Transform Risk Management from a Tactical Function to a Strategic Partner

By: Alex Toews, Risk Solutions Manager

January 15, 2020 in Risk Management

Business Strategy Via ChessThe risk management function today, bolstered by advances in technology, contains vital data that can inform executive decision-making and support business strategy. Risk management professionals have details about the enterprise’s business units, functional areas, products, services, processes, and dependencies at their fingertips. They know how the business works, can identify roles and responsibilities, and can trace relationships and accountability. They also have the power to aggregate, visualize, and assess data contextually. Unfortunately, risk management and business strategy occupy separate spaces in most organizations, so the data and insights risk management personnel could provide are not seen, heard, or acted upon – to the incalculable loss of the business.

In the white paper Driving Value from Risk Management to Influence Business Strategy, you will discover four steps to transform risk management from being perceived as a tactical function to being welcomed as a strategic partner. In brief, these steps are:

Step 1: Understand Enterprise-level Objectives, Outcomes, and Metrics

The first step for risk management professionals begins with fully understanding enterprise-level objectives, outcomes, and metrics. Objectives might include increasing revenue, launching a new product, providing customer support in a timelier fashion, and so forth. These objectives, which are strategic in nature, are broken down into specific business outcomes such as increasing production by a certain percentage or publishing a set number of upgrades or enhancements each year. The business outcomes, in their own turn, are tracked and measured by business metrics and key performance indicators (KPIs). For example, inventory turnover (a business metric) informs the decision of how to optimize investment in inventory (a business outcome), which can lead to improved profit margins (a business objective).

Step 2: Correlate Business Objectives with Risk Management Activities

With a firm understanding of business objectives, outcomes, and metrics, risk management professionals can assess how enterprise-level concerns correlate to what risk management is doing on a day-to-day basis. For example, production line performance (a business metric) is dependent upon regular equipment diagnostics and maintenance – an area that can be readily tracked and reported on by the risk management area. With a correlation established between a risk management activity and a business outcome, risk management personnel have the opportunity to bring a new level of value to the enterprise.

Step 3: Establish Leading Key Indicators that Tie to Business Outcomes

Once a correlation between business strategy and operational risk metrics has been identified, risk management personnel need to establish a leading key risk indicator (KRI) that has a direct relationship with the desired business outcome. To continue with the example used above, a KRI that tracks when equipment diagnostics and maintenance have taken place can be used to send a proactive alert that certain equipment is due for service. This enables the maintenance organization to take action to avoid a disruption on the production line, benefiting production, customer service, and revenue.

Step 4: Present Metrics that Support Decision-Making

It is not enough to correlate operational and enterprise-level matters and establish a leading KRI that ties to a business outcome. Risk management professionals must present metrics and KRIs in their business context – addressing a specific senior or executive audience – so that they will drive action. For example, a risk management team might demonstrate to the company’s Chief Technology Officer how a new KRI will show which core systems require upgrades in order to support critical operational processes; this represents meaningful context for that executive.  When the right context is established, the audience listens. The CTO can now identify the investment and resources required to update key systems to achieve business objectives.

Driving enterprise value from operational insights requires both time and commitment on the part of risk management professionals. However, once that value is proven, risk management will no longer be viewed solely as a tactical function: it will also be seen as a strategic partner that contributes vital intelligence necessary for the long-term growth of the enterprise.

To learn more about how to implement these four steps in your company, download the whitepaper Driving Value from Risk Management to Influence Business Strategy today.