Insight

Taking a strategic approach to risk management

March 2017


When we think of risk we usually think of danger and the chance of something bad happening. This then gives you two things to consider: the likelihood of it happening and the potential damage it may cause.

Nevertheless, most successful business people understand that taking risks is essential. They also understand the premise that risk and return work in tandem: the higher the return you're looking for, the more risk you need to take.

Risk management and its role in corporate governance

The way we've just defined risk is relevant to the way we examine it in a strategic context and how we deal with it from a governance point of view. In particular, once you've defined your corporate mission, strategies and objectives, you must identify the risks that threaten these aims and then decide the steps you'll take to mitigate those risks. Indeed, when you define your business strategies you must actively consider your appetite for risk and how much risk you are prepared to tolerate. After all, there is no point setting a business strategy or objective if you are unwilling to tolerate the risk you need to take to achieve it.

To develop the right risk management and control processes it is useful for all stakeholders to discuss the issues and reflect on the main factors that will determine your approach to risk management. In this sense, it is important to consider modern environmental factors that now significantly affect any approach to risk management. These include:

  • Technology
  • IT and fraud related risk
  • Environmental changes and natural disasters
  • International politics
  • Interest rates and foreign exchange fluctuations
  • Inconsistent energy supplies
  • Uncertain employment markets
  • Business failures.

These risk factors have led companies to manage risk in a more systematic and interdisciplinary way using complementary and alternative solutions to the traditional ones, which merely transferred risk to the insurance sector using insurance policies.

An evolving international regulatory framework

Evolving international regulation may see new corporate governance rules aimed at improving the transparency of performance indicators and related risk factors.

The perception of the international political and financial community supports this view. In its 2015 Global Risks Report, the World Economic Forum (WEF) stated:

"...in a world where risks transcend borders and sectors, the motivations underlying the Global Risks report at its inception in 2005 - to shed a light on global risks and help to create a shared understanding of the most pressing issues, the ways they interconnect and their potential impacts - are more relevant than ever."

Environmental and political risks dominate

Perhaps unsurprisingly, given the global financial crisis, economic risk was at the forefront between 2007 and 2014. In 2015, economic risk took a back seat in favour of:

  • Potential water crisis
  • Global spread of infectious disease
  • Weapons of mass destruction
  • Inter-state conflicts
  • Failure to deal with climate change.

Managing risk in a global context

These issues are sufficiently important to make assessing risk in a global context extremely relevant to risk and control governance. An external environment characterised more and more by an increasing level of complexity results in a progressive broadening of perspective among those responsible for internal controls. This means you must focus on your company's long-term goals and the strategies you intend to follow by answering these two questions:

1. Does your business have the necessary resources to pursue its goals?

2. Does your organisational structure contain the resources you need to follow your chosen strategies?

Put differently, modern-day risk management requires your business processes to consistently respond to, and work towards, your long-term business goals.

In conclusion, those who have to deal with managing risk and internal controls must broaden their perspective: as well as understanding individual processes they must also develop a deep understanding of their business's policy and strategy.

This article is based on the first chapter of the book Risk and Control Governance - a Value Creation Perspective by Fabio Accardi, part of the puntOorg book series (general editor Luigi Maria Sicca).