Tim Roberts
London
In 2022, as businesses face the challenges of evolving disruptive forces - societal, technological, environmental and regulatory – it has become clear that a paradigm shift in risk management is urgently needed. This change must mitigate the risks to organisations and consumers, in addition to allowing businesses to take the right risks – a fine, yet achievable balance.
As such, businesses find themselves grappling with an increasingly complex array of risk exposures. A fresh approach is needed that places “Risk Management by Design” and therefore business resilience at the core of enterprise-wide decision making.
The critical risk exposures facing businesses today are in constant flux. They encompass:
Each of these risk areas (which we will explore in more detail in future articles) has the potential to materially impact organisations if not proportionately managed – from inviting unwanted scrutiny from regulators, to distracting a business from its strategic objectives. Moreover, businesses with international interests will also need to keep one eye on the inherent associated risks, such as the global regulatory landscape.
To successfully negotiate the myriad risks we see today, organisations should consider three key practical points in 2022:
1. The traditional risk toolkit – controls, limits, measurement tools – is inadequate to manage all of the concurrent disruptive forces a business will face. While these tools are still essential, companies must also develop an adaptive, enterprise-wide culture of risk awareness and mitigation. Managing risk isn’t just about response and recovery and it is not a matter of defending a company against each and every risk that could come its way. It is more about building insight into risk and long-term resilience to risk through constant adaptation and evolution.
2. Risk cannot be ring-fenced, or simply left to a CRO or the ExCo to handle. There must be an enterprise-wide understanding of the need to generate practical solutions to risk mitigation in order to deliver successful outcomes for the business. Risk-mitigated outcomes, if developed with a “Risk Management by Design” approach, can safeguard organisational value in addition to delivering operational and commercial benefits. There are signs that a wider range of senior leaders – from COOs to CIOs – are increasingly open to embracing and owning the need to integrate a pragmatic risk mindset and subsequent approaches into their functions. Ultimately, this is a matter of survival, facilitating the growth of consumer trust, operational effectiveness and delivery of commercial value if implemented effectively and efficiently. Risk mitigation is not simply a 2nd line control function seeking to mitigate the risk taking of a 1st line focused on top line growth – it is a responsibility and duty of the whole organisation to address. When faced with so many rapidly evolving disruptions, only those businesses that are agile enough to adapt will survive and go on to thrive.
3. Risk should not be seen as something to be minimised. In our experience, many businesses make the mistake of seeing risk as inherently separate from innovation and driving value. Where the management of risk is aligned with the delivery of strategic objectives, significant value can be achieved – be it through removing the threat of punitive fines from regulators, innovating with new offerings and processes, strengthening consumer trust and driving good customer outcomes, or taking actions that can help the business succeed in new markets. For example, misuse of data is clearly a major risk for businesses, but when data is captured and used correctly and compliantly, it can be a source of huge competitive advantage.
Effectively managing risk and building greater organisational resilience in 2022 is an imperative. It is about embedding “risk management by design”, irrespective of the industry or geographical market you may operate in. If siloes can be broken down to help every function understand the risks it is exposed to, including honing-in on the enterprise-wide aggregation of risks, the commonalities in operational controls and develop operating structures to foster ownership and effective governance, then a true culture of resilience can be embedded within an organisation’s DNA to successfully manage the challenges ahead.