As is often repeated on this blog and elsewhere, the focus of risk management should not be minimizing harm to the organization but achieving objectives and maximizing success. No company can (…or should) try to avoid all risks. Taking this route can be disastrous, especially in today’s world.
When developing strategy, hopefully your organization is using scenario planning to see if objectives are feasible.
Once risks to these objectives have been identified and their impact and likelihood is understood, the next step is to determine how best to respond.
One option is to avoid the risk altogether. As I explain in a previous article on four common risk response strategies:
When you choose the avoidance option, you’re closing off any possibility that the risk will pose a threat to your enterprise.
But while this may seem like an attractive option, it just isn’t practical in many cases.
The fact is that every organization has to take risks in order to survive and thrive. A previous article on the consequences of not being proactive with risk management provides a glimpse of what can happen to organizations that take a reactive approach or try to avoid risks at all costs.
While your organization may want to avoid a particular risk, there are often cases where this isn’t possible.
Much to our dismay, there are things that are simply out of our control – this is true both professionally and personally.
In the context of your organization, the elements we cannot control are external by default. Some examples can include:
- Legislation or new regulations that will have an impact on the business
- Technological advances
- Changes in consumer demands
- Social issues
- The broader economy
By contrast, internal factors can be changed or can at least be managed.
Take employee compensation. The company has to decide…do we increase pay and benefits to retain talent, or do we want to save money and run the risk of higher employee turnover?
A company’s supply chain is another great example. How is our business dependent on outsiders to fulfill our mission? What redundancies, backups, or insurance options should we have?
For external factors outside of your control, start by finding elements of the risk that you can actually manage.
Although there are risks from outside your organization that you cannot control, often times there are elements of the risk that you can. You may not be able to change the impact or likelihood, so it will simply come down to determining how best to respond.
Motivational author and consultant Bassam Tarazi says it best:
The only thing you can really control is how you react to things out of your control.
Take the list of examples from earlier…
In the case of a new law or regulation, what preparations can be made before the new rules go into effect? Are there ways we can influence this decision (i.e. lobby for change)?
You cannot control shifting consumer demands, but you can change the products you produce or services you offer, how you market them, and so on.
Technological advances are happening whether we like it or not – you can’t avoid it. However, you can determine how to harness technology or address some of the impacts these advances will have on your organization.
The economy is most definitely out of your control, but you can control/influence your organization’s investment strategy, and as I explain here, harness KRIs to see if trouble is brewing.
And last but not least, what about social issues?
We cannot control things that happen or how people (e.g. society) react, but we at least have some control over how these issues impact our organization through our response both internally and/or externally.
There are countless other examples I could mention. In the end, you only have control over so much. The pace of change and the impact external events can have on your organization is a prime exhibit of why a robust ERM process embedded within decision-making is so crucial to success in today’s world.
What approach does your organization take in response to risks and situations outside your control?
To share your thoughts and experiences, leave a comment below or join the conversation on LinkedIn.
And if your organization is struggling to manage unavoidable risks or develop an effective risk-based response to external events, please don’t hesitate to contact me to discuss your specific situation today.
Featured image courtesy of Luca Bravo via Unsplash.com
Sign Up For Our Newsletter
Sign Up For Our Newsletter
Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.
Most Recent Posts
Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…Read More
As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…Read More
Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…Read More
Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…Read More
On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…Read More
Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…Read More
Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…Read More
One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…Read More
It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…Read More
If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…Read More