For a long time, sales, finance, marketing and operations have been highly respected disciplines in organisations worldwide. But risk management lacks the same respect in many boardrooms and much of the problem is in the way it is presented.
According to Amanda Mellor, Group Secretary and Head of Corporate Governance at Marks & Spencer, risk management is still perceived as “compliance” and “divorced from business”. Speaking at Airmic’s ERM Forum last month she warned: “boards acknowledge that risk is very important, but risk conversations are not always having the value they should”.
Ms Mellor is not alone in her views. A recent report from the Financial Reporting Council sent a similar message. Investors agreed unanimously that understanding of risk is important in making investment decisions. Sadly companies don’t always manage to report on risk in a way that is succinct and of use to their audiences.
If directors and investors in FTSE 350 businesses struggle to engage with risk management, what hope is there for SMEs?
Relevant and proportionate
According to the PwC report ‘Accountability in changing times’, only 41% of FTSE 350 companies link principal risks to strategic objectives. Until we change that approach, many will continue to look at risk management as nothing more than a bureaucratic process.
Rather than asking “What risks does your business face?” we should be saying “What is this business trying to achieve? And what is critical to reaching those goals?”
Unfortunately, the words ‘risk management’ all too often conjure up images of risk assessments and overzealous health and safety officials. We have to overcome some very negative perceptions and misunderstandings about what risk management entails and educate our audiences about the positive outcomes of well managed risk.
We should help businesses to put in place risk management that is proportionate and appropriate to their unique circumstances. It must be supportive of their objectives – rather than acting as a barrier to business.
The way we communicate risk management is important, but the solutions we use to support it have an equally significant role to play. As in so many areas, technology can be a great enabler. The availability of ‘big data’ – vast quantities of information characterized by volume, velocity, and variety – can help us make risk predictions. Knowing what risks different organisations are likely to face allows us to be relevant and informed in our discussions and solutions.
Technology also allows boards and investors the ability to review risk in real-time rather than having to wait for reports to be manually generated. And importantly, it gives us the ability to automate many of the time-consuming but essential tasks that are perceived as ‘needless bureaucracy’.
Rather than waiting for a crisis or near miss to increase the corporate appetite for risk management, we need to evangelise the business benefits and peace of mind that accrues from risk management.
“Risk management is a responsibility not a feature”
We need to make risk management accessible, relevant and achievable. The outcomes will surely be worth our efforts, with greater understanding and appreciation at board level and beyond. And let’s not forget the improved business success as a result.