Risk management is about more than just the disclosures the auditors make your accountants put in the fine print when you release your financial statements and annual reports. And it’s more than the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. For example, from a supply management point of view, risk management is modus operandi for supply assurity when there is an average of 250 supply chain disruptions for public companies every month. (Source) And from a profit point of view, it’s value. Less money dealing with the financial and brand fallout from a disruption is more money spent on innovation to meet customer demand.
And, as per this recent Ernst & Young post over on the Harvard Business Review blogs, it’s money in the bank. Their recent research fund that companies in the top 20% of risk (management) maturity generated three times the level of EBITDA as those in the bottom 20%. Wow!
So why is this? I think it’s due to the fact that less than 40% of companies are actively managing (supply) risk to the level they should be. In 2008, a Marsh survey found that only 35% of organizations self-reported that supply chain risk management was moderately effective at their companies. In other words, 65% of companies did not have a risk management program that was at least moderately effective. In 2011, researchers at Vlerick Leuven Gent Management School and Ghent University did a supply chain risk management study and found that 64% of the companies have no one responsible for managing supply chain risks! That’s essentially 0 improvement in the last three years! And while the initial introduction of a risk management program will require a significant investment of talent, it’s not that difficult, relatively speaking. As the post says, the critical factors are communication, openness, leadership, framework identification, formal methods, coordinated planning, standardized monitoring, and occasional (stress) testing of the different facets. With the right leadership and training, everyone will be able to do their part. And in the end, just like the Global 50 consumer products company highlighted, in the post, the organization will have
developed a governance structure that allows it think about risk proactively, and has aligned its risk profile and exposures more closely with its strategy. Its governance leadership group and supporting management clarified the company’s risk appetite, defined its risk universe, determined how to measure risk, and identified which technologies could best help the company manage its risks. Aligning risk to strategy, by identifying strategic risks and embedding risk management principles into business unit planning cycles, enabled the company to identify and document 80% of the risks that have an impact on performance. This alignment of risk awareness and management practices, from strategy to business operations, enabled the company to monitor risk developments more effectively. Managers could keep the organization within acceptable tolerance ranges, driving performance to plan.
So just do it. You’ll double your EBITDA in the process!