How business leaders can mitigate, contain and prevent risk

Operational risk, possibly more than ever before, is top-of-mind for various industry and business sector leaders. This could well be the result, or a symptom of, all that has happened around us in recent months due to the global pandemic, and possibly even the previous years due to other factors hitting the business segments: economic instabilities; inappropriate social, environmental, economic and political activity and events; the ever-increasing demands from both the industry-specific requirements as well as market shifts; and from the ongoing refinement of international standards and legislations.

In essence, there is growing realisation that an enterprise-wide view of risk management is simply good business practice! This has led to a greater commitment to, and focus on, the need for reliable methods for measuring and managing operational risks.  So, what does managing operational risk entail?

In a nutshell, this involves getting a clear oversight of your systems, processes and people, to proactively prevent failures that lead to costly financial and reputational damage.  

Operational risks have three major characteristics.

Characteristic #1: endogenous – Operational risks are specific to the facts and circumstances of each company. They are shaped by the technology, processes, organisation, personnel, and culture of the company. By contrast, market, credit and insurance risks are generally driven by exogenous factors.

Characteristic #2: dynamic – Risks are continuously changing. Risk changes alongside business strategy, organisational evolution, processes, technology, competition, etc.

Characteristic #3: evolution – It is safe to say that the most cost-effective strategies for mitigating operational risks involve changes to business processes, technology, organisation and personnel. Such changes need to be in anticipation of the everchanging environmental sphere within which we operate. Contemporary businesses are particularly keen to develop business strategies that align with risk evolution.

Characteristically, the process begins with an assessment of factors that can spring uncertainties, which can also impact existing and future business objectives. Organisations need to ensure that fail-proof assurances are built into the process design to prevent/minimise opportunities for risk to occur in the first instance (built-in Poka Yoke approach!). This generally needs to be complemented with effective controls that need to exist at all stages. The earlier the controls are established in the risk journey, the more effective the risk detection and mitigation mechanism will be (draw the parallel with Jidoka). Generally speaking, operational risks are best discovered, controlled and mitigated using a multi-faceted approach which can alleviate numerous risks concurrently.

The first step has to be the effective identification of core processes, their activities, and operational parameters. This should be followed by a second step, which is a concerted effort to simplify business processes, primarily curtailing manual activities, as well as the number of people and exceptions that feature during the implementation of specific processes. Reducing complexity in different processes radically mitigates operational risks.

The third step involves the reinforcement of a corporate culture in terms of organisational ethics. Every stakeholder in an organisation needs the direction and comfort of a strong ethical compass, based on personal values and principles, as well as values embedded in a strong corporate culture, backed with the appropriate skill set.

This might seem obvious to many, however, having the right people in the right jobs can reduce issues pertaining to business process execution and skill, as well as technology usage. Measures in this regard also result in proper workforce utilisation, adherence to timelines, enhanced quality and consistency, and fewer errors and process breakdowns.

Once the right people are in place, it is time to put the spotlight on monitoring and evaluating activities on a regular basis, through the use of Key Performance Indicators. KPIs can prove critical for the timely detection and mitigation of risks, provided they are continuously monitored and reviewed. They also help identify and manage discrepancies proactively and effectively.

Too many organisations appear to stumble when it comes to effecting periodic assessments of all facets of operational risks. This kind of corporate discipline, which could involve, among others, the routine gauging of regulatory obligations, IT assets, skills, competencies, processes and business decisions, allows companies to be risk-ready, apart from proving critical in supporting organisational management.

Like any individual, learning from past experience, especially mistakes, helps organisations develop and grow stronger. Risk incidents and related remedial measures employed in the past can contribute to some of the most effective strategies to counter future risks. In general, previous risk occurrences also help to implement a stronger, proactive operational risk management framework and support real-time changes that suit the current operating scenario.

All the above should be tied together by an effective monitoring and reporting process, with particular emphasis on timely reporting of key information to senior management and the board of directors, to support proactive management of risks. A culture of risk awareness and open communication will prove invaluable towards effective operational risk governance, and towards making sure that your organisation features in the headlines for the right reasons.

Ing. Joseph Micallef is a freelance Consulting Advisor, bringing with him over 30 years’ worth of experience across various sectors. Working in areas related with quality, lean, business process transformation and project execution and programme management he can be contacted directly on m +356 9982 2244 or e: [email protected]