Risk management is moving into the limelight, not just because the world is a complex, fast-moving and risky place in which to operate, but also because, as organisations innovate ever-more efficient processes, develop new and improved offerings, enter into strategic alliances, reach out to customers in new and innovative ways, and widen their reach into the global marketplace, their risk exposure increases. And organisations must do these things or face stagnation and death as they’re left further and further behind by their competitors.
Another factor pushing risk management into the forefront of an organisation’s operations is that the longer an organisation pays attention to risk management, the more it matures, in risk management terms. When an organisation first dips its toes into risk management, it is largely limited to compliance and protection. Operational risks are at the top of the risk manager’s ‘to do’ list. But once these risks become ‘business as usual’ (BAU) risks and are satisfactorily managed and monitored by ‘owners’, the risk manager’s list of current, active and therefore frequently reviewed risks, shrinks. Current risks might drop from well over 100 to around 20, for example, and these would only need annual or bi-annual audits, with quarterly audits for severe risks, to make sure all is well. You are now a ‘mature’ organisation, in risk management terms.
So what to do with all your spare time? The answer to this is what moves you into the limelight. With your BAU risks sorted, you move into the strategic space. You’re scanning the horizon, looking for opportunities. And for every opportunity you spy, there is a risk of some sort. You have moved into helping your organisation find and take risks that can add value to its operations and and offerings.
Risk culture is increasingly important. Every employee and contractor needs to be a mini risk manager for the organisation they’re working for. Risk managers need to monitor and guide the building of a strong risk culture, offer interesting and informative risk management training and work with senior management and the board to establish clear guidelines on who can take what risks, and why, without reference to senior management.
So there is a lot to do after you’ve reduced your organisation’s active current operational risks. You’re broadening, and probably increasing, the number of your organisation’s strategic opportunities and risks. Back to a bursting ‘to do’ list.
Are you ready to step into the limelight?