McKinsey has published an insightful article that explores the value and resilience organisations can achieve, by implementing better and solid Risk Management.
The first key point that comes to mind as explained by the authors (Daniela Gius, Jean-Christophe Mieszala, Ernestos Panayiotou, and Thomas Poppensieker), is that “although the risk environment is growing more perilous and costly, leading companies are blazing a path to resilience and value by embedding strategic risk capabilities throughout the organization”. This is in fact true and we are already seeing many firms aligning their strategic approach around risk management, as well as with the decision making process.
As a result of their in-depth study, the authors have found that new types of digitised firms are exploiting the changes which are being constantly presented by technology advancements. On the other hand, this new complex environment is changing at an accelerating pace, introducing new risks of cyberattacks and breaches of new kinds.
On the other hand, the article also highlights that there is still progress to be made in regards to Risk Management at nonfinancial companies. The study concludes that these firms are not keeping the pace in regards to their risk management systems and controls while this evolution is happening. And many firms still fail to understand that this is a crucial topic for the boards of directors and senior executives.
Key Findings
In our view, these are McKinsey’s Global Board Survey for 2017 most relevant key findings:
- From over 1,100 respondents to McKinsey’s Global Board Survey for 2017, it was concluded that risk management remains a relatively low-priority topic at board meetings;
- Boards spend only 9 percent of their time on risk – slightly less than they did in 2015;
- Only 6 percent of respondents believe that they are effective in managing risk;
- Some individual risk areas are relatively neglected, and even cybersecurity, a core risk area with increasing importance, is addressed by only 36 percent of boards;
- While many senior executives stay focused on strategy and performance management, they often fail to challenge capabilities or strategic decisions from a risk perspective – a key issue nowadays where many firms are adopting a risk management decision making process;
- A reactive approach to risks still exists, with actions being taken post events
- Boards have a critical role to play in developing risk-management capabilities at the companies they oversee. However, there is still a long way to go. Boards need to ensure robust risk-management operating models are well designed and implemented. These models must allow firms to better understand and prioritize their potential risks and tie their performance against these risks, as well as integrating these models with their strategic objectives and decision-making process;
- The article includes a sectorial view of risks and some views on the current status of automotive companies, pharma companies, oil and gas, steel, and energy companies and consumer-goods companies;
- In general, McKinsey considers that “an approach based on adherence to minimum regulatory standards and avoidance of financial loss creates risk in itself”;
- In what regards strategic decision making, McKinsey points out the fact that “more rigorous, debiased strategic decision making can enhance the longer-term resilience of a company’s business model, particularly in volatile markets or externally challenged industries”. Research has shown that introducing a risk management approach into the decision making process, nor only improve risk-return compromises, as it improves corporate value and in turn better shareholder returns;
- Investments in product quality and safety standards can bring significant returns;
- Comprehensive and solid operative systems and controls can lead to more efficient and effective processes that are less prone to disruption when risks materialize;
- Ideally, risk management and compliance must be addressed as strategic priorities by corporate leadership and day-to-day management;
- McKinsey also highlights the concept of the three dimensions of effective risk management: “1) the risk operating model, consisting of the main risk management processes; 2) a governance and accountability structure around these processes, leading from the business up to the board level; and 3) best-practice crisis preparedness, including a well-articulated response playbook if the worst case materializes”.
Wrap Up
In the rapid fast paced world we live today, companies are facing an ever-growing risk environment. Different and adapted approaches to Risk Management must be adopted, based on lessons learned from the past.
The path to risk resilience that is emerging is an effort, led by the board and senior management, to establish the right risk profile and appetite. Success depends on the support of a thriving risk culture and state-of-the-art crisis preparedness and response. Far from minimal regulatory adherence and loss avoidance, the optimal approach to risk management consists of fundamentally strategic capabilities, deeply embedded across the organization.
Download the Article (PDF)
Click on the image below to download the full article. In alternative, you can click the link below to access the article webpage (a new browser window will open).
Article webpage: https://www.mckinsey.com/business-functions/risk/our-insights/value-and-resilience-through-better-risk-management
