After more than three months away from business and dealing with a significant personal loss, I regained my focus and got caught up on my reading. In doing so, I came across a credible survey and study on the state of risk management and its oversight. As I read through the content, I found that I could not be more perplexed about any statement as much as this one . .
“Many organizations are concluding that their approaches to business continuity planning and crisis management are not at the level of preparedness desired, with almost three-fourths (75%) indicating significant changes in those processes will occur.” [1]
[1] 2023 The State of Risk Oversight: An Overview of Enterprise Risk Practices – 14th Edition
The above statement is disturbing on several fronts. I say this from my perspective as a risk practitioner of 30+ years who has seen the cost of crisis management far exceed the cost of risk management. And also seeing organizations struggle to integrate risk without much success.
Business continuity planning is just good practice because events that temporarily interrupt business will continue to happen. Some such events, of course, are due to circumstances beyond anyone’s control. I’ll leave that one alone, but crisis management is different.
An extensive study and report prepared by McKinsey – The State of Organizations 2023 – states there are two main reasons for this.
The first is that management is ‘unmotivated’ to prepare for crises; secondly, they are ‘unable to change course’ and respond quickly. This notion warrants some thinking time!
Costs to manage any crisis will far exceed the cost of risk management. Even the best of preparations for crisis management have proven over time that costs in the following areas will quickly run out of control:
- Financial Costs: may include expenses related to legal fees, public relations campaigns, operational disruptions, and potential fines or penalties.
- Reputation Costs: damage to an organization’s reputation can have long-lasting effects and result in loss of trust and customer loyalty.
- Human Costs: can involve the health and well-being of employees, customers, or other stakeholders in crisis situations.
- Regulatory Costs: violating regulations during a crisis can result in additional costs and legal consequences.
- Opportunity Costs: resources directed to crisis management could have been invested elsewhere.
Preparing for a ‘crisis’ is the easy and costly way out of having to manage the conditions and indicators that could prevent the extent of the crisis in the first place. Please read that again.
In my view, the main reason for not prioritizing risk management is rooted in not having a good enough ‘WHY’.
The belief persists that risk management is about insurance, health and safety, patient safety, avoiding hazards and preserving value (usually through costly insurance).
That is old-fashioned thinking. Very old-fashioned. And I say bunk to that thinking.
When an organization integrates a risk management process across its many functions, it creates new value and reduces costs. Integrating risk management is the way to raise the bar on performance, profits, growth and clarity of direction. Is that not a good enough WHY? I think it is.
Yet, herein lies the rub –
- Knowing why to manage risk > > to raise the bar on overall performance and create value.
- Knowing what to do > > Integrate risk management practices across functions and capabilities.
- Knowing how to integrate the management of risk > > Nothing – Bupkis – Nada – Blank – What? No response.
So, in the end, we end up with risk registers and reports that are more a collection of problems and uncertainties that are seldom (if ever) clearly identified by their indicators, well assessed, or analyzed, never mind matched against the capabilities to make a swift change to mitigate the risk.
Managers would be better prepared to deal with the impact of an unexpected event if they spent resources on identifying and assessing internal and external risks rather than preparing for a disaster. That is done by looking forward, not backwards or relying on some audited reports.
Planning to manage disasters better never turns out as in the scenarios.
Too many executives and managers have a tendency to treat risk management as an inconvenience. The threat of a disruptive (and maybe even catastrophic) event is too far down the list to worry about until it happens.
They are concerned about share prices, revenues, talent development and retention, and becoming more efficient. Granted, these are all priorities.
Is it worth the effort to closely examine how integrating risk management into these priorities changes the outcomes? I think, YES.
My objective today, and for many years of teaching, coaching and advising companies, is to motivate a shift in the mindset around risk.
How about investing in your people on the premise that they are good enough to learn to manage the conditions they must, as a way out of possible trouble, should anything go wrong?
I train and coach your people to do just that. I advocate for your higher awareness, readiness, and responsiveness to risks at different levels of decision-making.
A recent example that caught my attention is the case of Ticketmaster selling tickets to the Taylor Swift Eras global tour, the first in five years. Swift has been declared ‘an economy’ in her own right – this was a key indicator that demand would skyrocket. And it did!
Ticketmaster was aware of Taylor’s status as a high-value attraction. Were they ready for an overwhelming demand – No. Were they able to respond to demand – No. A social disaster struck that could have been avoided.
Risk Management is a function and a capability that can be standardized. It is transferable to numerous objectives, industries, and geographies, even some that have not yet been considered.
Organizations continue to be challenged by the need to integrate a risk management process into their key business activities. Stakeholders and regulators are demanding it!
You can change all that with an approach that has been used and updated for the past 18 years and continues to demonstrate how value is created by effectively managing the conditions that change your risks and exposures.
At Uvidi we can show you how to do that.
You can access a tailored training & coaching program to meet your business needs, just as more than 800 organizations on 3 continents have already done.
Learn how you can start to integrate risk management into your processes.
It will improve your outcomes – contact Uvidi for a complimentary consultation.