Adopting an Agile Approach to Risk Management Strategies
@ the IERP® Global Conference, August 2023
Fail fast, fail hard and recover quickly. This was the advice speaker Ramesh Pillai, Group Managing Director of Friday Concepts (International) gave the audience at the start of his session on adopting an agile approach to risk management strategies. His presentation was a 45-minute trip through 24 slides that also doubled as a handbook to take away, with eye-opening remarks that made it memorable. “If you want to move forward, you have to make mistakes,” he said. “The best way to learn is to fail. But fail fast, fail hard and recover fast. You learn from failing. You actually get better experience from failing than from success.”
Risk management, he added, was about creating value; this was where ERM and ESG overlapped: they both created value. There was, therefore, no need for separate approaches for ESG risk management and ERM. “If you can define what your ESG objectives are, you can adopt the approach that anything that prevents you from achieving your objectives is a risk,” he said. “You will automatically have ESG risk management.” Adopting the objective-centric ISO 31000 approach supports an organisation’s agility. Risk management is all about creating value, ensuring organisational agility, resilience, and sustainability. If organisations want to put ERM in place, it must be simple to be successful.
Risk managers should know more than the ordinary person in the street when it comes to managing risk. “We need to bring others up to our level,” Ramesh said. “Given the environment which is always changing, we need to ensure that risk management stays relevant.” Technology and its acceptance accelerated during the pandemic years but there is still a need to stay ahead of the curve, which is basically what being agile means. “About 70% of organisations have incorporated some form of agility into their projects,” he said. “These agile projects are 28% more successful than traditional projects.” But how may organisations attain agility?
They need to develop an Agile mindset, which means finding ways of creating and responding to change in uncertain and turbulent environments. “It’s about thinking through what is going on in the environment, identifying what uncertainty you are facing, and figuring out how to adapt as you go along,” he explained. “But it is not just about risk management, it is also about risk culture. One of the risks we have is the mindset. We need to address the mindset to mitigate the risk. Mindset is about attitude and behaviour.” Emphasising the difference between risk avoidance and risk management, he said that proper risk management was about risk trade-offs and optimisation.
The Agile methodology, which was developed by software programmers, has several advantages over the more traditional ‘waterfall’ methodology as it looks at the intent, rather than rigid processes and procedures. Human communication and feedback are valued, and users must adapt to change to produce working results. “If you adopt the Agile mindset, you can improve the risk management function, drive innovation and efficiency, enhance understanding and problem-solving,” he said, offering six steps for risk professionals to consider, to create a more agile approach:
- Think beyond the annual plan
- Communicate more frequently
- Socialise your work and collaborate
- Be ruthlessly efficient with documentation and reporting
- Trust your team
- Think differently
Evaluating each step, he said that the annual plan is a guide which is open to discussion. “When you are doing the annual plan, you cannot foresee what is going to happen,” he said. “Life is very uncertain. The Agile mindset and methodology encourage you to think on a more incremental basis and not follow a rigid plan.” On communication, he said that risk management was all about communication; risk professionals must be consummate formal and informal communicators. “Agile encourages communication and conversations that are imperfect, allowing us to admit there is a gap in knowledge, and communicating to close that gap.”
Up-to-date data is not always available, but from the board perspective, having it is critical; getting real-time information from an Agile perspective is therefore very helpful. Additionally, Agile emphasises working in teams, not siloes. “The goal is to break down siloes that don’t need to exist,” Ramesh said. “You may not be working in a silo but the organisation may have other siloes that you continue perpetuating by how you evaluate their reporting risk.” He advocated staffing the risk management team with members from within and outside risk management, as these people are likely to bring in important subject matter knowledge.
“Be ruthlessly efficient with documentation,” he urged the audience. “Throw away stuff that you feel is not required, and if you make a mistake, bring it back in again. You will get better over time.” He also said, “Trust your team. Hire good people and trust them. Allow them to do their job, give them the tools. Hire smart people; people who can change, are agile, and can adapt.” He cautioned against “thinking like a boring risk manager,” exhorting the audience instead to think differently, and out of the box. “Risk management is not risk avoidance,” he reiterated. “It shows how to potentially control the downside whilst increasing the probability of enjoying the upside.”
Risk management is not risk minimisation; it is about risk optimisation, and Agile helps to keep things simple. Practitioners should avoid using technical language. Use plain language and keep things simple because, Ramesh said, “The simpler you keep it, the more engagement you will get; the more engagement you have, the better the quality of your eventual decisions.” Agile is really about doing things better and faster but users should apply elements that make sense in their respective organisations; what works for one firm may not automatically work for another. Agility of mindset and approach is what will make a success of its application.
Users should leverage technology in their efforts to do things better and faster. “But you cannot talk about agile without talking about Lean,” Ramesh continued, introducing this second concept. Lean is a business methodology that promotes the flow of value through two guiding tenets: continuous improvement and respect for people. Lean methodology is equated with the elimination of anything that does not deliver value to the customer, and is ultimately about value creation. The elements of Agile and Lean are tied to the right approach, increasing engagement in the organisation, getting more people involved in processes, and communicating better so that they can see the value being created.
The company should become a learning organisation to continue what its customers want and what they don’t; and in so doing, gain more insights and create more value. “If the people in the organisation are getting more involved in what you do, if you are communicating better with them, they can see the value you are creating,” he said. “They will naturally get involved with what you are doing, and your life will be easier. The quality of your reporting will go up, and your reports will be up to date, not old ones. It is time to adopt the kind of approach which values human communication and feedback, adapts to change, and produces higher-value results faster.”