How Addressing Minor Risks Through Process Optimization Creates Opportunities

I’ve said it dozens of times here and have seen repeated elsewhere – trying to manage each and every risk can be mindboggling and, at best, lead to wasted resources in the form of time, people, and money. In the most extreme circumstances, attempting to manage every risk can lead to business failure, which is the exact opposite of what risk managers are there to do.

In my experience during assessments of risks and controls, many companies by default will jump on any risk without any control linked to it. Steps will not be taken to assess and truly understand risk…

Therefore, instead of ensuring that only the unacceptable risks receive the attention they deserve, companies end up creating a lot of busy work for risks that aren’t really a big deal, which is why I discourage my clients from the practice of attempting to manage all risks.

When used properly, analysis tools like risk appetite and tolerance help us understand where risks should fall on the “priority list” and therefore determine what to respond to first.

The meaning of risk appetite and tolerance will vary depending on who you ask, so it can be a really confusing topic for many. I have personally found Hans Læssøe’s description to be the most helpful at transforming this nebulous concept into something actionable and helpful for strategic decision-making.

As you know, Hans is the former head of strategic risk management at the LEGO Group and founder of AKTUS, which is the merger of two Danish words for “active uncertainty.” He provides a great summary of the topic of risk appetite and tolerance in his book Prepare to Dare, but I also had the pleasure of speaking with him in-depth about it.

In the beginning of our discussion, Hans explained how risk appetite, tolerance, and capacity represent a spectrum. How a company approaches a particular risk will depend on where it falls on this spectrum.

When framed this way, it’s easy to see how risks exceeding the company’s capacity should take the highest priority since these risks can put the company’s very survival in jeopardy.

But what about risks that fall at other points on the spectrum?

Below risk capacity, there are risks beyond what the company is willing to tolerate, so these will require attention.

But next, we have risks that fall between the risk tolerance and risk appetite. As Hans explains in the interview, these are risks you have accepted and prepared to take in pursuit of strategic objectives.

These risks don’t need to be “managed” per se…they don’t need any sort of controls to bring them down to an acceptable level.

However, this doesn’t mean you should just ignore them.

Hans then goes on to point out a distinction that I think is important – handling these “risks” is not risk management but rather should be called process optimization or improvement.

The concept of process optimization has been around for quite a long time. It can be defined as:

…a business practice of identifying, analyzing and improving existing business processes to optimize performance, meet best practice standards or simply improve quality and the user experience for customers and end-users.”

You’ve probably heard of different approaches a company can use for this purpose like Six Sigma, Lean Six Sigma, Kaizen, Total Quality Management (TQM), and more.

As an example, let’s say your company manually collects data from customers (like during a call with the customer), which comes with risks for typos, mistakes, and misstatements. To address this risk, your company can optimize this process by improving how different systems talk to each other. Instead of re-creating information with each customer interaction, you could possibly import it from another system where it already exists.

This is process improvement or optimization in a nutshell…

While this may sound simple, it is not easy.

After all, processes become ingrained in a company for different reasons, but two common ones include:

  • Outdated systems – workarounds will be created to patch weak spots in existing systems. However, since the process itself is so ingrained, the company will not revisit it even if they purchase a new system. Rarely do companies take the time and effort to ask “what do we currently do?” and “why do we do it?”
  • Regulatory requirements – this is especially true in my primary industry, insurance. Regulators at the state (or federal for publicly traded companies) level may require certain information be collected or reported a certain way. The process the company uses to fulfill this requirement will become so ingrained that they will neglect to ask if there’s a better way to do it.

In some instances, taking actions like process optimization can sometimes eliminate the risk. However, this is by no means the only reason to evaluate and optimize business processes…

Instead of focusing solely on preventing failure in the form of reducing risks, process optimization also creates opportunities and potential advantages for the company.

It’s important to remember that process optimization is not just about addressing risks in the negative sense, but also taking actions that ultimately create opportunities and a competitive advantage.

For example, improving, optimizing, and automating processes can free up people to focus on other things. Also, with many companies experiencing staffing issues, this sort of optimization can help a company realize more productive capacity from their existing staff without leading to burnout.

Process optimization also helps keep the focus on your customers.

Take our data collection example from earlier…

By connecting two systems and eliminating the need for such intensive data gathering, customers could save time when they call the company, which of course makes their experience smoother and improves the company’s reputation.

I can promise that if a company makes their phone support or communications simpler, they will earn many accolades from their customers.

Hans states in his book Prepare to Dare that companies create a distinct advantage by taking these steps, which will be how companies will ultimately survive and thrive in the years ahead.

As he and I discuss in our interview, this spectrum is ultimately the filter through which you determine which risks to focus on. Hans wraps up this portion of our discussion by explaining how anything below your risk appetite should be totally ignored. Worrying about these risks are certainly a waste of time.

While risks that fall between your appetite and tolerance may not be the most critical, addressing them through process optimization can ultimately create opportunities for further sustained growth.

Does your company try to establish controls for each risk? Or do you prioritize using methods like the one described above?

To share your thoughts and experiences on process optimization or another related topic, leave a comment below, join the conversation on LinkedIn, or to share your thoughts privately, email me directly at comments@strategicdecisionsolutions.com.

And if your company is struggling with prioritizing risks so you can be sure you’re addressing the most impactful areas (both upside and downside), please don’t hesitate to contact me directly by email or schedule an appointment through my online calendar to discuss your specific needs today!

Posted in

Sign Up For Our Newsletter

Sign Up For Our Newsletter

SDS-Logo
about-sidebar-v2

Meet Carol

Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.

Most Recent Posts

The 12 Days of ERM Christmas

Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…

Read More

Don’t Let Goals and Initiatives Be Blindsided by External Events

As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…

Read More

Going the Distance: Ensuring Successful Execution of Strategic and Annual Initiatives

Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…

Read More

Avoid Rookie Mistakes and Protect your Internal Reputation

Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…

Read More

ERM at Thanksgiving – An Illustration of Risk Management in Action

On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…

Read More

Why Quantitative Risk Assessment is Not Just the Best But the Only Option – A Conversation

Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…

Read More

The Three Lines Model – 3 Reasons Why I Don’t Like It

Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…

Read More

5 Avenues for Expanding your ERM Knowledge

One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…

Read More

Storytelling and Risk Management – Developing Skills that Technology Cannot Replace

It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…

Read More

3 Phases to Creating and Launching an ERM Program Focused on Organizational Success

If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…

Read More