Make Risk Management a Process in Your Organization

Executives make dozens of decisions on a daily basis that significantly affect the organization. How often do leaders address the risks created by those decisions and take steps to minimize their potential negative impact on the business?

Risk is broadly defined as an exposure to possible loss. We all know it’s there and we try to mitigate it, from implementing internal controls to obtaining insurance to compensate the company in the event of a loss. However, risk evaluation sometimes gets shorted in the day-to-day demands, so let’s take another look at the possibilities.

Assume a manufacturer operates in a razor-thin margin environment and has significant earnings objectives. To achieve those objectives, the company embarks on an effort to identify potential new overseas suppliers. The project is led by the vice president of operations who has a compensation plan tied directly to the achievement of specified earnings targets. The strategy and compensation plan may be perfectly sound, but the financial incentives could expose the entity to a number of new risks including: working capital risks arising from the VP’s focus on short-term cost reductions without consideration for supplier payment terms, risk of long-term revenue losses due to deterioration in product quality, risk resulting from violations of the Foreign Corrupt Practices Act, or reputation risk resulting from the supplier’s use of child labor. While this is just a hypothetical example, you don’t have to dig far to find numerous real-world examples of sound strategies that went awry (think credit crisis). In hindsight, they almost always have one common denominator: a failure in risk management.

A sound risk management process should have a number of key attributes. First, the board or others charged with governance should oversee the entity’s risk management process. Next, the process should include the involvement of key company executives who are in the best position to understand the near- and long-term risks arising from execution of the company’s strategy. Leverage a comprehensive risk management framework that includes risk identification, ranking, response formulation, and ongoing monitoring processes.

Additionally, the risk management process needs to be just that: a process. We all operate in constantly changing environments and, as a result, internal or external developments could present new risks to our organizations. An ongoing process is critical to ensuring that new or changing risks are identified and appropriate responses are formulated in a timely manner.

Finally, risk is often viewed in a negative light; however, the most successful organizations are great not because they simply avoid risk—they are successful because they capitalize on risk. By implementing a top-down process, companies can turn risk management into a key competitive advantage, leading to stronger, more sustainable results.

 

Christopher F. Meshginpoosh can be reached at Email or 215.441.4600.