Towards a new risk managemen culture ?

The COVID crisis has shown us more than ever that managing risk in a resilient company  must be based on a continuous, cyclical, iterative, and forward-looking approach. This means putting in place effective risk monitoring and review mechanisms. This is an important step. It enables a company’s decision-makers to make any necessary adjustments in a timely manner.

A good risk manager must always keep a watchful eye on the course he is taking, like a pilot at the controls. The crises that have shaken our world in recent years demonstrate that risk management is not just an exercise in anticipating potential risks. It is an approach that involves refining the data available on known or anticipated risks in order to assess their criticality, control their impact, better neutralize or eliminate them, mitigate their effects, and monitor their outbreak.

Risk management must be based on an effective feedback system between employees and decision-makers, based on continuous monitoring and dialog. Such a system would make it possible to control risks more effectively and thus take the necessary decisions quickly when faced with any threat.

“Risk Management is an approach that needs to be institutionalized and needs to be embedded in the DNA of every organization. It is a vital approach. It allows us to identify, analyze and quantify in a timely manner any type of threat that could harm a company’s business”.

Should you use continuous control to minimize risk?

The implementation of a permanent control system is also an important factor in securing processes and differentiating a company from its competitors. Through permanent control, the risk-based management approach takes the form of a structured, iterative process. It enables the creation of a risk map, which leads to a forward-looking analysis that identifies the various risk situations (non-compliance, operational risks, investment risks, etc.) that may affect the company’s activities. The starting point is to identify the company’s various business processes. Once this is done, the next step is to identify the various risks that are likely to reduce the effectiveness and efficiency of the existing processes.

it is worth highlighting that what makes the risk management process particularly complex is the multitude of risks that can arise, for example, from late or inappropriate decisions or poorly implemented strategic directions, but also from inappropriate governance or a lack of internal agility. There are also external risks, such as a health crisis or climate change event. Then there are IT and technical risks, this time linked to the explosion of cybercrime, exacerbated by the massive use of telecommuting in recent years. Then there are the operational risks triggered by falling productivity due to high staff turnover or frequent strikes.

“Risks are generally identified on the basis of the experience of operational staff, but also on a forward-looking basis by the various actors involved in control. Risks are then evaluated based on their frequency and impact”

Next, the risk manager is asked to draw up a checklist in advance of any activity or project that may involve potential or specific risks for his company. This exhaustive checklist, developed through discussion and consultation, should be based on a comprehensive and accurate census.

Adopt a 2.0 vision of risk management

In any risk assessment process, the risk manager must move away from simple reporting logic and opt instead for predictive risk analysis. To achieve this, the risk manager can, for example, turn to emerging technologies (artificial intelligence, big data, etc.) that will help him or her to produce even more reliable, relevant and profiled automated analyses of the various hypothetical risks. The risk manager will also have to work on defining preventive measures in order to best achieve his objectives, while immunizing his company against internal or external threats that could mortgage or damage its business.

There is another mindset that must be adopted to protect against the vagaries of the economic climate: strategic resilience. Resilience refers to a company’s ability to adapt to and survive crises. Strategic resilience is not so much about how we responded to a past crisis as it is about our ability to emerge stronger and more resilient. It’s about anticipating everything that could damage a business and prevent it from generating revenue. It’s this ability to bounce back from crises that keeps us moving forward. But it doesn’t stop there. Strategic resilience gives a company an undeniable advantage over its competitors, helping it attract more customers and increase market share. It also builds trust and helps create shareholder value

In this respect, the implementation of a customized enterprise risk management system helps companies to better consolidate and enforce their resilience. It also makes it easier to establish a link between growth, risk and results, while enabling them to better identify and assess risks and set acceptable levels in line with objectives.

Finally, the risk manager must work to promote a culture of risk management within his or her company, in particular by organizing forums to encourage discussion of risk-related issues and by working to strengthen the skills and autonomy of the company’s teams through ongoing training.

Younès Mirrane – General Control Manager
Contact us