GRC Tuesdays: Should We Stop (Just) Talking about Risk Management?
I’m passionate about the concept of managing risk as a valuable technique for developing sound business strategy, as well as running a good solid business. Because fundamentally this point goes to the heart of this question: how will you keep your business relevant now, and in the future?
For me, one of the ‘secrets’ in the value is well encapsulated by ISO 31000 definition of risk: the “effect of uncertainty on objectives.”And note, an effect is both a positive or negative deviation from what is expected. The board delivers strategy through objectives, both of which are developed within a competitive context and change over time. Management of major risks affects an organization’s ability to meet objectives and execute its strategic plan.
Don’t Talk about Risk Management?
Putting it another way, if your business can’t link the risks it is managing to a business objective, you’re wasting time and resources (and probably don’t fully understand) managing the risk.
Documenting risks, assessing them, and developing mitigation strategies is essential for a modern agile competitive business. But unless the risks are integrated across silos in a consolidated reporting framework and the impact of this output is linked back to objectives, the goal for doing the work is decoupled and isolated from vital information inputs to decision-making.
So perhaps we shouldn’t be talking about managing risk, but something more like objective uncertainty management. Focusing on the outcome of the process of managing risk, the real value.
Apart from this developing a sustainable and resilient business, it’s also the operational execution and cultural development necessary to meet the multitude of corporate governance codes around the world. Corporate governance essentially involves balancing the interests of a company’s many stakeholders (shareholders and investors, management, customers, suppliers, employees), government, and the broader community they operate within.
Brand Management Spans Many Business Functions
I’m not a marketing expert, but let’s consider an example of brand as an objective.
In 2013, 37% of organisations worried that lack of trust in business would harm their company’s growth. That jumped to 58% for 2017 (PwC 2017 study “20 Years inside the Mind of the CEO…What’s Next?”). The other factors in decreasing influence are Product, External Validation, Cost and Deployment. (Interestingly, Product is not top).
Reflecting on my own 20+ years of experience in the software industry, it’s hard, and often fragile, to rely on product differentiation to beat the competition. There are so many products out there, with so much information about them, it’s challenging to isolate the exact features and functions in a product that are core to one’s requirements. From this evidence, developing and sustaining brand is therefore one of the most important things an organisation can do.
According to Interbrand (Best Global Brands 2011), there are 10 factors present in the top 100 companies (brands). The companies are ranked according to how brand affects the organisation from customer expectations, financial performance of its products or services, the role of the brand in the purchase decision process, and its strength.
There are four internal factors:
Six external factors:
Turning this around: how does one consciously direct these factors to develop a strong brand as a core business objective? Clearly, an organisations’ ability to communicate their stance on these factors, and strategy to meet the brand objective they wish to portray, cuts across the entire business: tone at the top, execution in the middle; bottom up evidence and control testing to assure culture has to reach all levels in the organisation; all processes and procedures; policies; training and reviews; line management styles; and as an umbrella stewardship; the management of financial and operational risk.
In Part Two, we’ll take a look at a company’s ability to manage its data—since it’s topical at the moment—as a more tangible factor influencing brand management.
Read the rest if our GRC Tuesday blogs for more on risk management topics.