The days, absolute monopolies in the business industry are gradually coming to an end as continuous business enhancement comes into demand. This in turn requires robust evolving/emerging risk management that has clear business continuity in mind. Having said that, the question arises, “Could my product line become obsolete/irrelevant?”

As risk management stands in between good governance and acceptable business objectives, it is important to keep the balance between these various expectations. If it is overly skewed towards one goal, risk management then becomes less effective. In order to mitigate uncertainty in the decision making of risk management, the Chief Risk Officer (CRO) or head of equivalent position must command the right experience, the technical know-how of risk management and the strong trait of leadership to ensure its continued independence.

Being independent is easier said than done. An effective CRO would know how and when to intervene and escalate material that matters to various levels of authorities. Senior Management Team and Board member have various different approaches in managing as well as understanding a particular risk. An effective CRO would take the time to evaluate and understand each and every member of the committees to gauge the right amount information for sharing. Additionally, a good CRO should know when to escalate risk to a higher authority with guided and structured framework. The use of key risk indicators/risk tolerance limits/risk appetite should guide and facilitate the CRO on when, whom and what needs to happen when certain tracked risks emerge and requires immediate action and attention. To bear in mind, Senior Management and Board members dislike escalation of false alarm which triggers unnecessary action and attention.

In earlier write ups, I mentioned about KRIs/risk tolerance limits which forms a foundation for what, when and how to measure risks as well as the set of action plans to mitigate risks. While that may sound easy to understand, the challenge lies in the details of appropriate KRIs for the use of the risk taking units. The advantage of KRIs/risk tolerance limits is that it can be used to track all types of risks; financial and non-financial risks.

Similarly, risk tolerance limit could also be mobilized to gauge and assess level of market risks (which is financial risk in classification) which requires immediate attention or level of alert when it hits certain risk threshold - value at risk or earning at risk. Incident, loss date or event is another popular tool to assess and gauge the strength of the existing or current internal controls to manage foreseeable risks. This tool is also useful in gauging whether the risk taking unit has already gauged and assessed the newly identified risk for consideration. While traditional risk management tools focus entirely on normal market conditions, these tools are meant to assist in gauging situations that are beyond normal market conditions. One of the worst case scenario analyzes that could lead to the question of business continuity is imaginary situation of massive customers’ information leak leading to legal actions as well as punitive regulatory action. The key scenarios are basically the worst case situations that are beyond business appetite risk that they are willing to take. Robust risk management provides stewardship to strong business acumen that could forecast business opportunities. Risk management does not tell the risk taking unit what to do exactly however it alerts them of the potential consequences. Even if risk is materialized, business could still accept risk by increasing its appetite for more risk exposures that are beyond its pre-agreed threshold.

The key is to escalate such situation to a higher authority with clear set of action plans if the increasing level of risk is accepted.

Check out: Top Risk Management Solution Companies