How CEOs Can Fix the Flaws in Their Risk-Sensing Programs

Risk-sensing flaws present an immediate opportunity for the CEO to personally ratchet up the relevance and performance of the organization’s risk-sensing program. They also present an opportunity to gain alignment regarding which strategic risks the program should detect.

Risk sensing should identify risks to competitive advantage, market position, and financial performance in the businesses and support senior-level decision making. So, rather than isolating risk sensing in an ivory tower of technicians, CEOs should relate it to strategic business issues and integrate it into the risk management and risk governance programs.

“CEOs are responsible for ensuring that strategic risks are detected, tracked and addressed.”

The current risk environment makes this the perfect time to correct any flaw in your organization’s risk-sensing program, which might include:

  • Risk sensing may fail to focus on strategic risks. While most companies use risk sensing, they apply it most often to financial risk (71%), compliance risk (66%), and operational risk (65%). They apply it less often to strategic risk (57%) although those risks tend to do the most damage.
  • Programs may lack the right people. While two-thirds of companies believe they have people with the right expertise running risk sensing, a troubling one-third is unsure that they do.
  • Some companies devalue external viewpoints. Many respondents (40%) believe that external parties have more objectivity about risks than insiders. Yet half are uncertain about the value of external viewpoints, and 10% disagree that outsiders can more objectively analyze risks. The latter may indicate dangerous internal cognitive biases, which only an external viewpoint can correct.

As a relatively new capability, risk sensing can be defined, configured, and implemented in various ways to develop a robust, relevant, and effective program.

Here are 4 steps toward establishing such a program, which Deloitte has implemented internally.

  1. Identify the strategic risks. Prioritize the major risks to the organization and the data to be monitored, metrics to be tracked, and triggers that will prompt specific actions.
  2. Define the required elements. Identify the applications, human analysts, and other resources needed to monitor strategic risks, as the necessary workflows and the analyses, flags, reports, and dashboards that constitute useful output.
  3. Configure the platform. After initial setup, review the early results and connect them to relevant economic, industry, and technology trends, and launch (or relaunch) the program.
  4. Monitor the program. Continually sharpen the analysis, adjust program scope, improve reports, and deepen insights.

Though it’s easy to see risk-sensing narrowly or as a set-it-and-forget it mechanism, CEOs are responsible for ensuring that strategic risks are detected, tracked and addressed. Risk sensing is integral to these efforts. Again, the current risk environment makes this the time to adjust or upgrade your risk sensing program.

To download a copy of the report, “Risk Sensing: The (evolving) state of the art” please click here.

 

 

Henry Ristuccia :Henry Ristuccia is Governance, Regulatory & Risk Strategies Leader, Deloitte Touche Tohmatsu Limited.