Enterprise risk management’s (ERM) guidance must also be consistent and sufficiently precise.
Much too often, business leaders make decisions with a significant effect on revenue or operations that are too risky or too cautious, and go against what corporate officers or board members would want them to do in that situation.
Indeed, more than one in three of 221 risk liaisons – employees in the line that help translate risk management practice for the ERM team – surveyed say they observe material choices that stray from the company’s 'risk appetite'.
Examples abound on both sides, and risk managers in CEB’s member network have witnessed many. On the overly risky side, one saw a business unit launch a product that exposed the firm to one of the exact geopolitical risks the CEO had decided to avoid.
In the overly cautious column, risk managers have seen a business unit invest much less in 'transformational innovation' than the executive committee had spent hours discussing – and agreeing – was necessary to achieve the firm’s long-term goals.
Three Things to Keep in Mind
Many ERM teams try to address this issue by making the firm’s stance on risk-taking more explicit. At most companies (65%), this means drafting a formal risk appetite statement.
Yet far fewer take the extra step of communicating the agreed-upon levels beyond the leadership team. Interviews and surveys of both risk executives and the risk liaisons, who are ERM’s eyes and ears on the ground, show three things to keep in mind when trying to strengthen the link between risk appetite and business decision-making:
1. Consistent guidance is most important: More than six in 10 risk liaisons surveyed say that risk appetite guidance at their firm isn’t consistent with other management guidance.
For example, as the quarter end draws near, the pressures to hit targets increase. Mixed messages confuse business leaders about how to move forward and lessen the likelihood that they’ll consider the risk appetite in the future.
ERM teams will profit greatly from asking business managers about where they get conflicting messages and then working to identify and resolve the root causes of this inconsistency.
2. Provide a precise understanding of risk appetite: Only 32% of ERM leaders say they communicate the risk appetite to the business at large. In fact, some leadership teams believe that these threshold articulations should remain a secret within that small group.
This is a mistake: business leaders won’t be equipped to make the correct choices if they aren’t aware of how their decisions fit within the organisation’s risk framework.
Make sure that you describe appetite statements in a way that makes sense for the specific kinds of decisions business leaders make regularly. Ultimately, it’s about communicating the risk appetite in a language that they can understand.
3. Don’t waste time on what doesn’t matter: Improving the ERM team’s support for the line’s decision-making or making business leaders more accountable for the decisions they make are not helpful ways to ensure that business decisions align with risk appetite, when compared to being given consistent guidance or having that risk appetite translated into a precise understanding about what it means for the kinds of decisions they have to make (see chart 1).
Chart 1: Relative impact of drivers on decision alignment
Multiple regression results; n=162 Source: CEB 2016 Risk Liaison Survey
Note : Dependent variable = Decision Alignment; R²=0.27. Results for Decision Support and Accountability were statistically insignificant and so depicted as zero.
Create an actionable framework to align decision making with your senior leadership’s appetite .