How risk managers have a new priority: strategy

How risk managers have a new priority: strategy

The number of risk managers who audit the strategy of a company are lacking. While operational risk management may have sufficed in the past, today our economy demands a more thorough analysis of risks associated with taking on a new strategy. Discover three tactics that can be used to manage the risks associated specifically with strategy and how you can learn these skills with Line Management Institute of Training's courses

The need to focus on strategic risks rather than operational ones

86 per cent of significant market capitalization declines were due to risks that were strategic in kind.

There is too much focus on legal, financial and compliance risks (otherwise known as operation risks) and not enough on risks associated with the overall strategy of a company. CEB found that 86 per cent of significant market capitalization declines in the last decade were due to risks that were strategic in kind. 

This goes to show that companies are just not doing enough to assess risks related to strategies such as investment, competitive incursions or development of core products. Instead, most organisations see the risk manager's role as primarily revolving around operations. It's high time that the role of risk manager changes and they become more involved in strategic decisions.

3 ways to manage strategic risk

1) Not risk aversion, but taking smart risks

First things first, it's important to note that managing strategic risk by no means translates into taking no risks at all. In fact, part of the job of risk manager should be to encourage new strategies, but to do so safely. 

It is telling that in CEB's study, only 20 per cent of companies described themselves as "risk-taking." However, it's well known that business leaders who take strategic risks are successful. Competition has become more intense due to technology speeding ahead. Therefore, the need to remain competitive requires taking risks with constant innovation

x 0 0 0 14110291 800

But it can be all too appealing for companies to maintain the status quo rather than imperil a company with a new strategy. This is what cable companies did before they were hit hard by the emergence of Netflix. McKinsey and Company explained that they knew that a service like Netflix was coming, but the fear of risk and organisational challenges prevented them from changing their strategy. The need to change felt too frightening, even though it was what was required to survive.

Therefore internal auditor training should revolve around teaching risk managers how to advise company leaders on how to carefully consider the chances they take rather than deterring them from taking risks altogether. This prevents the biggest risk of all – lost growth opportunities and complete business failure. 

2) Focus on improving human judgment, not processes

Creating a culture of safe risk taking is less about transforming processes and more about influencing human judgment. 

People forget that mistakes are often caused by humans rather than technical glitches. Therefore, risk managers should target how people make judgments, Boston Consulting Group suggested. This involves revamping training programs, risk-sensing mechanisms and monitoring, CEB wrote. 

Embolden employees to bring it to the attention of higher ups if they think there's a risk of a mistake being made. x 0 0 0 14090903 800Embolden employees to bring it to the attention of higher-ups if they think there's a risk of a mistake being made.

One particular way that human judgment can be improved is by encouraging greater information flows – especially self-reporting. This would make the ability to detect risk an individual responsibility rather than making it solely the domain of risk managers. To motivate employees to call attention to their strategic mistakes earlier on, risk managers could organise rewards for those who do self-report.

Also take note that encouraging voluntary reporting rather than forced reporting makes all the difference. A Georgetown University Law study found that voluntary self-reporting leads to more effective self-policing. The researchers concluded that self-reporting could therefore be a useful tool in business and government alike.

3)  It must be a company-wide effort 

Another way to work towards making strategic risk management not just the responsibility of higher-level employees is to use everyday language when discussing risks, CEB advised. Ditch the technical jargon and avoid using overly quantitative frameworks.

Ditch the technical jargon and avoid using overly quantitative frameworks.

Complex metrics and models, Boston Consulting Group says, only serve to unnecessarily complicate matters. They often muddle the risk-management process.

That's not to say that analytics aren't helpful at all – but they can make it so information about strategic risk isn't accessible but to only a few people. Instead, you should use real-world examples of strategic risks and how they were overcome. As a result, people will feel better equipped to use their own judgment when the opportunity to evaluate a new strategy arises.

Boston Consulting Group cites General Electric as a company that successfully communicated strategic risks to the entire organisation. 

Every year, the board of directors and senior management made a list of priority risks the company will face. The list was publicly available and accessible to everyone in the organisation. The chief risk officer (CRO) not only helped to form these policies but also ensured understanding and compliance with the company-wide risk policies.

The CRO should make it so there is a common language across the company. Writers of a 2015 Harvard Business Review article gave the example of Lego, which had a senior director of strategic risk management who helped with all of the decisions that required the investment of capital above a certain amount. This director talked to managers, for example, about how their projects fit into the overall company's strategy. 

The examples of Lego and General Electric exemplify how a risk manager can play a vital role in unifying the entire organisation around key strategies through clear, non-technical communication.

Become a Quality Auditor with Line Management Institute of Training's courses

The role of risk manager has transformed and taken on more importance in the analysis of business strategies. Find out how you can learn these skills and more associated with strategic risk management in Line Management Institute of Training's Certificate IV in Leadership and Management (Quality focused) and Diploma of Quality Auditing.

You'll learn specialised techniques that prepare you to control risks related to many different areas in an organisation, including strategy.

Contact us today to learn more about these qualifications and the skills you'll acquire.

Published by: LMIT