Into the Board Room: Risk Professionals Contribute to Corporate Strategy
Today’s risk landscape is replete with stories about millions of dollars in data breaches, business interruption losses, supply chain disruptions, terrorist attacks and global regulatory requirements. With increasing frequency, senior organizational leaders over the past decade have turned to risk professionals for guidance on myriad complex risk issues.
The growing interconnectedness of risks has created an environment of rapid evolution in the risk management discipline. More than 20 years ago, a company’s risk manager generally focused on purchasing insurance and managing claims—roles that remain important. But risk professionals are now required to have a multidimensional view of their organizations’ exposure to complex and emerging risks and are often contributing to board-level decisions on business strategy.
Traditional Risk Management
In a few weeks, Marsh will release for the 13th time our Excellence in Risk Management report. Over the years, we have surveyed thousands of risk professionals and C-suite executives to bring forward relevant trends and issues in risk management. Looking at the changes we’ve seen, it is clear that insurance brokers and risk executives are increasingly focused on identifying and managing difficult and emerging risks and on using insurance in the broader context for capital efficiency.
While risk executives in the early years of our survey focused primarily on traditional approaches toward risks, several noted that a shift was occurring.
Back then, we used the labels “traditional,” “progressive” and “strategic” to identify the spectrum of risk management approaches. In 2006, 54 percent of organizations called their approach “progressive,” indicating there was a movement afoot. These risk managers were involved in such endeavors as alternative risk financing, business continuity planning and total cost of risk (TCOR) measurement. And importantly, they were reaching out to others in their company to talk about risk and its role in setting business strategy.
Risk professionals must have a multidimensional view of their organizations’ exposure to complex and emerging risks.
A Movement Toward Strategy
Strategic risk management views risk as something to optimize—not just to mitigate or avoid—and takes into account a company-wide view of risk. Risk is indexed against the organization itself, year-over-year and against competitors. Risk management information systems (RMIS), data and analytics and other innovations are playing a larger role. The goal is to make the organization “risk ready,” prepared for any eventuality.
More than nine years ago, strategic risk management was in its infancy. Most companies—75 percent—in our study said they needed to take a more strategic approach to risk management. Yet few (15 percent) considered their own approaches to actually be strategic. This was partly due to companies not yet realizing the advantages of such approaches.
Our 2009 survey during the onset of the financial crisis revealed an intriguing finding that risk managers were pulling back, with 39 percent highlighting traditional risk management tasks and just 17 percent focused on a more strategic approach. Yet, while risk executives focused on core elements such as risk identification, loss control and claims management, the crisis and other global factors pushed C-suite executives to increasingly turn to risk management as a strategic resource. Organizations were waking up to risk management’s ability to help anticipate risks and to navigate through the tough economic climate.
Evolving Risks, Elevated Role
Today, the rising volatility associated with global operating environments means that many organizations are looking to risk management for both information and insights. In 2014, 93 percent of C-suite respondents told us that risk management carries “some” or “significant impact” on setting their organization’s business strategy. During discussions that year, risk professionals highlighted their greater involvement as risk leaders and their integration into their organizations’ strategic operations. Risk management was more visible, with stronger reporting relationships and more frequent reporting to both the C-suite and their boards. It played a stronger role in informing and setting the organization’s strategic plan.
Greater collaboration with other departments is one reason behind the natural outcome of risk management becoming more strategic. Consider the use of cross-functional risk committees, which have helped generate broad-based conversations and alignment of an organization’s priorities and strategies around identifying, assessing and managing risk. By 2012, 90 percent of our respondents said such committees were “somewhat” or “very effective” in helping set risk agendas.
More to be Done
The broadening strategic role of risk management is moving this function beyond one that simply reacts to risk to one that exports knowledge into the organization. To meet this demand, risk professionals will need to:
- Harness data and analytics advancements for everything—from risk identification to risk finance—to move their organizations from a reactive mode to a predictive one.
- Enhance capital efficiency. One area of the opportunity is to use data, analytics and technology to improve insights for more efficient risk finance structures that are aligned with an organization’s risk appetite.
- Stay focused on the accelerated pace of change in the business and geopolitical landscape and the emerging risks that come with it. Organizations will benefit from risk professionals who keep looking ahead and are able to create organizational conversations around trends and the risk implications to their companies’ strategy.
Much has changed in risk management in the years since our first Excellence in Risk Management report. The accelerated pace of change and the growing global complexities will only continue to challenge the practice of risk management, and I look forward to bringing forward the important advancements in future studies.