The architecture of risk governance poses challenges that are daunting for even the most seasoned board risk committees and risk practitioners.
“One of the most crucial elements in taking a company from good to great is somewhat paradoxical. You need executives, on the one hand, who argue and debate – sometimes violently – in pursuit of the best answers, yet, on the other hand, who unify fully behind a decision, regardless of parochial interests.”
It is odd that a field as analytical as risk management is so often derailed by the missteps of human psychology. Risk management is seen by many stakeholders as an annoyance – the result of having to take into account the actions of bad actors who capitalize on lax practices and other – wholly unintended – consequences of business environments which can leave organizations vulnerable. This viewpoint has created an entrenched perspective in which risk management is resentfully seen as a cost to be avoided. We’re learning hard lessons about how this level of opposition prevents the agile responses we need right now. In risk management, we are all looking out over the dark morass trying to determine “friend or foe”- knowing that to mistake one for the other is fatal. But too often we’re fighting our own teams. In the light of the many news feeds about companies that have failed to make the grade in risk management, boards are keenly aware of the implications. So they are more eager than ever to solve the puzzle of how to shift risk management from a nuisance to a necessity. Risk can be good – taking the right kinds of risks offers opportunities that separate resilient top-tier companies from the mid-ranks. Yet risks that are not well-managed can bring a strong company to the breaking point. So, how can you change the tone from one of opposition to one of collaboration – one in which risk management is understood to be a most essential cost of business operations? The approach is akin to community building: know your neighbors; keep your head up so you can see what’s around you; share your skills; mediate conflict; learn from new angles; ask for help when you need it; and help carry the heavy loads. In short, go for the shared goal, which is to understand and respond appropriately to risk. Achieving stronger risk management does not have to require massive restructuring – it can be simpler than we want to believe. It takes three things: break company silos, effectively communicate, and unify behind shared risk management goals.
- To break silos requires transparency – the kind of transparency that shows without question that there is a strong, even critical, positive impact to be gained by understanding, controlling, and monitoring risks throughout the organization’s operations.
- To effectively communicate requires return on investment (ROI) messaging that is based on objective information (measurable, clear, credible, up to date information).
- To unify requires tone at the top that is actively supportive of the credibility and usefulness of proactive risk management in sustainability planning and ongoing operations. Once boards are in sync with the ROI involved – the real value of risk management – then senior executives can act as the bridge for the rest of the organization, consistently communicating and supporting the need for expertise, monitoring, and reporting that supports robust risk management.
To achieve the type of dexterity needed today requires us to step beyond our personal fears and break company silos, effectively communicate, and unify behind shared risk management goals. That’s the part that people don’t want to do – they hang onto tradition, power, and process as if their lives depended on it – and do so at their own peril. They see the challenges as too big, too hard, too daunting. The alternative however is a great human foible – that we ignore what we know. We talk daily with Shared Assessments members and other peers who recognize the success that understanding and responding to risks can bring. We have developed workable, step-fashion thought leadership resources that boards, executive management, and practitioners can use to reach their organization’s risk management goals. You can learn more about Shared Assessments’ Thought Leadership here where you will find more resources for Risk Governance.