I coordinate a 200-people Enterprise Risk Management process that has a quarterly risk update activity.
While still a structured process, it is not as scientific as the risk assessment activities under Operational Risk Management, and it is on purpose like that.
From risk analysis perspective, it is very “subjective”, but still a very good tool in the strategy execution.
Why? Because:
➡ It’s SIMPLE. Like any other process supporting the strategy execution, it needs to be simple. Try running a complex and sophisticated complementary process when the Executive Team has just started a new initiative and then watch the reactions.
➡ It makes (a wide range of) employees THINK ABOUT THE FUTURE. What is another process in the company that involves so many employees and management levels and pushes them to think about the future? I am not aware of any.
➡ It pushes for ACTION. In my quarterly risk update process, people get very excited about all those likelihoods and impacts. They are non-scientific, so just a guess, but still very engaging. 😊 However, the main reason for doing this activity is not to measure precisely the risk level. It is to review controls and take actions when we identify gaps.
➡ CONSTANT REAPPRAISAL. The context can change quickly and unpredictably. You know what I am talking about: economic crisis, pandemic, wars, 19 July CrowdStrike incident. We use this quarterly process to understand those changes and to react to them.
➡ BOARD ASSURANCE. It gives the board the required assurance that the business is well managed, from risk and control perspective, so the Executive Team can keep concentrating in delivering the strategy.
In this quarterly process, I try to put my whole vision of what strategic risk management approach means to me:
· Experience of the past
· Actions in the present
· Imagining the future
Posted initially on LinkedIn: Claudia Craia
