Lean team, bigger impact: three ways to optimise risk resourcing and planning

Even at large multinational organisations, the group-level ERM function is often relatively small and may still have a wide remit of responsibility: how do you leverage a limited number of risk resources to add the most value to the company, engage the business, and make a genuine impact?

New benchmark: Optimising resources for the greatest impact

Request to see the full benchmark.

Find out more

In response to the priority of a Risk Leadership Network member, we've recently been facilitating collaborations between risk leaders at different organisations with small centralised teams to share their approaches to building and maintaining an efficient risk team. Below are just a few highlights from those conversations.

1. Develop a risk calendar: three common approaches

Source: Optimising resources for the greatest impact, bespoke benchmark from Risk Leadership Network

Most risk leaders, irrespective of the size or sector of their organisation, do use a risk calendar to provide varying degrees of structure to their risk activities:

1. Annual plan

   Usually, risk calendars take the form of an annual plan that follows the structure of the company's financial year and is typically based around key reporting milestones - for example, quarterly reporting to the board and audit committee (ARC), as well as preparation for the risk section of the company's annual report.
   
   

2. Rolling plan

   Some of the practitioners in our network have a plan with a 12-month horizon - not unlike an annual plan - but this is a rolling plan, which has no specific endpoint and is reviewed (and updated) on a more consistent basis (e.g. once a quarter).
   
   

3. Longer-term strategic roadmap layered on top of annual plan

   In some cases, risk leaders layer a longer-term strategic roadmap on top of their annual plan; while the annual plan is more tactical and short-term in focus, ensuring key requirements are met, the strategic roadmap focuses on long-term maturity growth and strategic initiatives (typically to a time horizon of three to give years).

So, given what we know about how a risk leader may organise their "risk calendar", what might a typical example of these calendars look like?

Source: Optimising resources for the greatest impact, bespoke benchmark from Risk Leadership Network

• Half the organisations we spoke to, as part of our recent benchmark, report to the board on a quarterly basis, while 75% report to the audit and risk committee (ARC) every quarter.
• Meetings with the executive committee tend to be a bit more regular: a quarter of risk teams meet with the executive committee every month.
• Ahead of their quarterly risk reporting, some companies also hold smaller, one-to-one meetings with senior leaders to brief them on what will be included and provide any important context or background information.

2. Prioritise risk activities by identifying key business drivers

On the subject of priorities, what is driving risk activity at organisations?

For risk leaders putting together their calendar, or reviewing it to assess whether there are any gaps (i.e. important activities missing), a key part of this prioritisation is identifying both the top-down and bottom-up influences on their risk activity and using this to decide what is most important. 

Below we've captured some of these key drivers CROs ahead as part of our recent benchmark.

3. Do more with less

With the typical ERM function counting between two and five FTEs on average (based on figures in our recent risk operating model benchmark), risk leaders in the network have also reflected on how they are optimising their limited resources to make the biggest impact. Here are a few of the tips they shared with each other (and which they have explored in more detail during recent member meetings):

By managing risk calendars, identifying key business drivers  and effectively prioritising workload, risk leaders in our network are able to add value to their organisation, even with a small team.

This high-level overview of the insights shared by our members at recent bespoke meetings and benchmarks is a small taster of the in-depth discussions and practical advice that was shared by risk leaders on this subject of risk calendars and prioritisation of workload in lean teams.

All the collaborations that we facilitate are in direct response to specific priority of one of our members.

Find out more about how we work with our members in response to their priorities, or book a discovery call to confidential discuss solutions for a specific challenge you're facing.