Covid 19 has shaken worldwide markets and could be the catalyst for the next phase of our global economy. Given the impact on society, and the pace of technological developments in fields such as biotechnology, AI, processing power, data, space, alternative fuels, and batteries – a new dawn is at hand. So why is risk management important? Because we are entering a time of profound change. Our lives, as we know them, will be transformed shortly.
We have no idea what advice to give our children about their future career choices, since all we know is that they won’t be the same as what we’ve encountered in our lives. The best we can do is provide them with transferable skills such as creativity, communication, leadership, team-working, and instilling a work ethic and personal resilience that will help them flourish in whatever it is they do.
Before we leap into a future marked by hyper-change, there are important lessons to be learned from our recent past, which witnessed the most rapid economic growth and technological progress in the history of humanity.
The fascinating video above indicates just how much the business world has transformed in the last 25 years. This isn’t about who the 10 biggest firms on earth are, and their market value. Instead, it’s about how change affects all businesses, regardless of size or sector.
It’s not just about single businesses either. We’ve seen entire sectors develop while others fade away. The most dangerous threats aren’t necessarily from established rivals. Instead, they might be a well-resourced mega-corporation like Google or Amazon, or an unknown startup concept that can grow to unicorn status in the blink of an eye.
Whilst change is the unifying theme, the skill required to navigate, pivot, or adapt is risk management. Risk management capability is a fundamental requirement in all businesses. It is a board responsibility, yet conducted at the coal face. Most regulators and standards require it, and every business faces it, takes it, and must manage it.
Given its importance, it’s unfortunate that most organisations still struggle to make risk management a dynamic, engaging, and valuable process. Instead, the majority of approaches fall into one of two categories:
Most startups and small businesses manage risk by gut instinct. They know it’s not ideal, but it’s the easiest option when lacking professional risk expertise. Unfortunately, this is entirely dependent on an individual’s instincts, and is done on an ad-hoc basis. Given the counter-intuitive and complicated nature of risk (i.e. risks are bad for business, but they must be taken), and the many decisions that business executives must make, a negative outcome is practically unavoidable.
It’s a matter of luck which mistakes occur and what their ramifications are for a business. This, in turn, contributes to the overall statistics showing why most start-ups/projects/change programs/marketing campaigns have a high failure rate. Intuition will only take you so far. Sooner or later, your luck will run out.
Large, or regulated businesses, often formalise their risk management procedures, with some even hiring risk management experts and deploying software solutions. Yet, the overwhelming majority believe these protocols still fall short of delivering expected returns.
The most typical criticism we hear from business leaders, is that the risk discussions seem too high-level, risks never alter, updates are too anecdotal, the procedure is more of a reporting exercise, and that there is a need to modify the culture and ’embed’ process and thinking.
Ultimately, risk management isn’t leading to changes that support business decisions. Instead, the real decisions are taking place outside the process and in other forums. Many of these larger organisations therefore, spend a lot of time creating risk reports and documentation, but are in effect managing risk separately, often by intuition much like their smaller counterparts.
Despite many organisations adopting well-accepted best practice frameworks and guidance for risk management such as COSO ERM and ISO31000, many are still seeking ways to obtain greater returns through better-engaged culture and an increased consideration of risk in decision making.
Putting culture aside, a more detailed investigation and analysis of risk register reports shows them to be:
We’ve spoken with hundreds of business executives and heard that the risk management process must be easy and useful to appeal to stakeholders who have other ‘day jobs’. It must therefore deliver value at every interaction, especially with senior stakeholders. Regularly asking them for updates turns the process into a chore and is a recipe for disaster.
We propose a more practical approach to risk management, viewing it as a problem-solving process. This simple paradigm shift makes risk management far more action-oriented, delivering profound, beneficial impacts and results. In practice, the process evolves into the very things leaders need to do to proactively manage their teams, projects, business, and goals:
Culture is a vague and complex topic combining behaviours, mindsets and tendencies. This is made more challenging when your business has its own culture agenda, and the risk team speaks separately about risk culture. These need to be aligned and intertwined.
The practical process improvements described above already start to influence organisational culture. We can further articulate risk culture using the acronym ETCHED. When prompted to think objectively about each aspect of ETCHED, Boards and Leaders will soon recognise there are gaps and journeys to each element. Addressing these promotes the risk process as a critical driver for more effective behaviours, mindsets, and tendencies across the business.
This is the 1st of a 4 part series helping you to think broadly about the risks you face. Subscribe to our Blog today to never miss an update.
About the author
Danny Wong is the Founder and CEO of GOAT Risk Solutions. He is a thought leader in risk maturity, having engaged with hundreds of leaders and professionals in extensive market research. He has first-hand experience of supporting major corporates in a +20 year career specialising in Enterprise Risk Management. Danny saw a market opportunity for a simple, low-cost risk software solution to help organisations improve risk management capability, and launched GOAT in 2018.Find out more about GOAT Risk™