Focusing on the Correct Risks
Boards must work together with management to pay sufficient attention to truly critical risks and offer skepticism when analyzing the responses and treatment plans management has chosen to address those risks. A simple assessment of likelihood & impact may present more problems than solutions because those parameters rarely relate directly to strategic objectives and they avoid the fact that strategic objectives are not always equal in importance.
Situations for Risk Responses
- Risk Acceptance: if risk is in acceptable range or too expensive to mitigate
- Risk Mitigation: if company can treat risk by changing processes or improving controls
- Risk Transfer: if insurance is available to offset financial losses or if partnering with another company is viable and reasonable
- Risk Exit: if risk is too great and threatens the viability of the company
- Risk Pursuit: if the company should accept more risk in return for greater anticipated value
Board Recognition of Key Risks
Boards must continually discuss management’s outlook on risks that are changing or becoming more likely; the following techniques aid in this discussion:
Key Risk Indicators (KRIs): metrics that give boards a snapshot of how management is scanning the risk horizon for red flags. Example: a rise in unemployment could signal to a retailer that holiday sales won’t be as healthy as usual (consider reducing staffing)
Key Performance Indicators (KPIs): measurements of past events, useful for management because they help monitor all of the processes that must work together for a business to meet its’ strategic objectives. Example: monthly sales trends indicate a fall-off in consumer demand leading up to the holiday sales season
Understanding Any Interaction of Key Risks
Why are boards unable to have meaningful discussions on how risks are interacting?
It is difficult to see how risks impact one another if the board discusses different key risks at each meeting. Boards are prone to miss the impact of several risks occurring together if the risks are discussed in committees instead of full board discussions
Board Monitoring of Reputation Risk
The board needs to be aware of the impact key risks can have on a company’s reputation or brand. Monitoring reputation risk is tricky because it is triggered by another risk such as loss of customer confidence or an industrial accident.
Scenario planning is a great tactic to gauge reputation risk while crisis management is essential to properly carry out periodic table-top exercises for crisis response and reputational damage as well as identifying employee procedures and roles. Also, social media monitoring can provide telling indicators of a company’s reputation and is a great tool to connect with consumers and attempt to alter the company’s reputation.
Read ERM articles as soon as we post them
Keep up-to-date with current developments in ERM. Subscribe to the ERM Newsletter.