The role of business risk management in driving growth
- What is the role of leadership in risk management?
- Transforming and managing risk efficiency and effectiveness
- Managing risks and aligning strategies with business goals
- Attributes of effective risk management strategies
- What can boards do to assess the effectiveness of risk management?
According to a new Ernst & Young (EY) survey of more than 500 global board members, risk management leaders are too focused on emerging, irregular risks. EY notes that this can be counterproductive as such risks are not always aligned with business objectives.
EY noted that atypical risks tend to be firmly established in the present and board members need to look ahead to maintain their strategic advantage and minimise their exposure to disruption.
Whether it be about identifying potential causes of loss, recommending preventive measures, or drawing up plans to maximise business opportunities, the London-based multinational firm said boards need to evolve to maintain effective risk management.
EY Global said t the most effective ways board directors could strengthen risk management is to:
- Reassess the nature and scope of risks applicable to the company and collaborate with management to implement strategies inspired and aligned with the organisation’s primary objectives
- Consider whether the board is operating effectively and is fulfilling its role in setting an organisational purpose that goes beyond generating returns for shareholders
- Incorporate a data-driven approach to risk management that continually defines and redefines business risks and reports on the most critical threats
By considering the factors mentioned above, EY Global believes that boards will be able to think beyond today’s challenges and improve policies to reshape the future of their organisations, drive business growth and boost risk management.
What makes a successful business risk management strategy?
Unsurprisingly, there is a certain level of knowledge and competence that effective risk management professionals require.
While the risk industry and the leaders within it have evolved over the last few decades in tandem with a maturing society, it has become a top priority for boards, with 79% of those surveyed claiming that risk management is crucial to the stability of business operations.
Almost every industry has undergone a seismic shift amid advances in technology, which has created challenges and opportunities for organisations.
In this fast and increasingly complex environment, a successful risk leader will need to manage the unique demands of a changing business environment, challenge colleagues striving to bolster business performance and maintain a continued focus on the risk of loss.
Many risk leaders emerge from technical backgrounds and have demonstrated integrity and courage, which most CEOs see as crucial for the role as risk managers will need to challenge others and adapt to expectations of them as leaders by stakeholders.
The importance of risk management leaders has become even more prominent over the last five years, with CEOs claiming that they expect the risk management role to develop the most within the next three years.
Why is business risk management essential for success?
Risk management has always been critical in an organisation as it allows a company to recognise adverse events and mitigate potential risks when defining business objectives.
However, the coronavirus pandemic – which is a risk event in itself – has accelerated digital transformation and highlighted the need for boards to make risk management more efficient, insightful, flexible, and strategic.
COVID-19 also increased risks that were already threats to organisations, such as supply chain disruption, geopolitical tensions, cybersecurity attacks and fraud.
According to the EY Global Board Risk Survey 2021, 83% of board members believe that irregular market function has become highly influential in modern society, with 87% claiming that disruption has become more frequent.
Although survey participants said they had placed more focus on assessing and prioritising risks, many board members lack confidence in their firm’s capabilities.
The EY survey revealed that just 18% of board members believe that their firm could effectively handle disaster response. Meanwhile, just 13% believe that their organisation has implemented a highly effective strategy against risk and compliance.
Effective and strategic risk management strategies
The EY’s findings suggest that there is significant room for improvement, and after analysing the results, the firm suggested ways that board members could develop effective risk management strategies.
They classified respondents into three groups – risk management leaders, risk management improvers and risk management developers – based on the data they received on what these board members thought about their risk management effectiveness:
Risk management leaders
The risk management leaders group accounted for just 16% of the sample, with EY Global noting that these organisation’s had already implemented effective risk management strategies.
Board members in this classification were deemed to have a profound understanding of the interwoven nature of risks and have a clear idea of the level of risks the organisation is willing to accept while pursuing objectives before taking any definitive action.
Risk management improvers
Organisations classified as risk management improvers – accounting for 60% of the sample, were found to have reasonably effective risk management but are less successful than leaders at implementing strategies and defining their risk appetite.
Risk management developers
The second-largest sample group was risk management developers, who are considered the least effective risk managers.
Although they can respond to disaster calls and develop a contingency plan, they have failed to grasp the importance of data and technology for risk management. As a result, these organisations are most at risk of delays, failure, and loss.
What does effective risk management look like?
After examining common traits of those that the EY classed as “risk management leaders”, the London-based firm identified and associated three behaviours with more effective risk management:
- Market risks should be evaluated through a long-term horizon
- Integrate risk management priorities and business strategy
- Focus is honed on atypical, emerging, and external risks
Evaluating risks through a longer time horizon
You may have heard of the term “investment horizon risk” but are unsure of what it means and how it can impact your organisation.
When assessing strategy and risk, it’s critical to consider the time frame for which you want to measure risks, and which is most appropriate for your business.
According to EY Global, risk leaders that have developed a more effective strategy view risks through a longer-term horizon – ideally more than five years.
The global professional services network found that 43% of risk management leaders aim to ride out volatility for at least five years when scenario planning, compared with just 22% of management developers.
More than 25% of risk leaders also look more than five years into the future when developing their organisations’ business strategy compared to just 8% of management developers.
EY Global notes that approaching risks through a long-term horizon is more advantageous as risks tend to exceed implied time limits.
The risks associated with climate change serve as a perfect example. Organisations within the energy and commodity sectors are likely to have been impacted by changes in global climate patterns. In contrast, firms operating outside of these sectors may have experienced little to no effect.
However, this is expected to change, with countries striving to achieve net-zero emissions in the next couple of decades. The effects of climate change are also likely to impact supply chains and contribute to technological advances, which could displace customers and ramp up pressure on organisations to act.
Even if board members don’t believe that implementing strategies against climate change is imperative, EY Global insists that it deserves some focus as the number of consumers that want to purchase from businesses that address societal issues is growing.
The coronavirus pandemic has evidenced this, as there has been an increase in revenue for small local businesses and independent brands. Consumers have also become more sensitive to the environmental impact of their retail decisions during the COVID-19 pandemic – buying less plastic, recycling more and spending more on eco-friendly products.
Integrating risk management and business strategy
Although COVID-19 has brought about substantial challenges, organisations have also been presented with far greater strategic opportunities.
While boards admitted that changing consumer expectations and technological disruption were two significant risks, they also placed them in the top two positions for strategic opportunities.
Though uncertainty has made it harder for organisations to plan, it has created opportunities to improve internal processes and create new customer experiences, primarily through technology.
English firms have invested heavily in technology in recent years to keep up with the pace of digital transformation. However, this has also increased the need for effective risk management strategies as increased online activity has made companies more vulnerable to fraud, cybersecurity breaches and other potential disruptors.
Risk teams must understand the risks of implementing new technologies to mitigate any threats and overcome potential compatibility issues with legacy systems.
However, board members believe that risk teams are overly focused on downside mitigation, with 80% of those surveyed claiming that risk management and compliance teams need to adopt a more suitable approach that strikes a balance between reducing risks and driving growth.
Meanwhile, 55% of board directors felt that their risk teams struggled to maintain pace with changes to business strategies.
EY Global’s survey identified a clear distinction between perceptions on the most significant threats. Chief Risk Officers (CROs) ranked technology disruption as the least beneficial strategic opportunity, while board members designated it most important.
CEOs who were surveyed also believed that digital disruption and changes in technology were having the most significant impact on their business operations.
According to EY, just 39% of organisations believe they are adept at managing atypical and emerging risks, including threats relating to new technology and climate change.
Firms are also more confident about handling internal risks, with 61% of organisations claiming that they can effectively manage internal risks, compared with just 47% for external threats.
How to improve risk management for business
Improving risk management for business begins with risk prioritisation, which is the ranking of material threats to form a basis for allocating resources.
To successfully mitigate risks, leaders must assess the overall impact on a project using probability and effect, which will differ sector by sector.
For example, the risks associated with climate change will differ for firms within the energy sector and those operating in other industries.
Most board members ranked climate change as the ninth most significant risk to their organisation within the following year. In contrast, boards in the energy sector said it ranked joint first alongside regulatory environment changes.
Cybersecurity and data breaches were ranked as the fifth most significant risk to boards across all sectors of the economy but placed first for organisations within the financial services, telecommunications and technology sectors.
Managing risks and driving performance
Board members should consider working with risk management teams to create a corporate culture inspired by and aligned with the overall strategy to help bolster performance.
Firms must find ways to embed strategic thinking and spread it throughout the company so that those undertaking work to drive business performance understand how they can take advantage of risk.
Enhancing risk management rests on proactivity in the workplace. As the risk landscape grows more complex, board members must ensure that the necessary actions are being taken to mitigate, manage and even predict any potential threats.