Risk management framework has gained more and more importance specially with recent changes in international standards, regulations and institutions talking about it and intending to make it part of the day-to-day operations. However, many companies still face challenge with practical implementation and see the real benefit of it.
Recently I got an opportunity to talk about Risk Management and how it can be implemented in organizations. AMA. is one of the highly reputed institutions in Western India. The dean of the institution invited me to talk on Enterprise-wide Risk Management, one of the topics I am always passionate about to talk.
The topic is so versatile, it’s meaning and the implementation process is so different depending on the nature of businesses/ operations or the nature of activity/ process. I had a mix of crowd from top executives to mid-level managers from accounting firms, pharma, telecom, oil and gas, etc. We had wonderful discussion and it was an experience for me to learn some things and understand what type of requirements businesses have in a so fast-growing market with the risks faced by organizations.
The approach towards implementation process has been laid out very clearly in many standards and much more guidance is available now, compared to may be a decade ago. However, I think we all face many challenges with its implementation process and one of the challenges is to have practical and day to day use of Risk management process, after it gets implemented. I have come across many organizations where ERM gets implemented (as it is required by law or regulation or the Board/ parent company wants it to get implemented), however it then stays quietly in a folder or shelf and not made part of the day-to-day operations and business. Companies have not made it as part of their weekly/ monthly meetings agenda (as they have many other pressing issues to deal with).
In the workshop, I asked two questions to the participants. Q1: “Think of how many surprises you had in your organizations in last 2-3 years?” Q2: “Do you think some of these were preventable?”
Surprisingly, all the participants who shared surprises (they had in their respective organizations) said “Yes” that most of these were preventable, had we done better planning or if there was an effective risk management process in place.
So, it is clearly evident that there is a need for an effective ERM process and the top executives see the practical and real benefit from its use, which in turn helps them manage their operations more effectively.
So, my next questions are, “what is lacking and why many of us still have challenges with its implementation, even though it is so much talked about and needed process?” It is important to note here that many companies have successfully implemented it and made it part of day-to-day operations.
My answer to above is that there is a need for the right skill set and the commitment/ focus required from top management executives to implement the Risk Management process. Organizations may see the benefit by having less and a smaller number of surprises over the years (as the ERM process gets stronger and stronger and becomes part of the DNA), which ultimately helps organization with more efficiencies. However, this is possible only with the commitment, focus and the availability of the required skill set to make the process LIVE and part of day-to-day operations.
Banking industry implemented risk management process for decades. Many other organizations have implemented it as their day-to-day business and also as part of strategic planning. Further the compliance with standards (such as ISO) or regulatory bodies, etc. have made it mandatory to be implemented. By formally organizing risk management responsibilities and activities an organization is much better positioned to achieve its objectives. To achieve its business objectives, management will want to ensure that sound risk management processes are in place and functioning. Board and audit committees have an oversight role to determine that appropriate risk management processes are in place and that these processes are adequate and effective. Converting risk into an opportunity to the level of risk the organization can tolerate is probably the way to success.