Looking beyond business-as-usual tasks and to-do lists, what are risk leaders' big-picture plans for 2024?
1. Say no to low-value risk activity
Challenges in elevating top-down, strategically focused risk management is a recurring theme for many members with a number of common causes identified.
Notably, the risk function often sits in Legal, Finance or Operations, which tends to result in risk activity that is overly weighted to compliance, audit or health and safety.
If risk maturity is low in the business, line two usually ends up doing the work of line one. Even if a company hasn't formally adopted the 'three lines of defence' model, this problem still presents itself, as group risk is often called upon to manage individual units' risks.
A lack of clarity around responsibilities can mean the risk team is constantly delivering 'low-value' activity, which doesn't garner visibility or acknowledgement at the leadership level.
Easier said than done? Here are some ideas shared by CROs:
Create a list
"We have gone right back to the fundamental question, 'what should a line 2 risk function be doing?'. It's literally a list with ticks and crosses, and we ask businesses if they agree with it. It's effective because it gives us something concrete when we need to say no."
Solve problems that matter
"Any issue that comes in gets given to us, because we know how to solve it. And we want to demonstrate our value so we do it. But we need to evaluate what we spend our time on against business and team objectives"
Be explicit about trade-offs
"If the business is asking us to spend more time in a new area (e.g. projects), we need to be more explicit about what this means for things we won't do. What will the impacts be for the business?"
Tell people what you expect
"My boss asked me recently, 'as a CRO, what do you expect others to do?' It sounds straightforward, but do we ever really quantify it — especially for the executive —what risks actions we want them to take? '"
Download this article for more tips from CROs.
2. Tell everyone "I told you so"
A key idea shared by CROs, especially in strategic contexts, is to use issues or incidents as conversation starters to demonstrate the value of the Risk team.
This is not about saying "Risk was right", but rather, taking an opportunity to show how the risk process might have helped to identify, assess, monitor and mitigate the risk at hand.
“Risk leaders should form the habit of running retrospectives on major deals, projects, or other initiatives. Evaluate which risks materialised (and which didn't), and investigate why. This promotes a risk culture of continuous improvement and transparency. It also helps to boost risk education.”
Risk Leadership Network member
CROs debated the usefulness of quantitative indicators to show Risk's value to the business. All agree it is difficult to metricise, particularly when translating risk impact onto financial value.
One risk leader shared their experience of creating dashboards for this purpose. "They've been good for 6 months or so, but then the next priority comes along and suddenly those metrics are less relevant. We don't want to create a rod for our own back."
Instead, focus on building trust with your senior executive and giving comfort to the board on the quality of the information you are providing. Ultimately, those two groups need to become your biggest advocates for the value Risk delivers.
3. Use horizon scanning to align Risk and Strategy
According to CROs, horizon scanning is a natural area of alignment between Risk and Strategy.
Seek out Strategy leaders to talk about threats and opportunities and ask how they're identifying these within their planning process. You can then demonstrate how Risk undertakes tasks through the horizon scanning process.
Highlight the role that Risk can play in creating internal context for external issues. Companies with robust risk appetite frameworks can start to use their appetite and tolerances to give structure to conversations around strategic initiatives.
Bringing together risk, data and technology also creates vast potential for delivering insights.
How will CROs continue to collaborate in 2024?
CROs and heads of risk in our network value collaborating with other risk leaders on where they want to take their function.
We'll continue to support these members by facilitating targeted collaborations in response to their specific priorities - through virtual network meetings, one-to-one calls, bespoke benchmarks, and tailor-made tools. Occasionally, we allow prospective members to get involved in these collaborations to see the network in action and understand how we support our members. Please request an introductory call to find out more about getting involved.