While working on a presentation for a Mining sector conference recently, it struck me just how important risk management is for ensuring that strategic plans become reality. Not just risk management per se, but fully integrated risk, where pretty much everyone in the organization is involved.
Here’s why. Often risk management responsibilities are allocated to a relatively small group of individuals with specific functions like safety, environmental management, operations, finance and strategic planning. This tends to lead to a siloed risk management structure where risks are managed independently with limited communication with other domains. Many risks remain invisible to other parts of the organization because they’re expected to be handled as a part of the daily responsibilities within a specific domain area, even though they have broader impacts. An enterprise-wide approach to risk consolidates risks from all domains into a common framework where the implications of risks can be assessed and managed in a way that addresses the full scope of their potential impact throughout the business.
Improving cash flow by harnessing opportunities and mitigating threats
A key benefit of shifting to a more holistic view of risk is the link between the risk management process and business planning activities. For example, risk can be built into the corporate budget by including cost estimations from threats, expected costs of planned mitigation actions, and potential savings and growth from opportunities. This provides a risk-adjusted view of cash flow that tends to be better aligned with actual future performance while also driving stronger financial results.
Increased resilience increases corporate performance
However, the benefits go much deeper than simply improving cash flow (although that in itself is reason enough). Aligning business objectives with risk handling strategies that have specific action plans creates a level of resilience that is proven to increase the likelihood of meeting performance objectives at all levels of the organization. Risk management starting at the strategic level and cascading down through the organization enables more effective decision making, alignment of priorities and effective use of resources to mitigate threats and capitalize on opportunities.
Identify risks earlier with a bottom-up approach
While these top-down risk planning activities tend to be annual with updates on a quarterly basis, a bottom-up approach should also be occurring, on a much more frequent basis that deals with changing conditions in a timely manner. Identifying threats and opportunities earlier improves the odds of achieving the plan, and enables the organization to address the risk when the treatment cost is at its lowest.
Applying appropriate rigor
Another aspect of risk management that is often neglected, simply because people don’t have suitable tools, is the level of rigor that is applied to the management of a risk. The nature of each risk should be considered and its potential impacts assessed. Rather than taking a ‘one size fits all’ approach, anyone should be able to introduce a risk by communicating an appropriate amount of information, followed by some degree of analysis and treatment that makes sense in terms of time, mitigation resources and risk appetite.
End-to-end holistic risk management
A holistic approach to risk management starts as early as possible, perhaps as a ‘concern’ before meeting the organization’s standard criteria for a ‘risk’, and extends beyond the analysis and treatment to include monitoring of actual outcomes, thereby fostering continuous improvement and organizational learning. By taking an end-to-end holistic view of risk management, involving stakeholders across the business using a single risk platform where information and knowledge about risks can be shared, organizations develop better foresight and manage risks more proactively, which leads to better operational, financial and strategic results.