Running a business can often take precedence over taking a broader and more considered view of the risks facing a business. Distractions can take the form of putting out spot fires, negotiating contracts, managing personnel matters, resolving issues with customers or dealing with major initiatives and projects.
Taking stock of the overall risk profile of an organization, assessing how effective existing risk management strategies are, and considering new or emerging risks are important tasks for any business leader. It is important to make time to take stock of the risks in a business and understand how they are being managed.
Any of the following activities will improve the management of risk in any business:
- Undertaking an initial risk identification exercise using the 52 Risks® With all risks on one page, the 52 Risks ® Infographic can assist business leaders to identify and then consider the business risks their organization faces.
- Assess the frequency and quality of risk management reporting. Consider if risk issues are reported to in a timely manner to the right level within the organization and being adequately discussed. Often escalation and reporting of business risks either doesn’t happen or the reporting is hidden away in operations or finance or other management reports.
- Undertake a ‘deep dive’ on a specific risk or business area. Set aside time for the management team to do a deep dive into one particular risk or business area. Often critical business risks such as cyber security risks or information technology risks don’t get the visibility they need.
- Consider a more structured approach to risk management. Is there a structured and rigorous approach to risk management in place? Does the business need to implement a more coordinated approach to risk management? Enterprise Risk Management (ERM) is a well know approach to assist firms to identify, assess, and manage risks. Using the 52 Risks ® framework, business leaders, risk managers, and other decision-makers can discuss and agree on the risk factors facing a business.
- Review risk management accountabilities. Is it sufficiently clear who is responsible for what? Are the roles summaries and job descriptions clear on these accountabilities? Do responsibilities for risk sit that currently with an operational function (such as safety or compliance) within the organization that instead should be shared with business managers?
- External Reviews. The engagement of an external risk management consultant may be warranted, for larger organizations. Regulated firms, for example, banks or insurance companies, are usually required to do this periodically. An external review can bring a fresh perspective and provide insights into what other organizations in an industry are doing to identify, assess and manage risks.
Time spent reviewing and reflecting on the management of business risks is time well spent. This can be done at any time or specifically as part of a strategic or business planning cycle.
Many risks businesses face are external and often outside business leaders’ control. However, some steps can be taken to manage these risks and mitigate the potential impact on the business.
#strategicrisks #financialrisks #operationalrisks #enterpriseriskmanagement