Should We Stop Just Talking About Risk Management?

Neil Patrick

Part 1 in a 2-part series

I’m passionate about managing risk as a valuable element of a sound business strategy. Fundamentally, risk management goes to the heart of a key question: How will you keep your business relevant now and in the future?

For me, one of the “secrets” in the value is encapsulated by the ISO 31000 definition of risk: the effect of uncertainty on objectives. Note that an effect can be either a positive or a negative deviation from what is expected. The board delivers a strategy through objectives, both of which are developed within a competitive context that changes over time. Management of major risks affects an organization’s ability to meet objectives and execute its strategic plan.

Don’t talk about risk management?

To put it another way, if your business can’t link the risks it is managing to a business objective, you’re wasting time and resources and probably don’t fully understand risk management.

Documenting and assessing risks and developing mitigation strategies is essential for a modern, agile, competitive business. But unless the risks are integrated across silos in a consolidated reporting framework and the impact of this output is linked back to objectives, the goal for doing the work is decoupled and isolated from vital information inputs to decision-making.

So perhaps we shouldn’t be talking about managing risk, but something more like objective uncertainty management, focusing on the outcome, or the real value, of risk management.

In addition to being an essential element in developing a sustainable and resilient business, this also represents the operational execution and cultural development necessary to meet the multitude of corporate governance codes around the world. Corporate governance essentially involves balancing the interests of a company’s many stakeholders (shareholders and investors, management, customers, suppliers, employees); government; and the broader community they operate within.

Brand management spans many business functions

I’m not a marketing expert, but let’s consider an example of brand value as an objective.

In 2013, 37% of organizations worried that lack of trust in business would harm their company’s growth. That jumped to 58% in 2017 (PwC 2017 study “20 Years inside the Mind of the CEO…What’s Next?”). The other factors in decreasing influence are product, external validation, cost, and deployment. (Interestingly, product is not top.)

Reflecting on my own 20+ years of experience in the software industry, it’s hard, and often fragile, to rely on product differentiation to beat the competition. There are so many products out there, and so much information about them, it’s challenging to isolate the exact features and functions of a product that are core to one’s requirements. From this evidence, developing and sustaining brand is one of the most important things an organization can do.

According to Interbrand (Best Global Brands 2011), there are 10 factors present in the top 100 companies (brands). The companies are ranked according to how brand affects the organization, from customer expectations, financial performance of its products or services, the purchase-decision process, and its strength.

Four internal factors:

  • Clarity
  • Commitment
  • Responsiveness
  • Protection

Six external factors:

  • Relevance
  • Authenticity
  • Differentiation
  • Consistency
  • Presence
  • Understanding

Turning this around: how does one consciously direct these factors to develop a strong brand as a core business objective? Clearly, an organization’s ability to communicate its stance on these factors, and a strategy to meet the brand objective, cut across the entire business:

  • Tone at the top, execution in the middle
  • Bottom-up evidence and control testing to assure that the culture reaches all levels in the organization
  • All processes and procedures
  • Policies
  • Training and reviews
  • Line management styles
  • As an umbrella, stewardship
  • Management of financial and operational risk

Next time

In Part 2, we’ll take a look at a company’s ability to manage its data—since it’s topical at the moment—as a more tangible factor influencing brand management.

This article originally appeared on the SAP Analytics blog and is republished by permission.

Follow SAP Finance online: @SAPFinance (Twitter)  | LinkedIn | FacebookYouTube


Neil Patrick

About Neil Patrick

Dr. Neil Patrick is a Director of SAP Centre of Excellence for GRC & Security covering EMEA. He has over 12 years’ experience in Governance, Risk Management and Compliance (GRC) & Security fields. During this time he has been a managing consultant, run professional services delivery teams in the UK and USA, conducted customer business requirements sessions around the world, and sales and business development initiatives. Neil has presented core GRC and Security thought leadership sessions in strategic customer-facing engagements, conferences and briefing sessions.