As risks become increasingly interconnected, traditional assessment methods are struggling to keep pace. John Rogula, risk advisory managing director at Baker Tilly, details how collaboration tools are revolutionizing enterprise risk management through real-time data collection and enhanced stakeholder engagement.
It’s time to reimagine the risk assessment process.
The ripple effects from technological advancements, climate change, geopolitical shifts, regulatory updates, evolving compliance requirements, social media — and the list goes on — are far-reaching and happening at a dizzying pace. Staying one step ahead is a daunting challenge to say the least.
Conducting risk assessments has become an essential component of identifying, analyzing and prioritizing risks to avoid strategic missteps, missed opportunities and worst-case loss scenarios. But oftentimes traditional risk assessments fall short. Ensuring that all stakeholders are represented at the right time and that the data gathered is meaningful and actionable within a rapid timeframe is no easy feat.
Effectively leveraging collaborative methodology and tools can address these challenges and enhance the risk assessment process, enabling organizations to proactively mitigate the downsides of risk as well as uncover opportunities for growth, efficiency and competitive differentiation.
Adopt a collaboration approach
Historically, the methodology employed to conduct a risk assessment is similar whether planning for an enterprise risk assessment, an internal audit risk assessment or diving deep into potential information technology (IT) or environmental-related risks. Organizations usually gather risk insights from a wide set of stakeholders while sorting through a vast amount of external risk information. This is often a manual process that relies primarily on interviews and/or surveys and is focused largely on threats, which is not only burdensome but can result in errors and overlooked opportunities that might be presented by risk factors.
Risks are increasingly interconnected today, and as such, it is not practical to think they can be managed in a silo. You cannot look at regulatory changes without considering the compliance impacts, nor would you identify increased cybersecurity threats without preparing data breach mitigation strategies.
Taking a collaborative approach to risk assessment involves bringing together selected stakeholders from across the organization to jointly identify and prioritize risks. This can include group discussions, facilitated sessions or sharing risk information across different areas. The value of collaboration lies in exchanging diverse perspectives and agreeing on the top risks to enhance the organization’s resilience.
Risk analysis and prioritization using a traditional enterprise risk management (ERM) approach is often reliant on two criteria, impact and likelihood of risk, frequently giving equal weighting to both. This provides a limited, short-term perspective on risk that overlooks the organization’s tolerance for the risk as well as its strategic goals, and by averaging impact and likelihood, minimizes Black Swan events. This type of analysis does not inform consensus around the entire enterprise risk profile and often lacks actionable outcomes.
However, taking an enhanced collaborative approach when identifying and assessing risks ensures organizations are taking a holistic view and avoiding any blindspots. In addition to gathering data from both internal and external stakeholders and sources, this approach relies on leveraging historical data and industry benchmarks, continuous monitoring and adaptation of the organization’s risk profile, and collaboration and communication.
A collaborative risk assessment provides a diversity of perspectives, early detection of emerging risks and effective risk prioritization. The result is an overall enhanced risk culture as participants consider not only the risks but the mitigation strategies needed to proactively manage them.
While the concept of discussing different viewpoints and sharing risk information to collectively agree on the top risks facing the organization and improving the organization’s resilience is simple, the execution can prove complicated. Completing risk assessments quickly while ensuring inclusion of up-to-date insights from a broad set of stakeholders and sources can be costly and time-consuming.
Don’t Let Regulators Catch You Off-Guard
Audits and investigations are inevitable in some industries, but comprehensive compliance can keep your company off the naughty list
Read moreDetailsLeverage technology-enabled collaboration tools
Collaboration tools can provide the benefits of multiple stakeholders’ simultaneous input while minimizing the time and resources invested to gather such data. These tools play a powerful role as part of an enhanced enterprise risk assessment as they enable:
Remote collaboration
Web-based solutions facilitate effective remote collaboration, allowing for easier scheduling and broader stakeholder inclusion across locations and time zones, thereby enriching risk identification with diverse perspectives and more data points.
Anonymous input
Collaboration tools can capture risk information anonymously or with identifiable attributes, allowing organizations to track risk assessments by function or department. In environments where strong personalities or politics may impede data collection, anonymous submissions encourage diverse input and provide a voice to all stakeholders.
Real-time collaboration
Using technology in risk assessments automates repetitive tasks, enabling teams to focus on outcomes. Collaboration tools offer real-time results, highlighting consensus or non-consensus, which fosters deeper discussions and better alignment on key risks. This engagement increases participants’ investment in the process, particularly among organizational leaders, promoting risk ownership and effective responses.
An implementation roadmap
Let’s take a deeper dive into what this means in each of the three phases of an enhanced risk assessment approach.
Data collection
In the data collection phase of an enhanced risk assessment, the focus shifts from merely identifying risks that hinder strategy to informing the strategy itself. This begins by questioning how the organization measures success for both internal and external stakeholders, using these insights to identify significant roadblocks that could impede or accelerate performance objectives and potentially necessitate strategic adjustments. Enhanced assessments encompass all enterprise risks by leveraging a risk universe tool that lists 80 to 100 sector-relevant risks to broaden participants’ perspectives beyond their specific areas.
This technology-driven approach yields richer data by asking participants detailed questions about risk names, scenarios, performance impacts, indicators, current and potential mitigation efforts and necessary responses, moving beyond the basic “what keeps you up at night” inquiries.
Risk analysis and prioritization
The analysis and prioritization phase of an enhanced risk assessment goes beyond evaluating impact and likelihood to include management preparedness and risk velocity — how quickly the effects will be felt once a risk materializes. Taking risk tolerance into consideration, this approach prioritizes responses and emphasizes the significance of high-impact events, including Black Swan events. Instead of positioning risks on a heatmap, the focus shifts to determining the necessary responses to each risk.
Outcome and reporting
When it comes to outcomes and reporting, an enhanced risk analysis strikes a balance between strategic and operational risks as well as internal and external risks, focusing on future uncertainties rather than simply issues at hand. Using technology-enhanced collaboration tools to apply scenarios to the risk, build consensus among stakeholders and quantify impact automates the reporting process resulting in timely, insightful analysis that can inform appropriate response plans and drive strategy.