At virtually every stage, most companies need to examine their vulnerability to corporate risk and their management of it. Having a robust risk management program protects the corporate wealth by helping the company’s managers to be well aware of their responsibilities to mitigate threat and to seize opportunities. The inherent management challenges require specialists either on their executive teams or acquiring outside expertise. Often adding senior full-time resources with in-depth expertise, while essential, it is not an ongoing overhead that makes economic sense. However, what is more effective, considering the additional overhead and uncertainty of length of time required, is engaging the services of a risk management professional.
Organizations need a consistent and proven approach when they conduct their risk management process. Once the company’s key risk areas are identified, then a comprehensive and detailed risk treatment approach is necessary to ensure critical risk areas are appropriately addressed. Some examples are policy making, priority setting, resource allocation, decision making, as well as how they are developed, measured, and the all-important reporting regimen.
Don’t Forget About the Opportunity
Typically, most risk management processes will always contain the standard and required structures. However, an area that is often overlooked is the opportunity part of the risk management continuum. While risk assessment and mitigation may be the starting point, organizations can gain competitive advantage by taking the time to include a thorough assessment of the opportunities which can then be incorporated into the business vision and planning.
Using these experts in a timely manner allows enterprises to address their corporate risk management requirement and understand the potential opportunities, thereby ensuring stability and corporate success.
Examples of Effective Risk Management Strategy
Reducing Cost of Risk to a Municipality
A municipal government conducted a review of its procurement practices, especially liability, indemnification, and insurance requirements, in its contracts with diversified goods and services providers, including public-private-partnership contracts. The municipality’s legal, insurance and procurement departments had no consistency in dealing with the municipality’s requirements. The municipality’s senior management was briefed on the importance of adopting an integrated, efficient and cost effective risk management process to identify and assess key risks arising from entering into contracts, and subsequently implementing a new seamless, integrated strategy to deal with the liability, indemnification, and insurance in their contractual requirements. A common criteria/justification was developed to justify significant deviations from industry practices. This resulted in reducing the cost of risk to the municipality and a marked improvement in its contracting relationship with its stakeholders.
Support for Smaller Organizations
Often smaller organizations have few technical resources. The focus is primarily on keeping existing systems and supports working but often lacks substantial planning for future business requirements. Many times, the environments contain disparate systems resulting in their inability to address the changing business systems needs. They often overlook key potential threats and opportunities and rely on insurers, contractors and suppliers to manage these risks. Emerging risks or black swan events are not on their radar, as evidenced by the COVID-19 and oil crises. Gaining access to key senior resources becomes critical and often the challenge is balancing budget with expertise required over a short span. Many may not require a CIO or a Chief Risk Officer but can benefit from having that level of expertise to assist in the strategic planning process. Often this role can be highly effective and efficient on a fractional/part-time basis. Effective and timely use of senior level resources give these smaller enterprises the ability to be competitive. These resources also include specialists such as ERP, infrastructure, risk management and compliance, operational, technical and functional.