Board members weigh in on effective risk management
Every organization’s success is due in part to a sound corporate strategy, and the disciplined planning and execution of that strategy. Strategic opportunities will come with risks that, if well managed, could increase the value of the organization. However, these risks must be carefully considered in light of the organization’s risk tolerance and their potential impact on its competitiveness. There should be absolute clarity on the goals and timelines associated with each strategic initiative, the risks that could prevent the organization from achieving results, and the risks associated with not achieving results.
Directors shared their view that risk and strategy cannot be decoupled — risk should be considered in real time as part of strategy discussions. This is reflected in the trend of no longer having risk committees on the board, and carries important ramifications for directors. Going forward, a base level of risk management vocabulary and sophistication will be a prerequisite for being an effective board member.
During the business planning process, planning and risk reporting cycles should be coordinated so that current information about risk issues is incorporated. These communications do not always have to take the form of an official agenda item — they should be part of an ongoing business dialogue that’s embedded at all levels in the day-to-day culture.
The discussion of strategy and risk at the board level is no longer limited to the specific risks related to a chosen strategy. One director made the observation that the risks that were hardest to predict and assess were often those caused by the interaction of multiple, seemingly unrelated risks. She shared her organization’s approach to identifying such risks — something she termed “future planning.” During strategy development, she and the rest of the board spend time going through various scenarios to explore potential outcomes of different approaches in order to identify strategy “derailers” that could have otherwise gone unnoticed.
Equally important are the risks that the strategy introduces to the organization as a whole, including the interests of an increasingly disparate stakeholder group that may have conflicting strategic interests. Directors are increasingly asking more pointed questions of management: “How much risk are we prepared to take? How much risk are we carrying at the moment? Are these risks within our risk appetite? How will our stakeholders react?”
These are important questions that are now used as filters for decisions on the allocation of capital, for example. As one director put it, if he is approached for new funding but is not given a clear answer to these fundamental questions, his “vote is very simple.”
Ultimately, not every risk can be avoided. Crises will happen, and it’s therefore crucial that your organization has a well-planned, flexible approach to crisis management. There is no way to anticipate all eventualities, particularly those caused by external factors. The board members we spoke with encouraged preparation to minimize an event’s impact, and position your organization to recover quickly. The board and management team can review various unexpected scenarios together in order to develop the principles and protocols necessary to guide an effective response to different situations. Directors recommended that the board agenda include a briefing on emergency preparedness and contingency plans, including crisis management, security policies and procedures, and clearly defined roles and responsibilities, so that you are well prepared in the event of a crisis.