Risk management: the time is now
When is it time to align risk management activities to the company strategy?
In every sphere of their operations, organisations face different types of risks. Inevitably, they need to adopt the old Boy Scout motto of “be prepared” in case these risks emerge. The setting of strategic objectives and the actions to achieve them is an endless battle to fulfil the mandate of shareholders and the expectations of stakeholders.
While pursuing these objectives, is risk management aligned to the strategy, before, during and after its formulation? While it is still difficult in some organisations to talk about risk management, it is important to align it with the overall company strategy.
Although it is by no means comprehensive, the following insight provides some tips on how this alignment can be established.
Establish a Risk Management Strategy
Alignment to the company strategy requires a formal approach to risk management. The methodology and tools − that are used when risk is identified, analysed, mitigated, monitored and communicated throughout the organisation − need to be defined in order to establish and implement a formal risk management strategy.
Thus, a risk assessment exercise can bring about potentially disruptive situations. These could be internal or external and could impact on the supply chain, operations, employees, and so on. As the strategy is cascaded to the various functions within the organisation, they will become more aware of risk.
Allocate Resources to Risk Management Activities
I often hear personnel saying: “I have not been trained to perform a risk assessment.” Although it is important to impart the skills and knowledge required to conduct a risk assessment, it is equally vital to ensure that everyone in the organisation adopts a risk-awareness mindset. This will ensure that risks that impact on the company strategy are known to everyone in the organisation.
Involvement of Key Stakeholders
There is no harm in disclosing to your key stakeholders the outcome of the risk analysis on the critical services they provide to your enterprise, and how these potential risks impact on your operational efficiency. That is why the revised ISO 9001:2015 Quality Management Systems standard requires the control of the outsourcing processes.
Further reference is made in clause 8.4 “control of externally provided processes, products and services”. This cannot be done in isolation. It requires stakeholder involvement to be able to look out for the risks and opportunities that might influence the implementation of the company strategy.
Ensure Employees Are Tuned In
Any alignment intervention requires personnel who are tuned in to other key success factors. An effective risk management approach necessitates the assessment of the environment in which productivity takes place.
Just as in our normal lives where we are concerned about the neighbours, similar principles apply in the workplace. There is a need for continuous assessment of the well-being of the employees to identify the potential risks they encounter, so that interventions can be recommended, or implemented. After all, the main focus of a performance appraisal is on what has been achieved, and rarely on what hampered the achievement of departmental or company objectives!
We cannot underestimate the work undertaken by risk management teams to ensure their organisations anticipate potential risks and opportunities. However, the added value will be realised only when risk management activities are aligned to the company’s strategic objectives.
A great source for analysis by all risk management colleagues is the 12th Edition of The Global Risks Report 2017, published by the World Economic Forum.
Hope Mugagga Kiwekete is a managing consultant at the Centre for Enterprise Sustainability. He has practiced as a management systems consultant, trainer and auditor in different multicultural environments, which entailed environmental, occupational health and safety and quality management in various industry sectors in east and southern Africa and Asia. He is a Certified ISO 9001 Lead Auditor with the Southern African Auditors Training Certification Authority (SAATCA) and a member of the SABS Technical Committees for Quality Assurance, Environmental Management and Occupational Health and Safety Management Systems.