Orchestrating enterprise risk management (ERM) has been saved
Orchestrating enterprise risk management (ERM)
How successful CROs bring art to the science of risk management
Chief risk officers (CROs) have always recognized the value of science to help them manage risk. Now, they are seeing the need to develop their communication, facilitation, and other soft skills to bring an artful approach to effective risk management. To succeed today, CROs are striking a balance between the art and the science of risk management.
- It’s mostly been about science
- Why art, and why now?
- 2019 highlights
- A new program
- Working in concert
It’s mostly been about science
If art and science constitute two tenets within effective risk management, in recent years science—that is to say, the quantitative and technological side of risk—has arguably become the dominant one. Technologies for capturing, monitoring, and analyzing data now generate a rich base of information. Data visualization and real-time communication provide timely tracking of many risks. Site-specific and risk-specific tools have multiplied to the point where many risks can be quantified and monitored.
Yet risks have become more numerous, interrelated, complex, and damaging. Strategic and reputational risks have proliferated. Conduct risks continue to morph in unpredictable ways, constantly outpacing organizations’ abilities to anticipate them. New cyber risks emerge as rapidly as organizations adopt new technologies. Every innovation in areas ranging from business models to operating systems, from supply chains to compensation plans, poses new risks to the organization and its stakeholders, as well as new competitive and regulatory considerations.
Why art, and why now?
Successful CROs recognize the value of the science of risk, but also intentionally develop their soft skills and deploy them to drive an effective culture. They see their role as one of orchestrating the diverse and often siloed elements of risk management to create an integrated whole. They help people to grasp the parts they play in risk management and guide them to work in concert by speaking the broader language of business. And they consciously develop their communication, facilitation, and other such skills to bring art to the science of risk management.
Today’s CROs take their role in the orchestration very seriously, and realize organizations now face challenges that the science of risk management can’t address on its own, such as:
- Risks are now too varied and dynamic to understand without ongoing human insight, which can be obscured by purely technical solutions.
- Site- and risk-specific tools tend to reinforce siloed approaches at a time when risks are interrelated and more prone to generate knock-on effects.
- Myriad risk-related processes and tools demand coordination and integration to provide visibility into the organization’s true risk profile.
- Lack of coordination among risk management functions and the business obscures risks, increases costs, creates gaps and overlaps and generates risk.
- Lack of effective risk culture results from failure to promulgate risk consciousness through practical policies and procedures, adequate job training, and robust decision support.
- Risk management often lacks a seat at the table when decisions are made, technologies are considered, and initiatives are implemented.
Addressing these challenges demands a harmony of art and science. It’s up to the CRO, or the executive accountable for enterprise-wide risk management, to strike that balance. CROs can begin this effort by deepening their understanding of themselves and of those in the risk management and business functions.
Our perspective on the art of risk management emerged from both Deloitte’s 2019 survey of CROs and the St. John’s University Center for Excellence in ERM Spring Summit at Carnegie Hall.1
- Deloitte’s 2019 risk management survey found organizations that invest in risk management and link it to strategic goals typically achieve higher growth. Yet our survey also found many organizations struggle to realize the value and desired outcomes from their risk management programs—often due to failure to coordinate and integrate risk management.
- The St. John’s University Center for Excellence in ERM Spring Summit focused on risk culture, the role of risk management in organizational transformation, and how companies have artfully embedded risk considerations into decisions, plans, and initiatives over the past 10 years.
In both instances, successful risk managers revealed themselves as working to balance the art and the science of risk management.
A new program
The CRO works with people in every part of the organization: operations, technology, finance, accounting, marketing, sales, purchasing, human resources, legal, and facilities management. Managers in each of these functions have different concerns, priorities, and points of view, which means that the CRO needs a wide repertoire of communication and facilitation skills.
Given this and the evolving challenges that organizations face, CROs now need to:
- Position risk management as an insight-driven, business-focused resource rather than a compliance-driven, policing function
- Enable senior executives, the board, and business managers to look beyond risk indicators and reports to see the total risk landscape and enhance readiness and resilience accordingly
- Assist the organization in adopting new technologies with a true understanding of their risks as well as their possibilities
- Facilitate proactive communication about risk at all levels to strengthen the organization’s risk culture and responsiveness to change
- Coordinate approaches to risk to promulgate successful methods and ensure that all elements of the risk management and governance infrastructure work together
- Foster teamwork around responses to risks and risk events, often among people with diverse goals, priorities, specialties, and points of view
- Secure a seat at the table when senior leaders make key decisions and formulate major initiatives, to ensure that all risks are identified, considered, and mitigated
These tasks demand people skills and the emotional intelligence that informs effective communication, facilitation, and coordination. These fall under the art of risk management and they’re essential.
Working in concert
The Carnegie Hall event, which was attended by more than 100 risk executives, placed a spotlight on the findings of Deloitte field experience and research, which point to six specific approaches that bring about connection, coordination, and change. Successful senior-level risk managers work to:
In sum, successful CROs respect both the art and the science of risk management—the art because people need coordination, direction, and inspiration; the science because the business needs facts, data, and tools to operate effectively.
Keep your balance
It’s no accident that some of the most effective CROs don’t have risk management backgrounds, but do understand strategy and risk, people and priorities, art and science. CROs need data and information and the tools that provide them. They also need to build relationships, prioritize needs, and deploy communications in ways that connect with the audience, optimize resources, and create a culture with an awareness of risk and of the importance of risk management.
In practice, a balance of art and science can enable CROs to succeed on the multiple fronts on which they must address risks.