The more a business manages and leverages risks, the healthier it actually is. In a white paper about leadership based upon findings from global research of 1,196 participants, EY’s Paul van Kessel, Matt Polak, and Michael O’Leary report the data they have discovered surrounding risk, and lay out a plan to better address it on a comprehensive scale.
How to Label Risk
To begin with, risks can be sorted into a variety of categories. By categorizing them, an organization can uncover what risks are proving to be the greatest threat to their livelihood and where to direct their attention, energy, and resources. Risk management can be utilized one of three ways depending upon the type of risk: strategic, preventable, or external. A risk that offers positive benefits should be approached strategically, while a negative risk should be approached externally because they probably have a lack of control. Preventable risks should be approached with caution and avoided if can be. According to the survey, organizations are looking for a more coordinated and innovative approach to properly manage risks. After all, 85 percent of survey respondents believe that the link between risk and business performance can be improved.
How to Control Risk
Risks are endless, but there is a stepped approach to risk management. Step one is advanced strategic thinking, analyzing risk in comparison to business decisions. Thinking strategically can be conducive to implementing an appropriate plan to manage the risk. Step two is to optimize functions and processes, concentrating on how organizations are effectively aligning functions by allocating talent. The final step is to embed solutions, integrating sustainable solutions to prevent or limit future risk.
An organization that demonstrates advanced strategic thinking engages in two behaviors. The first is identifying and assessing the risks. An organization should continuously be evaluating their strategies and how much exposure they have with risk. The second behavior is to design a risk response plan. Dependent upon the type of risk and how much risk the business is seeking to take on, a plan can be designed in an efficient and cost-effective manner. After all, there is no reward without risk.
Here are a few more stats to munch on:
- 63% of respondents have defined [key performance indicators]or [key risk indicators], but not both
- 46% of respondents do not yet utilize a GRC technology
- 21% of respondents indicated risk activities are well-coordinated today; whereas 67% indicated they expect risk activities to be well-coordinated within three years
You can view the full white paper here: http://www.ey.com/Publication/vwLUAssets/EY-theres-no-reward-without-risk-grc-survey-2015/$FILE/EY-theres-no-reward-without-risk-grc-survey-2015.pdf