/ Home / Risk and Executive Management awareness

Risk and Executive Management awareness

in
 
Macroawareness of risk – is this really a reasonable expectation of executive leadership and the board?
By Joe Long, Solomon Joseph Consulting
 
Although it can be argued that there is nothing new under the sun, today’s business climate mirrors nothing like we have seen in the past. Over the last decade, the speed of the news headlines is only rivaled by society’s appetite for more and more news. From daily blogs to twitter to the myriad of news channels covering every business nuance worldwide, top executives for large organizations are expected, if not required, to stay on top of everything that has the potential to affect their business. Therefore, in spite of the very real threats of terrorism, pandemic, global warming, global economic meltdown, supplier bankruptcy, cyber attacks, etc.; the single biggest threat to directors and officers right now is the inability to sustain ‘Macroawareness’.
 
 
It is our belief that through proactive steps to shore up the resiliency of an organization thorough Business Continuity and risk management practices, senior leadership can feel reasonably comfortable that their operations can absorb and recovery from a major disruption. Of course, this assumes that the disruption stems from some internal ‘meltdown’. However, as we are all witnessing today, the things that may permanently destroy an organization are often factors beyond their control. For illustrative purposes, let’s consider GM’s bankruptcy announcement in 2009. It is reasonable that a number of key debtors and creditors were in the loop. The dealer network was probably given a heads-up, and I would suspect that a whole swath of tier 1 suppliers were manning their ‘war rooms’ to contemplate the impact of a GM bankruptcy. In this case, the directors and officers of the companies tied to GM would have a reasonably easy time preparing for what some saw as inevitable.
 
Now if you turn the same situation around and select a supplier bankruptcy as the ‘flashpoint’ for a downstream customer disruption, how would the situation change? Would the customer have immediate insight into this unfolding situation? Will there need to be a need to implement the Business Continuity plan (if it covers this type of event) or call for an emergency meeting with the board to consider options? If an emergency meeting is called, will the board challenge the CEO on why he/she was unaware of the situation with one of the company’s suppliers? Was this risk contemplated in the ‘risk factors’ of the most recent Form 10-K?
 
Depending on where this supplier ranked on the organization’s list of critical suppliers, this situation may not have created a major problem for the customer. In addition, if the customer had a relatively robust process for assessing supplier resilience on an ongoing basis, this issue would have probably been flagged up well before the supplier announced bankruptcy. In both examples above, an organization’s ability to deal with major issues is inextricably tied to key leaders having access to good information at the right time.
 
So how can directors and officers bolster their Macroawareness? One suggestion is to pay closer attention to those who manage risk throughout the organization. To do this, an organization must adopt a fully integrated approach to resilience where both strategic and operational risks are constantly monitored and regularly reported to senior leadership. Unfortunately, risk and resilience too often become add-on agenda items that are easily cut when there are too many meeting topics.
 
As a result of this seemingly benign disconnect, senior leaders subconsciously undermine their own Macroawareness in favor of strategic issues they deem to be more business critical (e.g., service/production, revenue, quality, cash flow). To overcome this attitude, some companies are now looking to fully embed risk management into all facets of their operations to better protect people, revenue and reputation.
 
Author: Joseph E. Long, ARM, CBCP, is the founder and managing director of Solomon Joseph – an operational risk consulting firm based in Tampa, Florida. He is a highly experienced senior risk management professional with nearly 15 years of experience in the automotive, aerospace OEM and management consulting industries. Contact:  Joe.long@solomon-joseph.com
 
Continuity Forum Comment
 
In this interesting piece Joe Long points to what is often at the very heart of risk management an almost unconscious lack of focus on risk management issues. The pressure on company executives to perform is well known, they are after all well paid for it, but this leads to other problems that can impact quickly and seriously upon organisations if they have not been diligent and implemented proper measures to control the risks that face their organisation. 
 
Joe asks the question use a broad awareness of risk a reasonable expectation? Well we feel it is more than a reasonable expectation and we would go further and suggest it is an absolute responsibility. The plethora of regulation and legislation may be beyond the detailed expectation on executives, but they should be ensuring that all these aspects are covered by their organisations systems and processes. There is no doubt in our minds that one of the reasons there seem to be real disconnects between the executive management of companies and the reality on the ground when it comes to risk management and business continuity issues is that the executive would prefer not to have the responsibility.
 
Chief executives around the world carry huge responsibility for the financial performance of their organisations, yet they also carry the responsibility that how those organisations achieve that performance. For some the temptation not to spend time and money considering what might go wrong, or perhaps just having a cursory approach, seems reasonable... Well at least until the crisis or disaster strikes.
 
Experience over the past 10 years has shown us exactly how risky the world is, we also know that organisations can be more properly prepared, they can invest relatively small amounts in building structures and processes that will proactively reduce the risks and the consequences of disruption. Now the question isn't whether or not this investment actually works, there is more than enough evidence of this. The question is actually whether or not we wish our companies to be more responsible? And of course how we are going to hold to account those that are reckless or that do not take their responsibilities seriously.
 
Following the stresses created by the financial meltdown seen over the past two years there is a general consensus that market reform is on its way. Part of that market reform is likely to be a reconsideration of how risk is measured and managed, it will also likely include what risk and continuity measures companies will have to have in place. 
 
To gain the best value for all through this reform process we would argue that Joe Longs point of macro awareness and the associated responsibility be put front and centre. We do not expect every member of the board to become Risk or Business Continuity professionals, but we would hope that the skills and opinions of our profession would hold greater sway in their thinking.
 
To comment on this article please email us at feedback@continuityforum.org