Written by Chizubel Egwudo
Every now and then we hear of history repeating itself when companies fail to deliver on their strategies, completely fail, incur monumental loses or don’t deliver benefits on major initiatives undertaken. Surprisingly, a lot of these are major or medium enterprises who employ some of the ‘brightest brains’ in the industries they operate within; supposedly. When this happens, we hardly hear them mention that it was due to the lack of effective risk management. They blame the economy, market trends, technology, processes, people etc. but fail to recognize that these things they have mentioned are the risks which they have not managed.
How are organizations going to succeed when ‘risk’ or ‘Risk Management’ is mostly not considered being a ‘top list item‘ on the agenda of board meetings or Senior Leadership governance forums?
The time allotted to risk at key forums indicates the level of value placed on it, sadly in most cases less time or it is pushed to the end of the line almost as an ‘AOB’ (Any Other Business) item. This culture which has existed for decades is one of the reasons why history in business will continue to repeat itself, leading to some of the consequences mentioned in the first paragraph of this article.
Based on research carried out by Dedrach by sampling ten of its previous clients from a range of sectors, it was found that only two took great care to align risk management to its corporate objectives and regularly campaigned on the importance of good risk management with senior executives taking the lead.
Three of these companies had some semblance of risk management alignment with corporate objectives but it was mainly a case of identifying and knowing what the top risks to the business were with less focus on risk management while the other five largely let risk be driven by the Risk Managers or the risk team.
Other findings showed that major initiatives have commenced well down the line and objectives not clearly defined or mapped out and people just worked without knowing what they are delivering to. Obviously clear in this case that whatever risk management is being done is pointless. 🤔
Very briefly, here is a summary of our findings:
1. Limited understanding of the subject matter, risk management. Most executives lacked sufficient risk management knowledge required to operate at board level, making it a challenge to align risk management to strategy. This limited understanding of risk or its management also means that the focus of most executives has been on implementing its corporate goals with less consideration as to how risk management will enable them achieve these goals. This often leads to re-planning, renegotiation, ‘re-understanding‘ of strategic requirements, just to mention a few ‘start and stops,’ which costs time and money to the business when things don’t go as expected. The media reports have been a testimony of some of these failures as have been seen in the banking sectors, high street retailers, automobile and also within government.
2. Misalignment or non-alignment of Corporate Objectives to risk. On every occasion when I take up an assignment, I ask to review the corporate strategy of the business. In the worst case scenario, I find them not to have been well mapped out, documented and not communicated or aligned to risk. In the best case scenario, they have been documented but not aligned with risk management or the strategic risks of the business. In both cases, this demonstrates the level of weakness on the path to the achievement of business goals; whether it is revenue growth, new markets, increasing market share or fraud reduction.
3. Spend to resolve. This is a major issue I find in the banking sector where money is used to try to solve problems instead of developing or following effective control measures established in a well-developed risk framework.This is like taking pain relieving pills for a headache to suppress the pain instead of identifying what the root cause is and address the root cause which solves the problem of the headaches. The problem with this is that the headache or in this case, the risks which have always been there but not managed resurfaces again and often comes back twice or ten times worse which can often be ‘debilitating’ to most businesses.
Part 2 of this article will be in the next edition.