Most organizations, if not all, have some level of operational risk management. For example, some organizations are focused on operational risk related to safety or contract oversight of vendors.
But a common view of operational risk management is slightly broader by examining risks associated with the actual daily operations of the organization. Examples include understanding the processes within each department, the vulnerabilities of those processes, the customer interactions, and technology usage.
On the other side of the spectrum, more and more companies are starting to think about strategic risk management according to a survey from NC State University. Risk managers coordinate with the strategy and planning departments to identify risks associated with the strategic plan and its execution.
So how can the two functions come together and be valuable to each other?
Taking Operational Risk Management to the Next Level
Regardless of your organization’s version of operational risk management, there are opportunities to mature those processes. Consolidating information currently being collected to get a true enterprise-wide view of risks is the most likely maturity step.
That being said, consolidating the data means it was collected or documented using the same standards and criteria. Otherwise, the risk assessment information isn’t comparable. If this is the case for your organization, start working with the various departments to update the risk assessment using the same rating criteria.
Now that you have the organizational risk information together, you should use the organization’s Risk Tolerance to determine what risks are within the tolerance threshold. Set those aside and focus on those risks exceeding the Risk Tolerance. Conduct some analysis by asking these questions:
- How many risks exceed the Risk Tolerance?
- Are those risks concentrated in a specific business unit or type of risk (like financial or technology)?
- Is the list of ongoing mitigation activities and assessment current?
Risks that exceed the Risk Tolerance and can be reduced further will require resources (money, people, and/or time), sometimes at a level that a business unit cannot easily absorb losses without impacting other activities. Working with the responsible business units to prioritize those identified risks for action brings clarity to the exercise.
Just remember to keep it simple….
Once you have completed this analysis and prioritization, you now have an input into your organization’s annual plan…seriously.
Applying strategic risk management insights into the operations
Your organization has strategic risk management. That’s great! Because that means you have overcome the challenges I talk about in my 3-part video series on Linking ERM to Strategy.
But are you wondering how those insights into the strategic plan can be shared across your organization and used as part of operational risk management?
Business units can create their individual business plans for how their unit will execute the strategic plan. Incorporate the insights from the strategic risk management activities by ensuring that the identified risks are being addressed as part of the business plans, and verifying that the business plans will not make the risks worse.
The second way that strategic risk management delves into operational risk management is that business units will likely have activities to reduce some of the identified strategic risks. Those activities will hopefully become a part of their regular operations and processes.
Are you ready for the challenge?
Taking these steps will really take your risk management activities – both operational and strategic – to the next level, as you connect the two processes and demonstrate to your leadership how valuable the information really is. As you connect these processes and provide the true organizational wide view into risks and what is being done about them, you are creating an enterprise risk management process.
Are you ready to take your organization’s risk management to the next level? What is your game plan?
Please comment below or join the conversation on LinkedIn.
If you are struggling to take those next steps or just need more risk management resources, contact me to discuss how I can help.
Sign Up For Our Newsletter
Sign Up For Our Newsletter
Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.
Most Recent Posts
Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…Read More
As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…Read More
Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…Read More
Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…Read More
On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…Read More
Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…Read More
Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…Read More
One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…Read More
It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…Read More
If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…Read More