Given the Washington Circus and the global confusion, it’s safe to say that macro risk is on the rise. From Artificial Intelligence to Global Warming, there are few who doubt that civilizations around the world may be rushing toward an inflection point in history. Hopefully, it won’t be a zero-sum situation. But, one never knows. As individuals, as well as corporations and institutions, we all need to be thinking about risk mitigation
So, what should CEOs be doing to help mitigate the growing uncertainties of our time?
Identify the “Killer Risks”
While there is a universe of risks out there, it is important to prioritize those with the greatest impact. There are specific industry risks as well as “macro” risks (War, economic depression, Hyperinflation, global health epidemics, and all the other dystopic events). While industry risks are a normal part of doing business, myopia can be dangerous. While most of us just shrug-off the macro risks, take a look around at Brexit, Trumpian politics, the middle east hairball, North Korea, and global warming just to name a few. But have you seriously considered “what if” and developed any ideas of how to react?
Who is responsible for Managing Key Risks?
Is there sufficient expertise and knowledge about the key risks? Should time and resources be allocated to obtain a certain level of knowledge about key risks, and who should be held accountable for developing potential scenario solutions? Indeed, the risk is not always defined in terms of growth and profit. Sometimes it may mean physical threats that can transform into a financial threat. One growing threat is industrial espionage and hacking sensitive information.
Are we taking enough risk?
Existence is about risk. Responsible leaders, as well as individuals, take a proactive approach to their lives and responsibilities. Risk and reward are the underlying factors of success or failure. Perhaps in times of increased risk, the rewards are not proportional, and prudence dictates a more conservative approach. However, bravery, prudence, and recklessness are usually measured after the facts. That is why having a consensus of opinions is a solid strategy. One danger is an overbearing leader who is compulsive about their ability to make the right decisions. Indeed, the higher the risk-reward ratio, the more consensus should be practiced and made policy.
Do we reward risk-taking?
What incentives are there to analyze risk and potential rewards? Is there a bonus system that encourages managers to constantly be weighing the cost-benefit in their fields of expertise, and do incentives support short-term or long-term goals?
Should risk management be part of the planning process?
Of course, sales and marketing, production all take risks into account on a daily basis. Even making the right hire can become risky. So, yes, almost every phase of planning requires some risk analysis.
Should we consider the “unthinkable?”
Are we too limited in our scope of perceived risks? Could events in other parts of the world have a domino effect on our business? Could unexpected changes in regulations become a real threat? Or, is a loose cannon in the Oval Office or Politburo a potential game-changer in world politics? If so, what should we be looking for as it relates to our success or even survival? On a smaller scale, do we have a potential yet inconceivable risk which could become a catastrophe such as an environmental risk or legal liabilities?
Are messengers shot?
How do we handle the views and considerations of others? Do we put down the nay-sayers and negativity, or do we listen and encourage input from all sides? We all know that strong leadership, corporate culture, and peer pressure can be a double-edged sword.
Do we operate in accordance with our stated values and mission?
It is very easy to write and speak the slogans of best practices, but does management actually live by them on a daily basis? Employees and customers can quickly see hypocrisy, and that creates distrust. Are our policies and procedures actually followed?
Do we have crisis management policies?
As an end result of considering risk management, have we developed formalized policies and procedures to address the most probable crisis scenarios? Do we have backup systems to our essential technology and a chain-of-command crisis plan in place, which includes updated phone contacts?
Management should be asking themselves three important things when it comes to risk management:
1. How do we stand regarding our identified risks?
2. How do we compare with our competitors when it comes to risk planning?
3. Are we improving our risk analysis and management?