Employing an iterative approach to get your Enterprise Risk Management right
Incurring losses in the first few years are more common than most businesses would like to admit. Indeed, turning a profit from the very beginning is more the stuff of movies than anything else. Businesses intending to stay in the running for the long term would do well to take a page out of the books of the small neighbourhood “Mom & Pop” retailers, and get used to running a business on a daily basis first. Losses are usually commensurate with the size of the business so the smaller you are, the less you have to lose.
In an increasingly “instant” world, it may be hard to accept that success doesn’t come overnight, but businesses do have to be going concerns for a while before those who operate it really “get the hang of it.” Similarly, with risk management, the elements so carefully laid down may not look as if they’re coming together but, given time, they do work. What is simultaneously risk management’s advantage and disadvantage is that it is working when the business is progressing steadily towards its objective – but no one realises that it is doing what it is intended to do, because everything is going smoothly.
This conundrum exists because risk is not something that is immediately obvious. Many businesses may not even realise where or when they are at risk until something goes awry, and the firm is staring disaster in the face. In most cases, it is only when the business fails that the risks become clear – but failure isn’t necessarily bad; there is a lot to be learned from it.
It can be painful but through experiencing failure, businesses learn what works and what doesn’t. It’s worth remembering that what works for one firm may not necessarily work for another. Firms really should not expect a one-size-fits-all solution because every business is unique and individual, perhaps not from the perspective of what it does (there are, after all, many companies doing the same thing) but from its organisational DNA: its people and processes, and how its people apply those processes. The firm may suffer losses initially but it will learn from the experience; and the lessons derived may be more valuable than the financial cost of the loss.
Another reason to start small and build capacity is that size tends to be directly related to agility. A small business can chop and change relatively easily; it carries less baggage than larger, more established firms. It can cut and run, recoup its losses and return – sometimes in a totally different industry altogether, if it chooses. This is provided, of course, the people operating it are able to learn from their mistakes. There is no point repeating the same things in the hope that everything will eventually turn out right! – that, as Einstein implied, is the meaning of madness.
The numerous disparate elements that have to be considered when developing an effective risk management framework for an individual organisation can sometimes be overwhelming, and many a risk manager has thrown up his/her hands in complete and utter frustration. But risk management is not the exclusive province of the Chief Risk Officer; it is the responsibility of everyone in the organisation. Because risk management touches all areas of an organisation, it is in everyone’s best interests to be aware of the risks they need to manage as individuals of that organisation. Successful companies are rarely the result of individual effort. They are successful through the concerted effort of everyone who is committed to what they were doing.