The business climate is more cut-throat, faster-moving and less forgiving than ever. According to one estimate from Willis, the average enterprise will experience a crisis once every eight years.
Many will suffer long-term damage and some will not survive at all. The risk environment, meanwhile, has become vastly more complex, driven by the extraordinary pace of globalisation and technological changes.
The risks businesses faced even 20 years ago were conceptually more straightforward than they are today: many of the biggest risks businesses face now are intangible and interconnected—such as reputational risk, cyber threats and supply chain vulnerability.
Partly as a result of the speed at which reports travel, spurred by 24/7 news and social media, firms and their board executives are therefore exposed to intense scrutiny. Reputations built over years can be trashed within days.
Growing pressure on boards
Understandably, this can be a bewildering environment for non-executive directors who are increasingly expected to take responsibility for risks that fall outside their own experience. In the UK, for example, the independent regulator responsible for corporate governance recently issued guidance stating that boards will now be expected to take ultimate responsibility for risk management.
This is a trend we are witnessing elsewhere across Europe and America. It is, therefore, an alarming fact that, according to McKinsey survey data, almost a third of UK companies say their boards have “limited or no understanding” of the risks their companies face.
Aside from a governance imperative to understand risk, these companies are missing a trick: our research has shown that companies with a thorough understanding of risk management at the very top of the company—starting with the non-executive directors—are more likely to prosper and, crucially, increase profitability.
We know from our research that boards are waking up to the importance of good risk management. Yet directors sometimes admit that they do not know where to begin, and they have plenty of other demands on their time.
Rethinking risk leadership
In light of this, we at Airmic think that a new approach to risk leadership is needed across businesses to help boards execute their growing risk responsibilities in a way that contributes to commercial success.
In particular, we recently argued in a report written with think-tank Tomorrow’s Company that all companies should consider appointing a dedicated executive risk leader, reporting to the board.
This role is not just about helping the business avoid risks; it is about enabling the board to embrace risk with a higher level of confidence so they can turn risk management into a strategic advantage.
It is not practically feasible for board members to receive detailed papers on all risks facing the company in today’s environment. But if companies were to have in place a single voice to lead the risk agenda, they could feed into the board a 360-degree view of the company through the lens of risk.
Such a person would be able to navigate the risk agenda over both the immediate and longer-term horizons and could link risk to the business model in order to drive business performance and financial success.Such a person might be a chief risk officer, or a slightly different role, depending on what works best for the company.
But whatever the job title, the role holder must—and this is imperative—be able to see and integrate the risk agenda for the whole business. They must also be in a position to understand and influence the wider business model and manage the risk agenda accordingly.
This will include an ability to look beyond the horizon and gain an appreciation of how the external environment can impact the business. Certainly, risk leaders will require independence and assuredness.
Strategic success
Taking a successful approach to risk management is about much more than the ability to avoid disaster. It is about linking sound risk management to achieving strategic success. Creating a risk leadership role is not, therefore, about removing responsibility for risk from the board.
In fact, the opposite is true. A risk leader should be an enabler at board level—in other words a means of helping board members to cut through the complexities of today’s business environment and see the risks facing their business in a clear and strategic way. Companies that are successful in doing this will have the confidence to be more enterprising and entrepreneurial—and to seize opportunities.
John Hurrell is the chief executive of Airmic, the UK association for risk managers and insurance buyers.