GRC Tuesdays: Good Use of Collaboration in Risk Management
I think we’ll all agree: risk management is about breaking silos. Indeed, an Enterprise Risk Management (ERM) program can only be efficient if it crosses departments and functions.
If only one area of the organization successfully monitors and mitigates its risks, then the program as a whole isn’t effective in protecting the company’s value drivers.
However, even for those companies who have successfully crossed this bridge and made it truly enterprise-wide, there is one last pitfall: the isolation of the risk owner.
If the opinion of the risk owner is the only one sought, then the crossing of silos will have been in vain because the end result would be somewhat similar and only reflecting the views of one.
That’s why, to my mind, collaboration is so vital in risk management.
In this blog, I’d like to illustrate how I believe collaboration can be achieved and significant gains can be obtained from such an approach.
Collaborate for Risk Identification
Not one person can be a specialist in all areas, so being able to gather different experts together can truly help in identifying all the potential impacts of a risk event. But most importantly, it helps in listing all its potential root causes. These “drivers” should be addressed by proactive measures in order to prevent the risk from occurring. Indeed, avoiding a risk usually has a lesser cost than recovering from a crisis.
Illustration: Review and documentation of the causes and consequences of a risk during a workshop
Collaborate for Risk Analysis
Illustration: Inputs from multiple risk experts during a collaborative risk assessment being consolidated and reported to the risk owner
|As for the identification, different experts will have different views when assessing the impacts of a risk. An accountant will very much focus on the financial aspect incurred while an operations manager might be more inclined to document the potential disruption in the supply chain. Involving marketing and communications experts in the analysis phase would also enable the organization to capture any reputational impact or change in customer perception that could be experienced.|
Collaborate for Risk Mitigation
|Concerning the response strategy of a risk, here again collaboration is crucial. An internal control and compliance specialist will be able to know what controls are already documented and can be leveraged to cover the risk. If none existent, this stakeholder will be the best suited to propose the creation of a new control.
Finally, someone from the insurance department will not only be able to advise on the company’s coverage level, but will also be able to use this information to review the current insurance policies purchased. This optimizes the cost of insurance for the company and also provides better coverage of the risk thanks to adapted criteria.
Illustration: Multiple actions, owned by different stakeholders, combined to create an end-to-end response strategy
At the end of the day, it’s always up to the risk owner to decide what to do. But having these views can significantly help in describing accurately a risk, its outcome and in defining a realistic response strategy.
What about you? Do you use collaboration in your risk management process? Are there any other areas than the ones I mentioned where you have integrated this approach? I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard