Forbes India 15th Anniversary Special

Why risk needs to be embedded in your strategy

Embedding risk in your strategy

Published: Mar 9, 2018 01:24:27 PM IST
Updated: Mar 12, 2019 12:29:50 PM IST

Why risk needs to be embedded in your strategy
Risk: The missing link in your strategy
Natural disasters, financial crises, frauds, scandals and the sheer amount of competition mean that companies today are more susceptible to risk than ever before. And while a certain amount of it is integral to the functioning and success of a business, this can certainly backfire if there isn’t a sound risk management strategy in place. And as most successful enterprises and executives would attest, decision-making and risk management need to go hand in hand for an organisation to stop merely surviving and start thriving.

It’s no surprise, then, that an increasing number of executives are looking to their Enterprise Risk Management (ERM) function for more than just mitigating and managing risks. The India Risk Management Awards (IRMA) Survey 2017-18, which looked at over 125 Indian risk leaders, found that around 92% firms expect their ERM function to support strategic business decisions. Despite this, PWC’s Risk Maturity Assessment Survey (India) for 2016-17 found that more than 50% stakeholders who responded were not satisfied with their risk management practices. So, how can companies leverage risk to perfect their growth strategy?

The first – and arguably, most important – step towards instituting an effective ERM strategy is outlining the company’s risk appetite, which sets the boundaries for running a business and capitalising on opportunities. Risk appetite spells out what chances the firm is and isn’t willing to take, what it needs to do in order to succeed and what resources are required to take these risks. A risk appetite statement (RAS) ensures that only permitted activities are undertaken and that the scale of these initiatives does not exceed the venture’s capacity.

While the RAS is invaluable to the functioning of an organisation, it can truly only be optimised when it is integrated into the executives’ discussions and decisions to ensure that any growth strategies are in line with the entity’s risk appetite. For example, if the business’ RAS decrees that they will not allow their branding to be used by a third party for any promotional activity, marketing and sales executives can ensure that this is communicated to all key stakeholders when forging a strategic alliance. This, in turn, reduces the risk of the company’s logo being associated with any campaign that doesn’t align with their publicity guidelines and guarantees uniformity in all their communication.

Though there are many more benefits of linking strategy with risk appetite, the current scenario in Corporate India still leaves something to be desired. Only 56% of those who responded to the IRMA Survey had a risk appetite that was defined, approved by the Board and communicated to key stakeholders. Moreover, just 41% of the respondents could boast of Key Risk Indicators being seamlessly linked across the organisation, prioritised and fully integrated with their business.

This integration needs to go beyond the risk appetite and be applied to each aspect of the risk management process.

Today, technology has become an essential enabler in a company’s risk management and mitigation process. And while 89% of the organisations that were studied in the IRMA Survey did deploy technology in some form, only 28% of total respondents had a tool that was integrated with the core systems to manage, report and monitor risks.

A crucial element for successful integration of the ERM policy into its long-term goals and all functions within the enterprise is support and communication from top leadership. Irrespective of how comprehensive it is, a plan of action can never truly become a part of a company’s ethos until it is treated as a priority by its leaders. Not only does clear, concise communication set the tone for risk-taking throughout the company, but it also gives employees an understanding of how much leeway they have on an organisational, unit-wise and individual basis.

This makes it especially important for companies to hire dedicated risk management officials, something that the IRMA survey found was still lacking among industry risk leaders. A whopping 13% of respondents did not have a designated CRO, Risk Officer or other risk governance function, whereas 26% of their risk executives had been a part of the team for less than three years. These numbers are especially alarming when considered alongside the fact that 17% of respondents described the lack of relevant in-house skills as their key challenge in ERM design and implementation.

It is, therefore, imperative for businesses to embrace value-driven ERM, which shifts the focus from a compliance-based, isolated risk process to a forward-looking and actionable approach that is closely linked with their growth strategy. This also entails hiring dedicated risk officials, who can help integrate risk into the rest of the functions in the firm. Value-driven ERM minimises biases, and applies quantifiable metrics to enable better decision-making that, in turn, facilitates growth. Though this realignment is no piece of cake, it offers many rewards for organisations that ingrain this risk culture within their long-term plans.

ICICI Lombard and CNBC-TV18 proudly present the India Risk Management Awards, which seek to catalyse the adoption of value-driven ERM practices like these, among Indian corporates. Through this novel initiative, the two industry leaders hope to promote a culture of risk-aware decision-making, which fosters sustainable economic growth.

For more information about IRMA, please click here .