- Corporate Security Teams
- Risk & Compliance Teams
- Information Security Teams
Governance, Risk and Compliance
By Resolver Modified September 20, 2021
I was recently forwarded a great article in the Harvard Business Review written by Robert S Kaplan and Annette Mikes. I wanted to point to a particular thought in this article which really strikes me as powerful. Also, here is a link to the paper:
You will have to log-in to get the whole article but this idea actually comes up on the teaser page.
The framework Kaplan and Mikes propose segregates Risk Management into three categories: Preventable, Strategic and External risks.
Preventable risks are internal risks such as fraud, theft, other detrimental behaviors or breakdowns in process.
External risks are what you might expect. These are economic, political or geographic events or even trends that cannot be prevented by the company but they can often be predicted or identified as they occur.
The category I wanted to comment on is the ‘Strategy risk’ category. This to me is a lost or buried concept in Risk Management that needs more attention and needs to be understood as core to the discipline and the value it can add. At the heart of it is the idea that risks are not necessarily to be avoided, but rather to be embraced in order to grow our businesses.
Kaplan and Mikes write, “Strategy risks are quite different from preventable risks because they are not inherently undesirable. A strategy with high expected returns generally requires the company to take on significant risks, and managing those risks is a key driver in capturing the potential gains.”
They go on to propose that, “Strategy risks cannot be managed through a rules-based control model. Instead, you need a risk-management system designed to reduce the probability that the assumed risks actually materialize and to improve the company’s ability to manage or contain the risk events should they occur. Such a system would not stop companies from undertaking risky ventures; to the contrary, it would enable companies to take on higher-risk, higher-reward ventures than could competitors with less effective risk management.”
I’d suggest that one of the key limiters to the adoption of risk management is that many Sr. Managers and Boards do not view Risk Management in this opportunistic way. Collectively we need to see this as a tool to grow our businesses more quickly, to seize markets and opportunities we may not have believed we had access to and to do this with greater certainty of success.
The article goes on to give a number or real world examples of companies such as our client Hydro One who are mentioned in the article. The common theme is that the risk management process is integral to the Strategic Planning and capital allocation functions in the business.
Anyway – I like to keep blogs short so hopefully the point has been made here. I encourage you to read beyond the first page of the article as there is some great content and great examples of companies and of course it is great for us to see one of our client’s getting mentioned in a best-practice piece such as this!