No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

Risk Management – Looking Forward 30 Years

by Jim DeLoach
August 3, 2015
in Risk
Risk Management – Looking Forward 30 Years

Last month, we looked back 30 years and reported some of the powerful lessons learned from that period with respect to risk management (with a particular focus on the last 15 years). During the last three decades, we have seen risk management evolve to a more holistic view that portrays an enterprise risk profile to help management and directors understand the full array of risks facing the organization. Access to data necessary to better understand and manage risk has never been greater. Both internal and external data sources can be combined to create more insights than ever before. While the processes used to update risk profiles certainly help executives answer the question, “Are we riskier today than we were yesterday?”, progress has been curtailed by continued emphasis on fragmented silos, ineffective measurement and monitoring of risks, subordinating risk to an afterthought to strategy setting and positioning risk management as an appendage of performance management.

The good news is that today, largely because of the financial crisis, risk management has made its way onto the agendas of executive management and Boards of Directors as a critical discipline and a necessary part of good governance. This is a base upon which we can build as we go forward. The heightened level of importance at the highest levels of organizations will accelerate improvements in risk management in the future.

The next 30 years will produce three broad trends, or themes, in the pursuit of answers to the question, “Will we be riskier tomorrow than we are today?” The first will be greater integration of risk management into an organization’s fundamental management practices (the “integration theme”). The second will be recognition that the primary purpose of risk management is to position the organization to face change with confidence as an early mover on emerging opportunities and threats (the “early mover theme”). The third will be significant advances in techniques for measuring and monitoring risk (the “capability advancement theme”).

The integration theme is all about integrating risk and risk management with what matters in running the business. Several developments will make this happen:

  • Explicit recognition of the vital importance of effective, principles-based risk governance – To be effective, risk management requires several conditions to be present. These conditions include a fully engaged Board, a bought-in CEO, an open and transparent risk culture, a compensation structure that balances short- and long-term interests, an organizational commitment to responsible business behavior and, most importantly, an organizational will and discipline to act in a contrarian manner when the warning signs signal a market opportunity or emerging threat is at hand.
  • Integration of risk with core management processes – Over the next 30 years, the ad hoc “art form” of integrating risk with strategy development, business planning, sustainability and other core activities will evolve into a seamless, mature process. The most successful companies will differentiate themselves through this integration, as they will elevate risk to a strategic level to manage uncertainty during management’s long-term planning horizon, increase accountability for achieving business plans and increase the robustness of corporate sustainability initiatives.
  • An ongoing, explicit and impactful risk appetite dialogue – Once the critical risks are identified, successful companies in the future will have a more formal process in place for defining the amount of risk the enter­prise is willing to accept in pursuing its strategy for creating enterprise value. These companies will use the risk appetite statement as a benchmark for an ongoing dialogue between management and the Board AND drive it down into the organization to impact decision making and provide strategic, operational and financial boundaries around risk-taking behavior.
  • More effective intersection between risk management and crisis management – More companies will consider velocity and persistence of impact and response readiness when evaluating “high impact, low likelihood” risks in the risk assessment process to provide greater insights to management on where to improve preparedness. This connection will drive updates in response plans and creation of rapid-response teams.
  • Recognition that an end-to-end, extended enterprise view of the value chain is vital to managing risk, requiring consideration of upstream and downstream relationships – The past 30 years have blurred boundaries between organizations such that an enterprise is almost always boundaryless in a global marketplace. During the next 30 years, the companies that manage risk using an end-to-end enterprise view of the value chain will be far more successful than companies that do not. This means obtaining greater visibility in the full chain by looking upstream to supplier relationships, including the suppliers of critical suppliers, as well as downstream to distribution channels, customer relationships and all the way to the ultimate end user to identify the most critical risks and exposures to changing conditions. This perspective focuses on all intermediaries between producers and end users, including which ones are vulnerable and which ones are not (both at the present time and looking forward). The objective is to solidify the organization’s position within the value chain as well as reduce the risk of losing strategic partners or becoming disintermediated.
  • Continued expansion of risk-management disclosures, with the market rewarding companies able to deploy risk management as a differentiating skill – The risk factor, financial reporting footnote, proxy and other disclosures that exist today are likely to expand further in the future. Savvy investors will recognize that protecting enterprise value is as important as creating it and will facilitate the flow of capital to those companies with the best track record for making the best bets in the global marketplace. The market will reward those companies able to increase the transparency and communication of risk within their extended value chain and quickly identify and respond to environment changes that alter their risk profile.

The early mover theme emerges out of widespread recognition that rapid and disruptive change is a constant business reality rather than an occasional thing. During the next 30 years, we will see profound changes in the world as we know it – the rise of emerging markets, continued impact of technology innovation (including technologies we can’t even imagine today), continued expansion of information access to consumers and businesses, an aging population and changing demographics and increasing inter-connectedness across the globe creating exposure to competition from anywhere.[1] With life cycles of business models continuing to compress, those organizations that are able to quickly discern the opportunities and risks that matter and act on that knowledge are likely to be the ones that survive and prosper.

Several developments will facilitate this theme:

  • The dynamics of future change virtually ensure a few “mainstays” on the risk profile of most organizations – In the future, there are certain risks we can almost always expect to see in most risk profiles due to the uncertainty they will create over planning horizons. These risks include: regulatory change, economic conditions, cyber threats, attracting and retaining top talent, succession challenges and compressing product life cycles.
  • Formal monitoring of the environment for changes in critical assumptions underlying the strategy – In the future, strategy setting and risk assessment will increase an organization’s sensitivity to change by (1) facilitating a more explicit articulation of critical strategic assumptions, (2) applying scenario analysis to evaluate situations arising from an event or combination of events that could invalidate one or more of the critical assumptions and (3) monitoring relevant key factors and trending metrics to ascertain whether the critical assumptions remain valid over time.
  • Competitive intelligence will be aligned with key drivers evidencing whether high-impact scenarios are either developing or have occurred – Successful companies will insist that information and insights around strategic assumptions, scenario analyses and intelligence gathering be distilled and communicated to decision makers and the Board of Directors on a timely basis so that the impact of changing market realities on critical strategic assumptions is considered.
  • Ability and discipline to act decisively in response to changing market realities will be critical to success – Managerial intuition and ingenuity in translating information regarding the reality of altered strategic assumptions into appropriate revisions to strategic, business and product plans will mark the difference between winners and losers. It will be an established principle that having knowledge of an emerging opportunity or risk without undertaking a process to convert that knowledge into hard choices and actionable plans is as useless (and lethal) as having no knowledge at all.
  • An early mover is committed to continuous improvement – The speed and complexities of business will lead to occasional errors in judgment, resulting from failure to either recognize an emerging opportunity/threat or react to that knowledge. Early mover companies will (1) encourage admission and sharing of errors and learning from them and (2) internalize lessons learned by converting them into effective process and product improvements.

The capability advancement theme is about advancing risk measurement and monitoring. The following are examples of developments that will facilitate this theme:

  • Integration of risk management with performance measurement and reporting – In the future, the most successful companies will effectively intersect risk management with performance management by considering an understanding of the risks inherent in the strategy, along with the company’s risk appetite in setting key metrics and targets.
  • More effective cascading of risk tolerances into the business using a scorecard of lead and lag indicators – The most successful companies will define actionable risk tolerances that fall within the scope of their established risk appetite and use them to establish stronger accountability and discipline in the organization.
  • Continued evolution of risk quantification techniques by leveraging enterprise data availability and increasingly sophisticated measurement tools made possible by leaps in computing speed and data storage – In the future, simulations like Monte Carlo will be applied in a systematic, comprehensive risk assessment and fully supported by senior management as the volatility of an ever-changing business environment makes a single-point (or deterministic) view of the future useless in the planning process. Decision makers will be better armed with inputs on probabilities when evaluating options.
  • Progress in monitoring risk – We envision progress in using more technology capabilities in monitoring risk, mining data and establishing automated escalation triggers and early-warning capability.
  • The emphasis will be increasingly forward-looking – We expect further improvements on definitively measuring risk, simplifying views of the risk profile and making it more concise, transparent, practical, cost-effective, scalable, flexible and decision-useful. This will be the focus of the next decades at all levels – executive management, the Board of Directors, unit management, key stakeholders, etc.
  • Progress in measuring the value of risk management – We envision progress on the aspirational objective of measuring losses prevented so that the true “value” of effective risk management can be separated from “luck” or good fortune.
  • Everyone becomes a risk manager – There will always be multiple lines of defense providing checks and balances in managing complex, volatile risks; however, in the future, responsibilities and accountabilities for managing risks will be clarified more crisply for operating units and process owners so that management of the tension between creating enterprise value and protecting enterprise value will be more seamless and provide a focal point for everyone.

As the financial crisis taught us, speed is what matters. In the future, disruptive change will be the norm. The ability of investors to transfer capital rapidly across borders will make a catastrophic loss of market confidence, reputation and brand image truly lethal. The metaphor of “light speed” sets the context in which 100-year old companies evaporate or become near-extinct in a relatively short period of time if they are not agile and adaptive to sudden, unanticipated change in the competitive landscape, whereas in the past it may have taken a decade or more.

Over the last 30 years, we’ve learned that speed is what enables companies to gain competitive advantage by adopting “early mover” status. Looking forward over the next 30 years, early movers will be the ones that survive and thrive. To that end, we can expect risk management to (a) become more integrated with strategy setting, business planning, performance management and sustainability; (b) provide more insights around identifying and responding to rapid change; and (c) offer information for decision making at all levels of the organization that is more timely, iterative and actionable.

[1] No Ordinary Disruption: The Four Global Forces Breaking All Trends, Richard Dobbs, James Manyika and Jonathan Woetzel, PublicAffairs, New York, 2015.


Previous Post

Latin America’s Most Common Reaction to the FCPA

Next Post

Tax Havens Remain “Least Transparent” Jurisdictions Worldwide

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

Fox_DOJ Speeches_f

Analysis of Recent DOJ Statements

by Corporate Compliance Insights
March 23, 2023

DOJ leaders provide insight into agency's plans. Analysis of Recent Statements DOJ Shaping the Future of Corporate Criminal Enforcement What’s...

Fox_2023 ECCP Update_f

2023 Evaluation of Corporate Compliance Programs

by Corporate Compliance Insights
March 23, 2023

Keeping up with 2023 changes to DOJ guidelines. Additions, Deletions & Changes From 2020 2023 Evaluation of Corporate Compliance Programs...

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

Next Post
Tax Havens Remain “Least Transparent” Jurisdictions Worldwide

Tax Havens Remain "Least Transparent" Jurisdictions Worldwide

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT