Risk appetite statements, strategic leadership, and good governance

How are the most mature organisations and leaders managing risk

Boards and executive teams are expected to understand the nuances of risk from both a governance and business performance perspective. Having a clearly defined and communicated risk appetite will inform the organisation’s risk culture and lead to more appropriate decisions when seeking new opportunities and considering risk. 

The most mature and successful organisations have recognised the positive return on investing in their risk management programs. Measuring and managing risk on a piecemeal basis is better than not at all, but it misses a critical opportunity to improve risk resilience collectively ahead of risk being realised. Responding or preparing for each risk individually becomes more challenging when operating in a persistently volatile environment and we need better risk awareness, monitoring, advice, preparedness and response.  We are operating in a quickly evolving world where risks are increasingly complex and interconnected, increasing not only the impact of some risks, but also the contagion effect of realised risk.  Some good questions for you to unpack at your next board meeting include:

• What value do we place on reducing uncertainty by better understanding opportunities and risk?
• Would better prediction of business opportunities be valuable and how much effort is required?
• How do we successfully transition from an information and compliance-focused risk management, to a better program that links risk management to business performance?
• How can we better establish the relationships between different risks?
• How can we enable the board and senior leaders to consistently make informed risk-based decisions?

Once you have reviewed and ensured you have properly defined your organisational objectives, then contextualise these objectives within the organisation’s risk appetite to ensure synchronization between your company’s intent and your company’s actions. The objectives and risk appetite statements will be aligned by quantitative key risk indicators that readily identify areas requiring consideration or action. Within this framework, minimum standards in the form of policies, directives, and processes, are defined to ensure a systematic and risk-appropriate pursuit of opportunities occurs across your organisation. These risk-informed policies and standards become the guardrails for the organisation to operate within, and governance and assurance to occur. These risk-management processes help measure and manage risks through appropriate controls and risk remediation activities, and are the framework for ongoing enterprise risk management conversations.

The International Risk Podcast focusses significant attention towards risk management because this is an integral part of good governance and corporate management mechanisms that help guide organisations during business-as-usual and crisis situations, whilst continually orientating teams towards opportunities. An organisation’s risk management framework is composed of a series of tools and activities that enable them to identify and manage uncertainty, to identify and take opportunities proactively, and to take managed risks, not simply to avoid them. The Risk Appetite is a key component of a strong risk management framework that enables the organisation to establish up front how much risk they are willing to take to achieve their objectives.  The International Risk Podcast wants business and government leaders to make risk-informed decisions with regard to priority areas and hence facilitates the allocation of resources, the definition of management controls, and an understanding of potential consequences or impacts to other parts of the organisation of their actions and  to project implementation and monitoring. When developing its risk appetite, an organisation needs to consider the norms of the environment and the sectors in which it operates, its own culture, as well as governance and decision-making processes.

Good leadership and risk management

As a leader there are days when you are able to make a big difference and achieve your goals. You feel confident, energized, and understand the environment you are working in and all the external factors that might influence and impact your business. On these days you are your best self.

But on other days, you are pressured and rushed and find yourself asking, “where did that event even come from?” On these days, adding one more thing onto your to-do list can be overwhelming, or lead to compromised relationships, strategy, or health.

We need to realize that fixed goals, whilst helpful, can get us to behave in ways that make us keep going toward the summit in a snowstorm or to continue well past the appropriate turnaround time. Inflexible goals can people to drive businesses into the ground, when instead recognizing sunk costs and new opportunities could be a better direction.

For most decisions we make, we know very little in comparison to all there is to be known. Inevitably, after we make a decision, we learn new information. We have all had that feeling of, “if I had known then what I know now, I would’ve made a different decision.” That’s that feeling of new or hidden information revealing itself to you that would have changed your choice, or influenced you to make different strategic decisions.

Many companies treat strategy as a way of presenting to the board and to the investing public their ambitions for performance, and they confuse that with having a strategy. Some of it is the victory of finance as the language of business because we talk about shareholder return as the ultimate measure of success. Executives end up saying, “Our strategy is to achieve these results,” but that is not strategy.

Strategy is problem-solving. It is how you overcome the obstacles that stand between where you are and what you want to achieve. There are, of course, companies and individuals with brilliant insights into what’s happening in the world and how to adapt to or take advantage of it. They are great strategists. Think of water running through a valley.  That is strategy focused on moving through obstacles with least resistance to reach a desired position.

Alternatively, consider a backpacker with no time constraints and lots of possible directions of travel.  They are not focused on an endstate but instead employing an eastern methodology of “what is the best I can do with the cards I have in my hands right now?” and “What options do I have and what could I achieve with these cards?”

Statements about where we want to be as a company in three years is not strategy, that is simply a PowerPoint slide deck with a series of aspirations. I have heard strategy defined as “making choices ahead of time in the face of uncertainty”. But good strategy is much more nimble, aware, and flexible than that.

Higher volatility makes strategy even more of a problem-solving and risk management practice because you need to make decisions at a quicker pace and more often than in the past. Good decisions start with intelligence, which requires risk and opportunity monitoring and active risk awareness.

Summary on risk appetite statements and organisational objectives

• Organisation objectives define where we are going and why

• Risk appetite statements provide a guide to where we will focus our attention to minimise risks in order to achieve our objectives

• Key risk indicators are measurable and inform us whether we are operating within our risk tolerance. Key risk indicators help us understand our risk exposure

• Minimum standards are the policies and guidelines that direct our actions and provide benchmarks that we must adhere to in pursuit of objectives

Businesses need new approaches to build the risk resilience in these persistently volatile times. The most successful leaders will surround themselves with advisors with foresight to anticipate the next round of risks and disruptions, and capability for adaptation that will set the business on a foundation for successful and sustainable growth.