Taking stock of the overall risk profile of an organization, assessing how effective existing risk management strategies are, and considering new or emerging risks often never takes place. Daily business gets in the way of sitting back and taking stock of risks in a business.
Distractions can take the form of putting out spot fires, negotiating contracts, resolving issues with customers, dealing with projects, or managing personnel matters. Even strategic and business planning can take place without devoting sufficient time to thinking about business risks.
Business leaders should carve out time to take stock of the risks in their business and consider how they manage them. Actions to take can include:
- Undertaking an initial risk identification exercise using 52 Risks® With all risks on one page, the 52 Risks® Infographic can assist business leaders to identify and then consider the business risks their organization faces.
- Do a deep dive on a specific risk or business area. Doing a deep dive on one particular strategic, financial or operational risk from the 52 Risks® framework or select a business area. Often critical business risks such as IT Risk and Cyber Security Risk don’t get the visibility they need.
- Reflecting on how risk is managed. Is there a structured and rigorous approach to risk management in place? Does the business need to implement a more comprehensive and coordinated approach to risk management? Enterprise Risk Management (ERM) is a well know approach to assist firms to identify, assess, and manage risks. Coupled with the 52 Risks® framework, business leaders, risk managers, and other decision-makers can discuss and agree on the risk factors facing a business.
- Assess the frequency and quality of risk management reporting. Reporting of business risks either doesn’t happen or the reporting is hidden away in operations or finance reports. Also, consider if risk issues are reported to in a timely manner to the right level within the organization and being adequately discussed.
- Review risk management accountabilities. Is it sufficiently clear who is responsible for what? Are the roles summaries and job descriptions clear on these accountabilities? Do responsibilities for risk sit that currently with a safety or compliance function within the organization also need to be shared with business managers.
- Independent or External Review. For larger organizations, an independent review from your internal audit department or the engagement of an external risk management consultant may be warranted. Regulated firms, such as banks and insurance companies, are often required to do this periodically. An external review can bring a fresh perspective and also provide insights into what other organizations in your industry are doing to manage risks.
Whether it is as part of a strategic or business planning cycle or as a once-off exercise, time spent on the management of business risks is time well spent. Many risks businesses face are external and often outside business leaders’ control. However, some steps can be taken to assess the risks then manage and mitigate the potential impact on the business.
#strategicrisks #financialrisks #operationalrisks #enterpriseriskmanagement