Writing

We sat down with one of Deutser’s newest leaders to discuss his approach to risk management, and how it aligns (or should align) with a company’s culture and more.

What is risk management?

Risk, by definition, is the uncertainty around the effects of any activity or situation. Risk management is the infrastructure for identifying and dealing with those uncertainties to either control the probability and impact of unfortunate events or to maximize the realization of opportunities. 

You’re in charge of Deuster’s new Risk practice. Can you describe what that entails?

Our new Risk practice is here to help your company or organization define a deliberate and coordinated approach to identifying risks, exposures, and opportunities that are currently not on your radar, including emerging risks and those that occur over longer time horizons (i.e. changing technology or regulation). Our consultants will help you make better decisions about the risks you want to avoid versus the types and amount of risks you are willing to take, which enables you to allocate resources to maintain your desired level of risk.

What attracted you to Deutser? 

I am excited to be here! I was immediately attracted to the uniqueness of Deutser’s approach towards consulting, including the “human approach.” I was especially drawn to the organizational development concepts in the Deutser Clarity Institute. I have been on the receiving side of organization development in previous leadership roles and understand the importance of leaders harnessing improved performance through empowering people in the organization. Additionally, I immediately saw a synergy between risk management and the other consulting services that Deutser offers. The opportunity to launch a risk management practice with Deutser utilizing my experience was ultimately what I was seeking.

You know that Deutser is obsessed with culture. In your mind, how do you see culture and risk interacting with one another? 

This is a great question, and why I was so excited to join Deutser. One of the most important elements of successful enterprise risk management is the risk culture. Is there consistency on how risk is viewed within the organization from top to bottom? When there is bad news, is there a fear of reprisal or is it safe to speak up? Are we too comfortable maintaining the status quo or are we willing to seek opportunities to improve? A strong risk culture is one where there is a unified view on the acceptable types and amount of risk an organization is willing to assume, where bad news is embraced and where there is a constant drive to improve. Since culture is such an important area of emphasis for Deutser to improve engagement and performance of our clients (and ourselves) through empowering employees, I see a tremendous opportunity to extend our culture work to include risk. Employees understanding the importance of managing risk will ultimately help move the needle in the right direction.

We talk a lot about our ‘human approach’ to the work we do. How would you define taking a ‘human approach’ to risk management? 

We touched a little about this with ‘risk culture’ as this starts with the right behaviors by pretty much everyone within an organization. But it also acknowledges that every organization is unique, thereby requiring a tailored approach towards risk management.  It will only come from understanding where a client is with respect to risk management that we can help them identify and prioritize critical next steps in the short and long term.

Why is looking at your company’s risk important? 

If 2020 has shown us anything, it is that companies should never get complacent when it comes to managing risks. How many businesses identified a one-in-a-hundred-year pandemic as a risk that needed to be managed? We are also experiencing a rapid pace of change today compared to what we have seen previously. What used to be something that companies did every five to ten years to reinvent themselves and remain competitive they now have to do almost routinely in terms of transformation or continuous improvement initiatives against the rapidly changing landscape. Adequately managing these risks and opportunities in the current environment has never been more important.

What are some high-level categories of risk that every company should be thinking about, regardless of industry? 

Some of the risks on everyone’s radar include social and economic instability, cyberattacks, climate concerns and, now, spread of infectious disease. But instead of focusing solely on these big-ticket items, I believe it is more practical for organizations to look at their own strategic risks, which requires an in-depth understanding of their organization, target audience, market sector, competitors, and the environment in which they operate. With this context, organizations can target specific risks relevant to them associated with changing technology, regulation and competitors.

What are some common mistakes companies are making with regarding their risks? 

One mistake is with a view of risk management. There is a tendency to view risk management as solely eliminating or preparing for hazards that businesses face in their operations with an emphasis on those events that can occur instantly (i.e. the dreaded phone call that no one wants to receive). This is undoubtedly important and results in strong safety procedures which should never be diminished. But we already noted that there are many types of risks (and opportunities) that face a business with many different time horizons, including those that develop over months or years. Though there are some risks that businesses want to avoid, there is an appropriate amount of risk that businesses should take. It is just a question of what type and how much risk is appropriate for them.

Another mistake is understanding who manages risk. Whereas some think that risk is managed by a centralized risk function or department, risk needs to be managed by those closest to the activities with a framework governed by the risk function. I need to emphasize this because I have actually seen resistance by business leaders who have said that there is a difference between managing risks that can occur overnight (i.e. operational accident) compared to managing a business over several years (i.e. successful execution of business plan). This is obviously not accurate as risk management is a critical component of operating a business. In fact, it is the mismanagement of the risks that occur over a longer time horizon that have the most devastating impact on a business (i.e. Blockbuster, Nokia).

For more information on risk management services and what Deutser can do for your organization, feel free to reach out here.