Think HBR


Michael Mahabeer
Prosperity Advisers Group
With the commencement of a new financial year, now is the time to stop and think about how your organisation has weathered the risks in the year gone by and plan ahead for the future. If you are one of those businesses that has fared well in 2017, then it could be down to a case of good risk management or good luck. Sound and effective Risk Management is the best way to manage your risks rather than relying on good fortune, especially as you try to navigate through the challenges ahead in 2018.
Risk is not only about threats but also about forgone or lost opportunities.
With change being a constant, businesses need to be agile to be able to respond to the challenging and evolving risk landscape. In the year ahead, being prepared + proactively adjusting + timely response = agile.
Risks to look out for in 2018
To be agile, you need to consider risk management a priority and devote appropriate time to risk management activities. Some of the top risks likely to be faced by businesses in 2018 include:
• New technologies (increased connectivity, nanotechnology, artificial intelligence, drones etc.)
• Disruptive business models & innovation coming to market (e.g. Uber and the taxi industry, Airbnb and the hotel industry)
• Macroeconomic developments and government policy directions
• Cyber incidents and privacy breaches
• New regulations
• Negative events that can damage a reputation.
Risk Appetite Statement and Enterprise Risk Management Framework
Having in place an effective Enterprise Risk Management Framework supported by a Risk Appetite Statement should be an integral part of your business. Embedding of a risk culture within your organisation is the next step towards business success. A mantra that should permeate across your organisation should be: “Risk is everyone’s business – not just the management team”.
The risk appetite underpins your group’s strategic and business planning process. It involves the board of directors or owners setting the risk appetite within which management operates, highlighting those decisions outside of risk tolerances which need escalation to the board or owners.
This could mean management is not authorised to accept risks that are assessed as “Extreme” or “High” which requires board/owner approval. For example an offshore expansion or a new product development.
An Enterprise Risk Management Framework refers to the overarching structure by which the organisation organises itself for managing risks.
These include things such as:
• Defining the Risk Response Strategy (determining appropriate actions such as avoidance, reduction, taking alternative actions, sharing or insuring or just accepting the risk)
• Articulating risk definitions and risk rating criteria
• Developing and actively maintaining a Risk Register
• Defining accountabilities and responsibilities for risk management
• Defining the risk management process for your organisation
• Using watch lists to monitor emerging risks etc.
The key is ensuring that the level of risk management sophistication is appropriate to your business and seen as a value adding aspect to running your business. It should never be a ‘tick the box’ approach or be in isolation to the core activities of the business.
Negative Events and Reputation Risk – Ethics Management
Managing your organisation’s reputation and brand as well as demonstrating your commitment to being a good corporate citizen means having in place the necessary systems to enable this. It is very much a part of sound risk management.
One of the neglected areas in managing business risks is considering the impact of negative events on your reputation and on your business, especially in the area of ethics. All it takes is for a small issue or event to snowball out of control and the next thing you find is that you are embroiled in controversy and embarking down the road of managing an ethics-related media crisis.
The last twelve months have seen a number of high profile reputations damaged through ethical misconduct matters raised by whistleblowers. These organisations failed to put in place an appropriate mechanism for wrongdoing to be appropriately raised, especially from an anonymous source, with the result that some whistleblower’s took the last resort which was to air their grievances through the media and bring events to a head.
Good governance on ethics starts at the top, and should pervade through an organisation, becoming an embedded part of your culture.
Consideration towards introducing an external independently managed hotline for individuals to raise concerns should be a key consideration in the year ahead.
Reasons why Ethics and Ethics Risk Management should be on your agenda
• Sweeping new legislation is on the way. A Parliamentary Inquiry is currently underway looking at legislation change around Whistleblower systems and protections;
• Engaging your people as an employer of choice. Active policies and procedures backed up by a hotline supports and encourages reporting of wrongdoing;
• Providing assurance to your stakeholders that you have the required systems in place for identifying damaging allegations within a safe environment and that these are properly managed before they snow ball out of control, thus protecting your brand;
• Demonstrating that you are a good corporate citizen who values the input from your staff and others relating to wrongdoing even if it means some short term pain.
Now is the time to consider your risk management, and Ethics management response for the year ahead.
For help in understanding your risks and developing appropriate strategies, including an independent whistleblower system, contact Prosperity Advisers on 1800 855 844 for a confidential discussion.
Michael Mahabeer2 Michael Mahabeer
is a senior adviser providing risk, assurance and ethics services to a diverse client base including private businesses, large corporates, state and local government and not-for-profit groups. Michael believes that when organisations actively manage their risks they become more competitive, agile and employers of choice. He has extensive experience with risk and internal audit across Australia and South Africa. In the last six years Michael has gained considerable experience working on fraud and whistleblower activities in the private and public sector.