data and risk-based decision support.
III. Making risk management “smarter”: giving risk management the tools to do its job
When a crisis occurs and in an environment of ongoing uncertainty, management needs a clear picture of current and potential developments. Yet the risk leader and risk management function often lacks access to data, analytical power, and the ability to communicate with management and the organization in real or near-real time.
A successful repositioning of risk management provides the risk leader with easy access to risk and performance data, analytical tools and reporting mechanisms such as data visualization. Equally important, the risk leader and his or her team must be prepared to provide early warnings of emerging risks to further support decision making – perhaps with the help of risk sensing technologies, predictive analytics and scenario planning – as well as actionable insights and recommendations.
Scenario planning, in particular, can enable risk managers to clearly describe the impact of potential risks on specific stakeholders. It allows management to better understand the range of options available and the potential ramifications of each decision. Scenario planning also allows management to identify potential signals that, if they were to occur, could indicate the nature and impact of potential risks and the direction of future events.
Some useful questions to ask in efforts to provide risk information include:
- What risk data does management need, and how can we access and analyze that data and effectively distribute and communicate the results?
- How can we apply predictive analytics, risk detection, and other intelligent technologies to improve our risk management and decision support capabilities?
- How can we use scenarios to better understand the evolution of current and future crises?
- How can we better assist management in developing potential responses to risk events? What are the signals and triggers that could help us determine what responses should be implemented and when?
- How can we better communicate about risk within our organization? How can we more clearly describe the potential business impact of risk events on our organization and our stakeholders?
- What actions do we recommend to mitigate the risks and take advantage of the opportunities that have been identified? How can we frame our recommendations in a way that compels management to act on them?
The COVID-19 pandemic has shown organizations that they can make decisions quickly under conditions of extreme uncertainty. The challenge is to make even better decisions under the conditions that lie ahead. To do this, we must combat the inertia that could cause the organization to lose this capability and return to the status quo, and push risk management back to the old ways of doing business.
Risk functions currently have a rare but real opportunity. Rather than slowing down decisions, raising only objections, or entering the process too late, risk should be a catalyst, not a barrier. This means supporting early decisions, presenting solutions, and engaging early.
Prevent the next Cyber Threat
Bfore.AI patented AI technology combined with hyperscale observation infrastructure and modern APIs augment our customers security postures with Predictions.
Discover Predictive Cyber-Security
Book a live demo with our specialist to discover how Bfore.AI helps organization fight cyber threats with their patented technology.