The global economy experienced a period of stability and growth following the 2008 financial crisis, aided by low interest rates and technological advancements. However, the past two years have brought significant changes, with volatile commodity prices, supply chain disruptions, and escalating cyber and data risks posing new and unexpected challenges to organizations.
Whack-a-mole and tick-boxing — the traditional twofold approach to risk management
Traditional approaches to risk management are insufficient in dealing with these complex and evolving risks. This traditional approach often involves addressing one risk at a time, akin to playing "whack-a-mole," where actions are reactive and taken after damage has occurred. While this approach may be effective for individual risks, it falls short in handling overarching or transversal risks that span the entire organization. Companies instead need to adopt a state-of-the-art risk management approach that involves clearly assigning ownership for risks, investing in risk transparency, and implementing effective strategies for comprehensive risks.
The need for a stronger, holistic approach to risks
Risks in today’s world are emerging more quickly, interconnected, and likely to compound each other, especially amidst inflation, climate change, and geopolitical tensions. To strengthen their risk management, organizations must adopt a holistic approach that is forward-looking, cross-silo and systemic, and based on factual and experiential understanding of risks. However, several gaps currently limit the efficiency of aggregated risk management, including a lack of dedicated risk representation at the board level, limited quantification of risks, and inadequate utilization of advanced risk management tools and concepts.
Improving the process and creating accountability
To help address these gaps, corporations should designate a Chief Risk Officer (CRO) who takes responsibility for the overall risk profile of the organization and acts as a key liaison with the board. Quantifying risks is essential, as qualitative descriptions or simplistic classifications hinder informed decision-making and resource allocation.
Improving risk management requires analyzing aggregate risk profiles, strengthening governance through senior risk ownership, implementing quantification methods linked to financial impacts, and utilizing appropriate risk management tools. However, a risk-aware culture is equally crucial, with management, boards, and owners promoting risk management as a mindset embedded in daily decision-making.
It is important to recognize that risk perception and ethical standards vary across regions, necessitating a diverse and inclusive approach. While risk management cannot eliminate negative outcomes entirely, enhancing transparency and preparedness can increase the likelihood of positive outcomes in the face of adversity.