As organisations roll out their 2023 strategies, ERM teams want to ensure business decisions have a risk lens applied. This must start with a solid and embedded Risk programme. Here, we highlight five of the most common risk priorities and goals being set by risk leaders this year.
While it is unsurprising to have major risk themes like appetite and emerging risk remain at the forefront of risk leaders’ minds, we are also seeing an increased focus on enhancing control frameworks and other priorities among our network of risk professionals.
Below, we have summarised five key priorities of risk leaders right now – these topics will form the basis of collaborative discussions held in the network this year, as well as guide the tools, templates and other content delivered for members. You can also read about some of the methods risk leaders are already implementing to tackle these priorities.
By setting effective goals, risk leaders lay the foundation for good risk-based decision-making and support their business to achieve its strategic objectives.
1. Embedding climate risk into strategy conversations
Many risk leaders have flagged climate and ESG risk as some of their priority areas for the year ahead.
So, what are some of the main actions risk leaders are planning around climate risk?
- Link top threats and opportunities to the enterprise within ESG framework – for example, is there a financial risk associated with failing to address sustainability and thereby losing part of the customer base?
- Develop science-based targets around ESG and link these to organisational goals – for example, if you aim to achieve net-zero emissions by 2050 (according to our TCFD Reporting Comparison Tool, the majority of companies have set this target), this may link to organisational goals such as diversifying the supply of products and investing in more electric vehicles
- Build an effective ESG strategy to allow the business to achieve its sustainability goals (e.g. carbon neutrality by 2030)
Reporting on climate risks to external stakeholders and the public also remains a focus for many companies in 2023. To help them with this process, members of Risk Leadership Network are using our constantly evolving TCFD Reporting Comparison Tool to monitor what other businesses are including in TCFD disclosures, as part of their annual report.
Did you know, for instance, that while 90% of TCFD disclosures mention specific risks and targets that the business wants to achieve, just 65% mention opportunities associated with climate risks? Furthermore, just 23% of TCFD disclosures include a reference to the financial impact of climate risks.
2. Building risk appetite frameworks
Building an effective risk appetite framework and embedding this throughout the organisation remains a major challenge for risk leaders in 2023. At the heart of this priority, risk teams are turning more attention to cascading down an awareness of risk appetite through the business, and determining what the organisational response should be when risk appetite thresholds are breached.
While some companies are at a fairly nascent stage – still needing to set risk appetite with their board and develop risk appetite statements – other businesses are looking to take the next step. For example, how can an organisation link risk appetite to the board and executive leadership team’s decision-making process?
According to more mature businesses, this can require engagement with key stakeholders in the form of interviews – giving the risk team the information and perspective they need to draft a risk appetite statement – and the executive leadership team (ELT). If the ELT endorse the statement, it will be easier for the risk team to engage with the board on risk appetite and align themselves with senior leaders’ goals.
3. Implementing effective controls and documenting them
Implementing effective controls has become an increasingly popular topic of conversation over the course of 2022 and remains an area of focus for risk leaders as we move into the new year.
One of the big challenges around controls expressed by several organisations across the network is getting the rest of the business to understand and document controls properly, while others have noted an increasing pressure from regulators to prove the effectiveness of their controls. It will be important to address these issues in 2023.
4. A more mature approach to emerging risk
How do businesses incorporate an awareness of, and responsiveness to, emerging risks within everyday processes? This is one of several key challenges around the topic of emerging risk that members want to tackle in the next 12 months.
From specific actions like building a dashboard of emerging risks to make them easier for the business to monitor, to the broader goal of increasing the organisation’s emerging risk maturity, risk professionals have set themselves a range of targets in 2023.
In order to optimise their emerging risk approach, here are just some of the steps more mature businesses are taking:
- Perform identification and review workshops with both internal and external parties, offering the business a wide range of perspectives
- Set up traffic light and other graphical indicators to highlight and prioritise different emerging trends in ARC and board reporting
- Coordinate with stakeholders around the business on responses to emerging risks growing in likelihood / impact/ velocity
On the point of emerging risk maturity, we have recently rolled out an improvement roadmap to help members scale up the maturity of their business. Insights from this body of work have been captured in our recent guide to emerging risk, which you can read here.
As well as offering practical steps on how to identify and manage emerging risks, this article also gives you key definitions and advice on how to use emerging risks to make better strategic decisions.
5. Finessing cultural and behavioural indicators
As ever, establishing a good risk culture across the business is a key facilitator of success in other aspects of risk management – as a result, culture remains a key focus area for risk leaders as organisations look ahead to the rest of the year.
Similar to the maturity model product we have around emerging risk, we have built a risk culture maturity framework and self-assessment tool to help risk leaders determine better practice and to benchmark where their business sits relative to other organisations.
Members are also taking advantage of our library of risk culture metrics, which practising risk leaders are using to monitor culture within their organisation. Just some of the metrics risk teams are monitoring include:
- Number of issues and incidents reported – how engaged is the business on risk, and are people confident to speak up?
- Completion rates of risk training modules – are employees taking part in training and developing their awareness of risk?
- Success of incentives – if the business is using perks and other opportunities to get more of the business involved in risk, are these positively impacting engagement?
How do we collect risk leaders’ priorities?
In order to help our members address some of the major challenges and projects they are tackling within their respective businesses, it’s important for us to identify their risk priorities. We collect these at the start of membership and regularly review them with each member. The five priorities highlighted in this article are the most common across all current priorities of members.
We act on member priorities in different ways. First and foremost, each member communicates regularly with their dedicated network manager about the key obstacles they are trying to overcome and the goals they want to achieve.
Using this intelligence, we facilitate member meetings and bespoke opportunities that give risk leaders a platform to collaborate and discuss their risk-based challenges and practical solutions.
We also prepare deep-dive reports, tools, templates and other content to help members solve their problems, all of which is developed using insights and experiences from our wider network of risk professionals.
How do we collect risk leaders' priorities?
In order to help our members address some of their key challenges, it’s important for us to identify their risk priorities. We collect these at the start of membership and regularly review them with each member. For more information, click here