young man amongst saplings
PHOTO: navneet mahajan

We all encounter risk each day — sometimes more than we realize. In our personal lives, we might consider the risks associated with purchasing a new home, such as the affordability of the mortgage payments and the cost of home insurance. This requires thinking through the potential impacts on other areas of one’s budget and life.

In the business world, organizations face daily risks as well. According to a recent study, 62% of organizations have experienced a critical risk event in the last three years.

The term “risk” usually has a negative connotation. Indeed, at most companies, risk management means avoiding risk altogether or reducing it as much as possible. Unfortunately, this approach can mean many opportunities are left on the table. Instead of fearing risk, companies should instead be viewing it as fuel for growth. When quantifying and mitigating risk, companies are able to take on additional strategic risk and boost their innovation. Here is how organizations can make that shift.

Create a Strong Enterprise Risk Management Program

Prior to taking on more strategic risk, organizations should put a risk management program in place. To implement this, consider the following tactics:

  • Gain buy-in from executives and the board: A successful enterprise risk management program demands that each employee align with the initiative and understand its impact on the organization. For the board and upper management, the program must be aligned in terms that members understand.
  • Determine risk owners: Siloing activities in various business units creates one of the largest barriers to creating a holistic enterprise risk management program. This mistake causes delays and disruptions when employees try to alert the individual needed to mitigate the risk. Determining the risk owners and focusing on cross-functionality prevents this problem.
  • Create a risk culture: Never limit information-sharing to just top tier executives. Instead, offer the necessary tools and education to every employee and provide them with confidence to effectively analyze and mitigate risk as it arises.
  • Don’t let your risk management get stale: Simply because an organization has established a firm foundation for its enterprise risk management program doesn't mean the job is complete. Consistent risk monitoring is required. This not only allows companies to understand what risks require mediation, it also provides new areas of opportunity.

Related Article: What Risk Managers Need to Communicate to the Board

Understand Your Current Risk Profile

Creating the foundation for an enterprise risk management program sets your organization up for success. To begin this process, evaluate the current risk profiles throughout each unit of business. There is no one-size-fits-all process for uncovering strategic risk. The data required to uncover the risk opportunities vary by organization, industry and risk appetite. The more an organization understands its current risk profile, the more confident it can be when taking on more strategic risk.

For example, a company’s executives may consider acquiring another company. How can they know if they are capable of accomplishing this goal without understanding their up-to-date risk profile? Without this data, it can be difficult to justify taking on additional risk. Based on this reason, it is crucial to have one sole source of truth which gathers and maps all risk factors back to business units. By storing all information in one location, organizations can better understand how to best mitigate risk in each unit and increase strategic risk capacity.

Related Article: How Do You Make Decisions?

Consider Using Automation for Support

Adopting strategic risk requires a great deal of information-sharing and analysis throughout a business. These tasks are often mundane and repetitive. For example, every quarter risk managers must create a report that demonstrates compliance within the business to key executives, a time-consuming and tedious undertaking. Many organizations continue to rely on manual processes for tasks like these wasting the time and energy of bright employees.

To avoid this issue, consider using technology like robotic process automation (RPA). RPA applies if-then logic within various scenarios automatically, providing the information the organization needs in a more timely manner. Many risk and compliance functions sync well with RPA due to the formality of the process in place, and the clear path to automation. By automating these processes, organizations experience great efficiency gains and the opportunity to adopt more strategic risk.

In the end, risk does not have to be scary or negative. By having the best people and systems in place, companies can take on more strategic risk. In doing so, companies can scale faster, experience improvements across business units, and ultimately, increase the bottom line.