Moving towards strategic risk management is a core board task
Report of the BELRIM & GUBERNA exchange about visionary risk management as an instrument for sustainbale value creation
Our current era is defined by complex disruptions, increasing societal expectations and severe new regulations. It is an era where we really need a value oriented governance to ensure sustainable value creation.
But how can companies cope with the subsequent strategic challenges and what could be the role of risk management to suit this new environment?
Many are now proposing “Resilience “ as the essential condition, but this requires an integrated vision on risk, strategy and leadership throughout all layers of the organisation, starting at its top level…
During a recent BELRIM Exchange at the Air Traffic Control Center Skeyes in Steenokkerzeel , the attendees, amongst which different GUBERNA-members, gathered insights about future-proof risk management that fosters organisational resilience.
Adriana Cavaliere, senior manager Risk at Skeyes had duly prepared this meeting. She gave an instructive and inspiring testimonial from Skeyes itself and subsequently acted as an enthusiast and efficient moderator.
The need for a collaborative approach
Our own Executive Director Sandra Gobert opened the session with an introduction about our common insights about the third wave of Governance and the importance of ESG reporting. She then developed her ideas on the link between sustainable value-oriented governance and risk management. Among the challenges for 2023 she proposed 3 core principles to move towards antifragility:
- Articulate a clear strategic business case
- Come to term with operating under a high degree of uncertainty
- Display proactive leadership
“The risk agenda should become an opportunity agenda. Because the better you identify and manage risks, the more opportunities you can capture.”
She also referred to appropriate statemengts by the Belgian Corporate Governance Commission: “The board of directors should determine the risk appetite of the company in order to achieve the company’s strategic objectives. And the board should approve the framework of internal control and risk management proposed by the executive management and review the implementation of this framework.”
She concluded with suggesting three roles for the modern risk manager
- Be an Implementor by facilitating the establishment of adequate risk management systems for the benefit of the board and contributing to the monitoring of its effectiveness
- Be an Informer by providing the necessary data for decision-making and monitoring
- Be an Educator by enhancing resilience within the organisation and demonstrating that risk management contributes to governance
A strategic perspective on risk oversight
Professor Regine Slagmulder opened in the same line of thoughts with stating that the traditional approach to risk management that focuses solely on compliance and protection against known risks can give organisations a false sense of control. To survive in today's dynamic and unpredictable environment companies should view risk management not as an administrative burden, but as an opportunity to identify and analyse new and emerging trends that could create interesting opportunities for the organisation.
Historically risk management has mainly focused on operational, legal, compliance and financial reporting risks. But nowadays every organisation should be able to routinely prevent and mitigate these risks through internal controls, training and standard operating procedures,
The big hits to shareholder value now come from taking strategic risks. Strategic risks are risks voluntarily accepted by an agile organisation in order to generate superior returns from its strategy.
A proactive approach to strategic risk management can also identify interesting opportunities for those organizations that can respond to them rapidly and flexibly in today's dynamic and unpredictable environment.
Developing the crucial strategic risk management competence involves three key building blocks: Processes, people, and practices. One needs to strike the right balance between the cost of process integration and the available capabilities against the benefits. It is not a one-off effort, and companies should continuously assess and refine their risk management approach to keep pace with the changing business environment.
Companies should integrate risk identification and analysis into their developed strategy and strategic planning process at senior management and board level. The role of risk management should evolve from a merely operational one that focuses on compliance and operational risks to that of a strategic business partner of senior management. The organisation should actively support the strategic risk management approach by organising scenario planning exercises, using data analytics, and developing a high level of risk awareness throughout the entire organisation.
From risk to corporate resilience
Boards must thus find a good balance between monitoring the formal risk governance organisation and procedures (for planned resilience) and nurturing the right risk culture across the organisation (for adaptive resilience).
Finally, Alfonso Natale and Maribel Tejada, both from McKinsey, presented “Corporate Resilience” as an essential condition for corporations to thrive. They illustrated with examples and techniques that “resilient” companies are able to reinvent their business and create more value in times of recovery and growth. The ability to recover quickly is key, but recovery alone is not an adequate goal. Truly resilient organisations bounce back better and even thrive. “Resilient companies leverage crises to transform themselves, act faster and be more agile despite setbacks.” They go from reactive to proactive, from post strategy to pre strategy…
These remarkable quotes may serve as food for thought for board directors
- Companies need to integrate risk & strategy at board level. They must set the desired risk appetite and embed risk in the strategic decision-making processes.
- Risk is intrinsic to doing good business. Strategic risk management can help organisations be both resilient and agile.
- Strategic risk oversight matters – now more than ever! Making a proactive and strategic approach to risk management is crucial for organisations to survive and thrive in today's market.
- Shift from risk to resilience thinking: Resilience goes beyond risk management and is about learning to embrace change in an uncertain environment.