To prepare for the new global risk landscape in 2012 and beyond, companies should reconsider their attitudes and approaches to risk. Dean Simone, PwC’s US Risk Assurance leader, suggests that senior executives ask the following questions to find out whether their company is ready for the road ahead:
1.) Is your board thinking beyond traditional risk frameworks and focusing on the right strategic risks?
Many boards still concentrate on “known” risks, such as those identified and monitored in ERM systems. But research has shown that in the past, companies have been most badly damaged or destroyed by “unknown” risks. These can be black swan events that hit without warning, or emerging risks with far-reaching implications that grow more serious over time. According to Dean Simone, “one of the best ways to protect against unknown risks is to think about vulnerabilities rather than trying to predict risk events. Ask yourself, what are the assumptions behind our strategy and business model, and what happens if those assumptions are blown off course by a major disturbance?”
2.) Have you encouraged a risk-aware culture?
In today’s fluid environment, rigid risk cultures that focus on compliance, and simply identifying, assessing, and prioritising risks, are becoming anachronistic. Risk aware cultures understand that risk is not just to be avoided, but often needs to be accepted and made a pivotal part of an organisation’s business strategy. Just as important, a riskaware culture does not see risk management as a single job for one department; rather, it is a shared responsibility across the organisation. “The old paradigm was to control risks through rigid rules regardless of business circumstances” says Mr. Simone, “but risk-aware cultures are more flexible. They put in guard rails and ensure people operate within these bounds.” He recommends that senior executives alter management rewards and incentives to reinforce this new way of thinking and create risk appetite statements that widely communicate the risks the company is willing to bear. With this new culture comes a new breed of risk manager: one who is strategic, collaborative, and able to think laterally.
3.) Is risk management integrated across departments and functions?
Having a risk framework set by the board will help to break down barriers not just between departments, but also between different forms of operational, financial, and strategic risks. A holistic approach to risk management will ensure that the full corporate team—including HR, IT, and other new guests at the table— has a hand in framing the risk agenda. It will also help align risk with business strategy, and support the successful execution of that strategy. Mr. Simone explains: “The problem with many ERM-based risk systems is that they tend to examine single risks. In today’s interconnected world, companies need broader systems that can look at all potential aspects of risks—not just in one silo but the connections in the second and third order. In short, the implications of the risk across the entire enterprise and the systems it operates in.”
To read the full story, make sure you subscribe now! Go tohttp://www.australiansecuritymagazine.com.au/subscribe/ and purchase either a 1 year or 3 year subscription today!