By Riaan Bekker, Force Solutions Manager at thryve
It’s not true that risk management is only for large, stock exchange listed, enterprises. Any businessperson would agree with this statement. Running a business is inherently risky. Costs, margins, stock, staff and assets all require some consideration to keep them safe and productive. Locking your doors, paying your business interruption insurance, and ensuring your fire sprinklers work are all risk-related activities.
So why is it such a leap from essential business risk management to more integrated versions? If you had a more nuanced view of risk in your business, you could do much more. Risk takes on additional dimensions. It’s not only about those things that can sink you at a physical level, but also the opportunities that you can exploit if you could mitigate some of the problems you’d encounter. As they say, risk and reward go hand in hand. Yet many medium-sized companies seem to only focus on the risk and never consider the reward.
We could argue that a more nuanced view of risk only belongs among large enterprises, but this is nonsense. Medium and small companies are more agile and willing to take chances. So why don’t they? Because you don’t know what you don’t know, and making that leap of faith is often more than a medium business can tolerate.
To establish that tolerance, that business needs to realign its risk culture to reflect the following:
● Risk is not just a compliance or shareholder assurance function: Find ways to showcase risk as creating value to the organisation.
● Expand the three lines of defence: Revamp your risk model to move beyond just focusing on broad risks, oversight and auditing to more a collaborative culture.
● A holistic view of current and emerging risks: Move risk management out of the corner it’s tucked in, and showcase it as a vital business tool.
● Increase nuance and visible horizons: Use data and business integration to scan deeper into horizons and spot nuanced risks nearby.
● Leverage turnkey digital risk management platforms: Create a digital risk management beachhead with turnkey software that you can scale as you grow.
The first four elements rely heavily on the last point: access to the right software technologies. This is the real reason why many companies are not enriching their risk management capacity. Traditional enterprise risk management (ERM) software tends to be elaborate and expensive. Even in the cloud era, such systems still expect considerable integration and customisation. Large enterprises have the appetites and funds to tackle those complexities.
But medium-sized businesses don’t. It’s not practical to start their ERM journey by diving into the deep end of risk management software. And yet they must do something. As the Riskonnect whitepaper, Harnessing Risk Management, explains, agile and proactive risk-management is very necessary to make a business responsive to both market opportunities as well as emerging risks such as cybercrime.
A new generation of ERM solutions is addressing this gap. Xactium Risk is an example of affordable, turnkey risk management platforms that can quickly conform to a business environment and then grow as its risk management evolves. If you’re still managing risk on a spreadsheet for reasons of cost, process or just plain convenience, Xactium is the gateway to modern risk management that also creates flexibility and opportunity.
Staff can collaborate vertically up and down the chain of command and horizontally across business functions on different risks. Potential investors see the levels of risk reporting and oversight that they expect in larger organisations. Risks can be aligned to performance objectives, not just avoiding the unthinkable. Insights – not only of risk but other areas as well – become a part of the company’s way of operating. Capturing risks, and developing key risk indicators and controls, become a part of daily operations—all without the cost or complexity of large enterprise risk software.
I’ll close with a thought: risk mitigation is no longer about buying insurance. That is one strategy in a bag of different tricks. The size and depth of that bag reflect directly on a company’s strategy, process cohesion and operational visibility. Risk isn’t a silo. It’s integral to taking the pulse of the business. Large organisations know this. So do medium enterprises, but they’ve never had a seat at that table. Through Xactium Risk and thryve, they now do.