As the speed of change increases, organisations need to adapt quickly. The age that we are living in will show no mercy for the risk-averse. From cyber risk to terrorism, climate change, and reputation risk, mounting a credible defence against these risks will depend very much on our ability to harness them and improve overall organisational resilience.
Organisations that embrace risk agility will be able to quickly reinvent themselves and establish a company culture that recognises when the enterprise is in danger by either an internal course of action or an external threat.
Based on our research and experience, almost all organisations in South Africa have been hit by a major operational ‘surprise’ in the past two years. The disastrous consequences of the recent rolling blackouts on businesses are all too fresh in our memories, as are the severe water restrictions imposed in the Western Cape.
Yet, we see few organisations that have a ‘complete’ Enterprise Risk Management (ERM) framework in place. Many do not maintain a Risk Register, and formal Risk Management training for executives and business owners is something that is often overlooked.
On the upside, the speed of change presents a myriad of opportunities. By embracing the reality that risk and return are related, and investing in enterprise risk oversight, there is plenty of evidence to support the fact that an organisation’s resilience and agility will strengthen.
Risk management can be a valuable aid to help people in organisations think through ‘what might happen’. Some of the benefits that good risk management can provide include:
- Helping to set a successful strategy and governance
- Helping to foster a good culture
- Helping to achieve good, risk-informed decision-making
- Assisting with new innovation and technological change
- Ensuring there is an appropriate level of organisational resilience
- Helping operations and projects to achieve successful outcomes
WHAT BENEFITS CAN I ACHIEVE FROM A HOLISTIC APPROACH TO RISK MANAGEMENT?
Top performing organisations view risk management as a strategic asset, which can sustain value over the long term. Ideally, risk management and compliance are addressed as strategic priorities by leadership and day-to-day management.
In the ISO 31000:2018 Risk Management Standard, risk oversight is presented as a process that is underpinned by a set of 9 core principles. These principles are supported by a structure or a framework that is appropriate to the organisation and its external environment. This is key in our view.
Your Risk Management framework should be fit for purpose and integrated into how your organisation works. ISO 31000:2018 doesn’t provide details about different organisational processes because you know what yours are. So ISO 31000:2018 gives you the freedom to stitch ‘risk-thinking’ into your core processes in a simple and effective manner.
ISO 31000:2018 recommends that a successful Risk Management initiative should be:
- Proportionate to the level of risk in the organisation
- Aligned with other corporate / business activities
- Embedded into routine activities
- Dynamic by being responsive to changing circumstances
This approach enables a Risk Management program to deliver outputs, such as compliance with applicable governance legal requirements, assurance to stakeholders regarding the management of risk and improved decision-making.
The benefits associated with these outputs, which need to be sustainable and measurable, include more efficient operations and a more effective business strategy.
In summary, you can use the guidance in ISO 31000:2018 to help people in your organisation think through what might happen and work collaboratively to achieve your business goals and objectives in a fast-changing world.
GETTING STARTED WITH ENTERPRISE RISK MANAGEMENT
Megan Cunningham, MD of Risk ZA, shares her insights into the benefits that an ERM System can bring to your organisation.
Could you talk about your perceptions of the benefits that an ERM program can bring to an organisation?
From my perspective, ERM positions an organisation to better manage uncertainties, reduce volatility and add measurable value if integrated correctly. ERM also positions organisations to communicate with internal and external stakeholders on what they are doing to address risk.
ERM promotes risk awareness throughout the organisation. It provides an avenue for risk discussions and assists business owners to know what they are doing to address risk and what is being done to address risk so that the business owner or top management is not left wondering: “Okay, we have this big risk out there, what are we doing about it?”
Risk Management provides that avenue and that structure so that everybody in an organisation is informed about what is being done to assess risk.
Have you any advice for an organisation that is getting started with ERM?
Yes. Enterprise Risk Management is not a race. It’s a journey. It’s also not a check-the-box approach to Risk Management.
For ERM to be sustainable, it’s very important to get buy-in from Top Management and to make sure that it becomes part of the organisational culture.
GETTING STARTED WITH ENTERPRISE RISK MANAGEMENT
Risk ZA has a collective experience of over 30 years in training, consulting and implementing ISO related solutions for organisations of all types and sizes in the Southern African region.
We are leading experts in the field of Enterprise Risk Management and Corporate Sustainability. We are well-positioned to assist your organisation build a solid foundation for growth.
If you want to learn more about adopting the principles of Risk Management, or want to implement ISO 31000:2018 into your organisation, give us a call – we would be happy to walk with you through the process +27 (0) 31 569 5900!
You can also download our FREE Guide on How ISO 31000:2018 Integrates Risk Management Into Your Organisation.