Risk Management has historically focused more than half its time on legal, compliance and financial reporting. That is starting to change as companies realize that most big hits to shareholder value come from strategic and operating risks (CEB)
According to a CEB research, strategic risks destroy the greatest value while the amount of time spent on this type of risk is at the minimum.
The researchers identify 3 best practices for assessing and managing risk:
Strike the right balance between risk and reward.
“Risk management” is often synonymous with “risk prevention.” But as any portfolio manager knows, lower risk often means lower returns. Today’s risk managers see their role as helping firms determine and clarify their appetite for risk and communicate it across the company to guide decision making. In some cases this means helping line managers reduce their risk aversion.
Focus on decisions, not process.
Many employees associate risk management with compliance-driven busywork, such as annual IT security quizzes. Although cyber security is certainly important, such exercises might not reduce risk. In addition to relying on paperwork or process, risk managers are turning to tools and training that help employees assess risk. They are also helping companies factor a better understanding of risk into their decision making.
Make employees the first line of defense.
Decisions don’t make themselves—people make them, and there isn’t always a chief risk officer present when they do. So smart companies work to improve employees’ ability to incorporate appropriate levels of risk when making choices. This might begin during the hiring process: Some firms now use “risk screens” or other types of assessments to gauge candidates’ appetite for risk. By bringing in people with an aptitude for risk assessment, they reduce the need for training or remediation later. Companies are also trying to identify which types of jobs or departments face a disproportionate share of high-risk decisions so that they can aim their training at the right people. They’re focusing that training less on risk awareness and more on simulations or scenarios that let employees practice decision making in risky situations. Finally, risk managers are becoming more involved in employee exit interviews, because people leaving an organization often identify risks that others aren’t able or willing to discuss.
The goal is to transform risk management from a peripheral function to one with a voice integrated into day-to-day management. “Leading companies view every decision they make as a risk decision [and] choose their risks with great calculation,” according to the CEB white paper outlining the research. “They [use] risk management as a protection shield, not an action stopper.”
Adapted from HBR