The challenges of running a risk transformation project are well known, but just how do you overcome these to make a project a success?
That was exactly what was up for debate at our recent virtual meeting on overcoming the pitfalls and stumbling blocks that fall in the way of all too many risk transformation projects.
Members who participated in our virtual meeting all had different experiences of running such a programme, and the insights they came up with have been distilled here to help you overcome problems you may be facing on your own journey.
1. Break down the silos
To make any risk transformation project a success, you need to steer away from looking at risks in silos, and instead build a holistic view of your organisation.
A comprehensive risk taxonomy is key to achieving this as it allows an efficient flow of information across the separate parts of your organisation and the aggregation of risks.
By having such a holistic view of the organisation's risk profile, combined with an overarching approach to risk tailored to individual business unit needs, you can select the right tools from the risk framework to properly assess, quantify and manage the specific risk you are facing.
2. Move beyond operational risks
All too commonly risk management becomes an inward looking process, focussing on the operational risks of an organisation in order to reduce the overall risk exposure an organisation faces.
If you do this as part of a risk transformation project you are potentially ignoring a whole range of risks, both positive and negative.
Instead, you must think outside of the box and look at strategic risks away from an organisation’s operations, otherwise you run the risk of missing out on upside strategic risks, as well as the potential for being blindsided by an emerging risk.
3. Select the right tools
Once you have developed a full understanding of your organisation’s risks, you need to ensure that you have the right tools in place to manage them in an effective way.
There are three main types of risks that you need to consider as part of a risk transformation programme: operational and compliance risks, strategy risks and emerging risks.
Operational and compliance risks
Used to protect the peace. There is no real strategic benefit to taking risks in these areas, so typically these are the risks you want to protect your organisation against.
These risks are usually managed using a cause-consequence type of analysis, and then prioritised based on likelihood and consequence.
Strategy risks
Areas where you want to take risk – it is not about preventing bad things from happening, it is about making great things happen.
These risks need tools like scenario analysis, SWOT analysis and Monte Carlo analysis in order to be properly managed.
Emerging risks
Areas that are not yet a threat (or opportunity) but for which you still need to prepare.
These risks need to be assessed using tools that take account of time and velocity, such as signal monitoring, in order to understand the impact of the emerging risk and how soon it is likely to occur.
You should prioritise preparing for big and fast risks first as slower developing risks give you more time to adapt and prepare an appropriate strategy.
Click here to find out more about our upcoming virtual meetings.
Are you an in-house risk manager who could benefit from collaborating with a global network of risk leaders? Talk to us about becoming a member today.