The problem with this traditional approach is that businesses are not run through risks and risk mitigation. Businesses are run through strategic plans, operational priorities, customer relationships, financial objectives, and technology innovation. Outside of perhaps insurance companies, it is rare to see a strategic mission or vision state that the company’s purpose includes managing risk. It is also rare to see a company value related to risk taking or avoidance. It is more rare to see a strategic initiative state an objective of increasing proactive risk management. So, if the business goals, objectives, initiatives don’t specifically focus on risk management, it stands to reason that asking a key business leader to focus on managing risks, might be challenging.
On the other hand, risks and uncertainty are prevalent in every strategic plan, purpose, objective, and initiative. Contractors include contingencies or uncertainty in every project bid. All businesses assume risks related to technology implementation, data quality, talent and performance management, vendor selection, employee training, process consistency, and financial controls. Every forward thinking strategic plan and objective also comes with uncertainty. What if a new competitor enters? What if regulations change? What if a key employee leaves?
So, if risks are prevalent in every corner of a business, why should risk managers not manager risk? The answer is simple. Every business leader should manage risks. Every business leader owns objectives, initiatives, and components of a strategic plan. To achieve every business objective, leaders need to consider risks and issues, and make informed decisions along the way. General budget contingencies because the leader knows that ‘something could happen’ is not the only way to solve those challenges. Informed uncertainty and consistent discipline, is needed at the business leader level to maximize and likely increase the potential for success and profit. Every business leader manages the risks of the business.
Therefore, are risk managers even needed? Absolutely, however the goals and objectives should be more aligned with the organizations strategic plan. Rather than considering a goal around managing the risk; risk managers should consider areas where business leaders need support in understanding the uncertainly of the business and making better, more informed decisions. This leads directly to increase revenue, profit, and overall company health. This includes three fundamental objectives:
- A consistent process for the business owner to identify risks, evaluate them, and assess risk treatment options for all uncertainly included in each strategic objective and business initiative.
- An organizational ability to quantify the risks involved in every objective, create tolerance levels, and understand decision making and authority for business leaders when those tolerance levels should be tested.
- Use risk and uncertainly to drive better decision making into the organization. Business leaders can then understand the uncertainly within their daily and weekly objectives.
Risk can and should drive innovation, creativity, and growth. It is vital that risk managers play a key role to ensure that this happens, but not merely by tracking and controlling risks. The role is broader and more important than that. These objectives allow business leaders to embrace risk, understand uncertainly, and successfully implement strategic plans, initiatives, and strengthen customer relationships.