Whether a small business or a large enterprise, is everyone focused on delivery, operational risk management and the associated actions required by themselves and others?
There has been a significant progression in developing tools and techniques for managing risk within organisations and accepting that senior management, including board members and trustees, needs to be mindful of the risks associated with organisational objectives.
What is organisational risk management?
The organisational risk management process involves identifying, prioritising, controlling, and mitigating risks.
Organisational risk management is about resilience. It’s not just about preventing harm to a business but also about protecting and growing the brand and reputation to ensure the business is resilient to future changes due to internal and external risks.
What is organisational risk focus?
Organisational risk focus is about seeing the bigger picture and getting everyone in the business on the same page.
Suppose the business is trying to change or implement a new initiative. In that case, everyone in the company must understand what the business is trying to do and why.
Effectively manage top risks
Senior management should be asking about the organisation’s top risks.
If they don’t know the top risks, how can they plan for them and make the correct risk decisions? They can’t. To prepare for the future, they need to know the top risks. This is effective risk management.
Risk monitoring
Regularly monitor the risks to provide risk oversight. This may also include an internal audit as part of the compliance process.
Monitor identified risk using a risk register, matrix, and signature-based risk profile.
Also, internal risks such as missed deadlines or ignored customer requests and external risks like competitors entering the market must be monitored. These combined provide the overall potential risk exposure for the business.
Contingency planning
Contingency planning depends on the occurrence of an uncertain future event. They can significantly impact any organisation, so it’s important to know what contingency plans are available and how prepared the business is for the unexpected. What risks does the business face that require a contingency plan?
Communicate risk appetite and risk tolerance
A business’s risk appetite is the significant risk it will take to achieve its goals. An organisation must articulate its risk appetite and define its risk tolerances.
Continuous risk identification
The business should have a continuous risk analysis process to undertake risk identification reviews, update its risk assessment, and control and mitigation strategies. This will ensure that the business always considers new emerging risks and can proactively avoid, accept, reduce, or transfer an emerging risk.
Understand the fundamental assumptions underlying the risk management strategy
When it comes to the risk management strategy, the business needs to understand the assumptions against the significant key risks underlying the strategy to be aware of any changes in the external factors that could affect those assumptions. In addition, it’s crucial to align the competitive intelligence process with the business strategic risk management process.
Sociability vs solidarity model
Each organisation has a unique cultural approach, a culture that may or may not be helpful in successful risk management. Moreover, individual language styles, values, beliefs, and priorities towards risk contribute to and influence the organisation’s culture.
The sociability vs solidarity model (Goffee and Jones, 1998) considers culture in two dimensions:
- sociability (people focus – based on how well people get on socially)
- solidarity (task focus – based on goal orientation and team performance
The model identifies four distinct organisational cultures, described as:
- Networked (high people focus, low task focus)
- Communal (high people focus, high task focus)
- Mercenary (low people focus, high task focus)
- Fragmented (low people focus, low task focus)
The Institute of Risk Management research indicates that organisations should strengthen their sociability and solidarity ratings to implement risk management effectively. Low scores on either factor create a barrier to effective risk management.
Final Thoughts
There is a lot more to risk management than just protecting the business. The business must protect and grow its brand and reputation and be resilient!
What’s the first thing you should consider when working in a business? Should it be revenue and profit? Probably not.
The first thing should be the organisational risk focus on resilience. This includes understanding key risk indicators, strategic objectives, and business strategy.
Senior managers must balance business risk management and resilience to achieve business objectives. This will help address the threats and opportunities the business faces.
It is a competitive advantage that is usually overlooked by most businesses.
Organisation risk focus sources
Goffee, R. and Jones, G., 1998. The character of a corporation: How your company’s culture can make or break your business. New York: Harper Collins Business
Institute of Risk Management, 2013. Risk Culture: Resources for Practitioners
Institute of Risk Management, 2017. Risk Culture: Resources for Practitioners