The future of risk management | Operational Risk | Deloitte Netherlands


The future of risk management

Risk Powers Performance

Risk management as a corporate discipline has only been around for a couple of decades. Since the mid-1990s it has grown rapidly and expanded into new areas of control, and becoming more compliance-driven – think of Sarbanes-Oxley, Basel, and Solvency. As such, can risk management be a rewarding and effective instrument? And is it truly futureproof?

Risk Powers Performance research

The word “risk” has been around since Greek Antiquity. For entrepreneurs, risks are part of the game. No pain, no gain. Or maybe, in today’s world: no risk, no innovation. However, having worked with countless organizations in this field over the last few decades, we have noticed that many of them struggle to make the discipline rewarding and effective. It seems as if they are uncomfortable about the way their risks are managed. Has risk management become too rigid and bureaucratic? Do people involved in risk & control processes always know what they are doing, and why? Are human judgment and metrics balanced? Is risk management aimed at challenging boundaries or rather at preserving them?

Clearly, agility and innovation are prerequisites to be futureproof. If risk management has indeed become more of a burden than a tool for future success, how are organizations responding?

In order to find out if our observations are correct, we are currently conducting the Risk Powers Performance research, in close collaboration with Nyenrode Business University. This means we are assessing our vision of risk management and possible solutions with some of the leading C-suite executives in the Netherlands. How do they feel about this topic? Do they share our observations? What are their perceptions on current risk management and what challenges are they facing?

The conversations that we will have with C-suite executives will be focused on the following themes:

Identifying with the organizational purpose

For instance, what we have noticed is that risk management has developed into a compliance-driven type of discipline, which is probably not a very inspiring way of working. How do organizations respond to that? How to keep employees motivated and enhance their commitment? What helps, in our view, is organizational purpose – the basic question of why we are on earth. Purpose is not identical to objective – objectives being e.g. “making money for the sake of money”, or compliance to laws and regulations. Such an objective provides direction but no meaning. Purpose on the other hand adds meaning and significance to what an organization and every individual is doing. It is linked to intrinsic motivation, which makes people experience their work as significant and interesting and which enhances creativity and dedication to results.

Empowering employees

What also helps – or so we believe - is decentralized decision-making. People need to be able to make choices themselves, learn how to improve and understand how their activities contribute to a bigger purpose. This is why a new risk management system cannot be based on purpose only. Empowered employees are just as important. If risk management is strictly based on controlling people and processes, the result can be that employees are afraid to make mistakes, lose their sense of responsibility and commitment – and in the worst-case scenario might even become fraudulent. A risk management approach that is based on trust and confidence will encourage people to grow, feel responsible and act pro-actively, thus improving their awareness and risk management skills.

Facilitating transparency

True empowerment also involves transparency. If employees have free and unfettered access to the information they need, they are more easily able to make the right decisions. Also, if they feel that making mistakes and being honest – or transparent - about their mistakes is all right, that will help them to learn. We believe that such an environment of trust and transparency will improve risk management. After all, risk management based only on prevention has become impossible. Incidents will happen. What does help, is risk management based on resilience: on being alert, responding adequately and learning from incidents. New technologies and data analytics – when used for resilience instead of heavy control – can help.

Boosting performance

We feel that such an approach to risk management will boost performance. To use a sports analogy: some professionals in motor sports are said to use risks – and data analytics – to their advantage. Instead of adhering to the “rule” that their vehicles cannot take a turn at more than so and so much miles an hour, they ask their team members to monitor what will happen if they speed up just a little – and then a little more. That is how risk management can be of true value for businesses: when it is not based on impossibilities, but on opportunities.

Again, we are very curious to find out how the C-suite executives involved in our Risk Powers Performance research feel about angles such as transparency and empowerment – and more. What are their views on traditional risk management, calamity management (Black Swans), and strategic risk management? How do they respond to (global) social themes that might impact their organization? What is their risk appetite? The results of the research will be published in May 2019.

More information

Feel free to contact Rob or Birthe via their contact details below.

Did you find this useful?