Risk Management Must Evolve

SC_B 201366 D200820 August Cover

“The revolutionary idea that defines the boundary between modern times and the past is the mastery of risk: the notion that the future is more than a whim of the gods and that men and women are not passive before nature.” — Peter L. Bernstein, “Against the Gods: The Remarkable Story of Risk”

“Predicting rain doesn’t count, building an ark does.” Warren Buffett’s “The Noah Rule”

Risk management both personally and professional has been around for ages. It’s engrained in our personal routine each time we check the weather as we mitigate the potential of adverse conditions disrupting our plans for the day.

Effective risk management gives us a sense of control over our environment. But as Warren Buffett points out in his “Noah Rule,” simply identifying the risk doesn’t count. You must act for the preparation to be meaningful. Knowing there is a high potential for rain is only useful if you take action to mitigate its impact on your outdoor activities. When our risk management is not effective, however, we may feel as though our future is still determined by the whim of the gods.

The COVID and Social Unrest Spotlight

COVID has been different than anything we’ve ever experienced, and hopefully something we won’t experience again in our lifetime. The risks have been amplified, multiple crisis scenarios have occurred at the same time and the process of recovery will be longer than any other risk event. This — combined with social unrest in the U.S. and other parts of the world — has moved corporate risk to center stage, shined a bright light on it and exposed the existence of gaps.

Over the years many have poured time and money into risk management. Gartner research shows this investment has delivered progress in some areas, namely: identifying, assessing, monitoring and reporting on risks. Also, in increased frameworks, policies and the development of risk committees. The issue is that significant gaps remained. These gaps included the inability to incorporate risk into the strategy, operationalize and embed risk in business processes, and ensure ownership and accountability to act when the risk occurred. In other words, most resources were spent trying to predict the rain, but the ark wasn’t built.


Overly Precise

The possible danger going forward is that we invest in areas that are already developed, identifying and reporting on specific risks, and not the areas in need. In one example, prior to the pandemic, a company maintained a documented risk universe of well over 100 identified risks including external, strategic, operational, people, financial and legal/compliance risks. Senior executives were asked as part of an annual exercise to pick the five they thought were most relevant to their business and that’s where the focus was placed. Is success even possible if we are expected to be that precise in our prediction and planning?

Developing a Risk Culture

It seems there are increasingly fewer clear “right” or “wrong” answers. Should we further diversify our supplier base? It depends. Should we take a public position on social issues? Maybe. How do we prepare for the future without over investing? The risks are getting bigger and more complicated. Developing strict event-specific “if this happens, do this” policies does not seem practical.

Gartner’s Enterprise Risk Management practice recommends developing a strong risk culture to prevent an excessive reliance on formal risk management systems and processes. This includes developing risk awareness so that risk management is included in daily work and decision making, ensuring employees have the information and capabilities needed to manage risks as they occur, and focusing on whether leadership and employees apply risk awareness and knowledge in their behaviors.

Risk has everyone’s attention now. The challenge ahead is to invest in the right areas while being conscious of the propensity to over invest in times like this.

Michael Uskert,
Chief of Research,
Gartner Supply Chain
[email protected]

Avatar

Author Michael Uskert

More posts by Michael Uskert