Five questions on managing risk in the midst of volatility
An interview with Mark Carey, partner, Deloitte & Touche LLP and National Enterprise Risk and Governance Leader.
In just about any business, managing risk has been a little like keeping order on a storm-tossed ship. The environment is always changing, creating new challenges with every passing day. But over the past few years, it has frequently felt more like being caught in hurricane-force winds, when it’s hard enough to know which direction is up. Get used to it. Volatility is widely expected to dominate the business environment for the foreseeable future. In fact, when Deloitte and Forbes Insights recently surveyed leading U.S. executives responsible for risk, we found that 91% plan to reorganize and reprioritize their approaches to risk management in the coming three years. Nearly 80% said this was due to market volatility over the past three years.
All of which opens the door to a host of questions about how to manage risk in the face of such extreme volatility. In this issue of Risk Angles, we ask Mark Carey, partner, Deloitte & Touche LLP some pressing questions about this important issue. Then, Henry Ristuccia, partner, Deloitte & Touche LLP and Global Leader of the Governance, Risk and Compliance practice offers his perspective on utilizing technology to help stay ahead of risk in the coming years.
|We’ve already weathered the most volatile business environment in decades — so why change now?||Not so fast — businesses are not done with volatility yet. For evidence, look no further than recent business headlines. Looking for harder evidence? Most of the leaders we recently surveyed indicated that financial, strategic, and operational risks could become even more volatile over the next three years. Bottom line: Just because you’ve made it this far, doesn’t mean you’re ready for next wave of potential risks.|
|Who should be leading the charge?||When it comes to managing risk through periods of volatility, the buck usually stops with the CEO, CFO or CRO. Keep in mind, however, that a truly Risk Intelligent approach engages virtually everyone in the organization to some degree.|
|Should we be more worried about a particular type of risk?||In addition to traditional risks such as regulatory change, government spending, and the global economy, there are some new risks entering the picture. For example, today social media is increasingly identified as a core risk. In fact, in our recent survey it was identified as the fourth-largest source of risk, partly due to its ability to act as an accelerant to other risks. So not only should you stay on top of known risks, you may have new ones and even unknown risks to contend with as well.|
|Shouldn’t the Enterprise Risk Management (ERM) program suffice for managing risk? After all, we’ve made some big investments in ERM in recent years.||Yes, ERM has an important role to play in managing risk through periods of volatility. The difference is that many organizations have recognized the need to change their approach to managing risk. They’ve elevated risk management within the organization and reorganized the ERM program in response to the current environment.|
|Our business is still undergoing some fundamental changes, due in part to recent market volatility. Shouldn’t we focus on making those changes before revamping our approach to risk?||Sounds great — but that’s a luxury that most of the company leaders that I frequently speak with just don’t have. The good news is that embedding a Risk Intelligent approach to volatility doesn’t have to wait for perfect conditions. After all, it’s important to remain agile when facing a storm.|
A Closer Look: Utilizing technology to help stay ahead of risk
Henry Ristuccia, partner, Deloitte & Touche LLP and Global Leader of the Governance, Risk and Compliance practice.
Think about the most recent time your business encountered volatility. At those moments, the first things experienced leaders seek out are facts. Because they know that to make informed decisions when it matters most, they need the right information. But in many organizations, that’s precisely the moment when they start seriously questioning the quality of their information, their ability to interpret the signals coming from that information, and the mechanisms in place for transmitting data-driven insights throughout the organization. Whether the problem is outdated, incomplete, or inaccurate information, too much information, not enough, the wrong people getting the right information or vice versa — to name a few familiar challenges — information is at the heart of the issue.
For anyone looking to solve these problems, technology is often the place to start. While it’s clear that information challenges cannot be solved by technology alone, risk management technologies have advanced dramatically over the past few years, deserving a closer look.
Consider that as little as three years ago, risk management tools didn’t offer the ability to scan for regulatory updates, monitor online chatter, or even send automated process alerts using workflow. Today, these capabilities are a standard part of the toolkit for risk-focused executives seeking to keep risks such as compliance and reputation in check in the midst of rising volatility.
If you’re giving technology another look, here are three key criteria to help guide your decision:
- Efficiency and transparency. Advances in tools for tracking, documenting, and reporting risk information can help companies reduce costs while improving the information’s reliability, availability, and timeliness
- Awareness and alertness. New capabilities for monitoring the internal and external environment for signs of risk events, and for integrating information across risk management and business silos, can help companies recognize and respond to risk events more quickly.
- Analysis and insight. Modern business analytics and visualization tools can help companies extract valuable insights from both risk and operational data. For instance, analytics can help companies develop quantitative metrics for “intangible” value drivers such as reputation, forecast the likely impacts of a particular risk event, and identify relationships among apparently unconnected risk factors that might escape the unaided eye and mind.
Of course, all of this presumes a close, active collaboration between risk leaders and their counterparts in IT. If that collaboration isn’t in place today, there’s no better place — or time — to get started.
See how you stack up!
We recently surveyed leading U.S. executives responsible for managing risk their opinions on the issue of continued volatility. Visit our website to take a short benchmarking quiz — and get a customized report comparing your answers to theirs.
Download the Risk Angle above.