Traditional risk management dooms your company to failure.

What is the purpose of this article?

Help shareholders, investors, founders, the board of directors and C-Suite discuss and improve risk management governance.

You many download a PDF of this article from: Traditional risk management dooms your company to failure

What are the critical learnings in this article?

  • Traditional risk management in many companies does not address some of the fatal risks:
  • The talent in the board of directors and C-Suite.
  • Understanding of the cash paying customer problems and needs.
  • Understanding the company’s ecosystem.1
  • Enabling company growth and value creation.

What are some definitions of risk management?

#1 “Risk management is the process of identifying, assessing and controlling financial, legal, strategic and security risks to an organization’s capital and earnings. These threats, or risks, could stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents and natural disasters.” 2

#2 “Dynamic risk management has three core component activities: detecting potential new risks and weaknesses in controls, determining the appetite for risk taking, and deciding on the appropriate risk-management approach” 3

#3 “ERM (Enterprise Risk Management) is a forward-looking management discipline designed to provide board and senior leaders a top-down, strategic perspective of the portfolio of risks they need to proactively manage to achieve business strategy, financial objectives and, as of 2019, corporate purpose.”4

 What are the fatal risks not addressed in many approaches to risk management?

Driving growth and profitability are not highly important risk management goals in companies. McKinsey did a survey of what goals companies had for enterprise risk management.5Two industries were examined. The companies scored goals from1:low to 4:high.

Energy company scores:

  • Drive profitability and growth 1.8
  • Ensure regulatory compliance 2.2
  • Protect value: 3.4

Advanced company scores (high tech and assembly)

  • Drive profitability and growth 1.0
  • Ensure regulatory compliance 4.0
  • Protect value: 2.5

The greatest risk to a company is not having competitively differentiated talent.  It is talent that understands the company’s ecosystem, provides value to key ecosystem members (e.g. cash paying customers and users), creates competitively differentiated solutions, acquires the necessary technology, make decisions, executes decisions, etc.

Many company leaders (board directors and C-Suite) believe that the only talent issues lie deeper in the organization and not with themselves.  Few have asked “Am I the right person”.  I recall a wonderful meeting with a board director who had great self-awareness.  He resigned from a large company board.  He told me why he felt his value to the board had dropped.

The second greatest risk is not understanding the cash paying customers problems and needs, as well as the perceived value of meeting those needs.

The third greatest risk is not understanding the company’s ecosystem5 or even realizing that the company has an ecosystem.

What do I observe about traditional risk management?

  • Traditional risk management is focused on secondary risks, many of which are addressed by management and staff below the C-Suite.
  • The above fatal risks, especially the talent and capabilities with the board of directors and C-Suite, are often not addressed.
  • Companies controlled by hedge funds, private equity, venture capital, and sophistical family office often do address the above fatal risks, especially the talent.

What are your next steps?

  • Determine who is accountable for ensuring the appropriate talent is on the board of directors, along with the necessary processes for: assessment, recruitment, development, and exiting.
  • Determine who is accountable for ensuring there is a shared understanding of customer problems and needs among the board of directors, C-Suite, and the rest of the organization.
  • Determine who is accountable for ensuring there is a shared understanding of customer problems and needs among the board of directors, C-Suite, and the rest of the organization.
  • Determine who is accountable for ensuring that there is a shared understanding of the company’s ecosystem.
  • Assess how the above items drive your company’s short and long-term actions.
  • Identify who is accountable for the improvements and the results of the improvements.

 Footnotes

1 “A business ecosystem is the network of organizations—including suppliers, distributors, customers, competitors, government agencies, board of directors, C-Suite, employees, and so on—involved in the delivery of a specific product or service through both competition and cooperation. The idea is that each entity in the ecosystem affects and is affected by the others, creating a constantly evolving relationship in which each entity must be flexible and adaptable in order to survive as in a biological ecosystem.” Adapted from Investopedia 2021 Jan 20

 2 IBM Risk Management article – 2022 August 22

https://www.ibm.com/topics/risk-management

3 McKinsey 2022 August 22

https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights/meeting-the-future-dynamic-risk-management-for-uncertain-times

4 Ernst & Young

https://assets.ey.com/content/dam/ey-sites/ey-com/en_gl/home-index/ey-alm-pacesetter-research-enterprise-risk-management-2020-2021-full.pdf

5 Enterprise Risk Management Practices: Where’s the evidence? February 2014

https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights/enterprise-risk-management-practices-where-is-the-evidence