Every organisation, regardless of its size or sector, faces risks. While many risks can be effectively prevented, they cannot be completely eliminated. Moreover, risks are emerging more and more rapidly. In particular, pandemics and cyber security threats have created a very challenging web of risks for organisations. These are further compounded by the conflict between Russia and Ukraine, which has caused tremors around the world.
This is illustrated by the World Economic Forum’s (WEF) ‘Global Risks Report 2022’, to which respondents said they expect either continued volatility and instability or multiple surprises and fragmented developments over the next three years. The report was created on the basis of a survey of 12,000 people worldwide. The people interviewed in the survey said they were more risk-aware than ever before. Moreover, in Europe and elsewhere, there is a “collective feeling of helplessness” in the face of risks and global events. The overall picture painted by the index is one of growing concern about risks.
We are living in a period of exceptional uncertainty. Disasters, scandals and natural catastrophes are hitting businesses, underlining the importance of risk management at company level. Organisations should already have a well-prepared infrastructure behind the scenes. Similar events often raise questions about the ability of managers and boards to anticipate the unexpected.
A risk attitude is a natural tendency or general willingness of an organisation to take or not to take risks.
A risk attitude is the natural tendency or general willingness of an organisation to take or not to take risks. This is a reaction based on a perception of a risk scenario – an estimate of what could happen across the business. A major obstacle to achieving risk is often the fact that organisations and the people within them have logically different attitudes to risk. Many remain generally indifferent to risk, which is likely to lead to significant gaps in their risk attitudes.
According to Laevo’s analysis in “Defining Risk Attitudes”, there are three different types of risk attitudes: risk aversion, risk seeking and risk neutrality. Risk aversion is a type of attitude in which the risk taker (individual) is inclined towards a certain risk compared to uncertain events. The risk-averse type will pass up a good opportunity for greater gains and instead look for a more certain scenario. Risk aversion, on the other hand, is a type of attitude in which someone gravitates towards uncertain actions, knowing the risks. Risk-averse people or companies display this attitude when they are willing to accept the negative consequences of taking a risk. Risk neutral describes an individual who takes a risky attitude without placing any emphasis on risk taking or on certainty. They tend to demonstrate their character when decisions are based solely on expected monetary value. A risk attitude can be defined as a “chosen state” in which a choice in the face of uncertainty can have a positive or negative impact on goals. Risk attitudes are usually implemented unconsciously and without conscious validation. However, like any other attitude, risk attitudes are a choice of the individual or organisation. Ultimately, organisations need to ask themselves some key questions. To what extent is the company prepared for future risks? How can they identify risks and take appropriate action in time? And how can they effectively integrate risk management into the organisation’s strategy?
Risk information enables organisations to systematically identify the impact and duration of risks in a repeatable, effective and verifiable way.
In virtually every organisation, day-to-day decision making is fraught with risk. Therefore, in order to identify, quantify and mitigate risks, the following tools are needed. A means to systematically identify the impact and duration of risk events in a repeatable, effective and verifiable manner. In addition, risk intelligence is needed. Risk intelligence is the ability of an organisation to think holistically about risk and uncertainty. The whole organisation needs to speak a common language of risk and effectively use proactive risk concepts and tools to make better decisions.
Risk information enables organisations to systematically identify the impact and duration of risks in a repeatable, effective and verifiable way. It also enables organisations to collect data to identify and quantify risks – and enables them to make informed decisions about risk exposure and security risks. Risk data also enables organisations to continuously improve risk management by identifying and mitigating threats, highlighting opportunities and ultimately creating value for all stakeholders.
NordCheck CEO and co-founder Janne Järvenoja has made an invention for dynamic contract risk management for which NordCheck has applied for patent protection.
The key feature of this solution is to identify market practice, for example in contract terms. Typically, the market practice is well established to the extent that its risks can be identified and priced, thus the market practice is risk neutral. When deviating from it, for example by imposing an exceptionally onerous obligation or by raising the limitation of liability condition significantly above the normal level, the risk should be priced in or otherwise borne by the company.
To become risk-smart, an organisation needs to follow certain procedures.
To become risk-smart, an organisation needs to follow certain procedures. Risks should be considered and integrated into the company’s activities, including key decision-making processes.
- Create a process to identify poorly understood threats to the organisation.
- Bring together key stakeholders to address risks, effectively and sensibly. Whether it is risk and control owners or regulatory stakeholder bodies, it is important to get them to understand the risks and identify where new risks need more focus.
- Facilitate consensus-building on scenario planning, which is probably the best way to make opportunities real and find the right strategies to counter negative impacts. Building consensus on emerging risks is difficult because organisations can come up with multiple scenarios. Identifying and accepting market practices as a starting point can help significantly.
- Review and ignore theoretical or otherwise irrelevant, low-level risks. As organisations often struggle with resource constraints, resources cannot be wasted on unnecessary activities. Therefore, it is important to focus only on those risks that are more significant and of lower than expected value.
- Exploit the competitive advantages of emerging risk processes. If organisations have an evolving risk process, they are most likely to have some form of competitive advantage. This will diminish as more and more people realise this.
When viewed as opportunities, risks can provide a means to grow and innovate.
When viewed as opportunities, risks can provide a means to grow and innovate. Risk intelligence is probably a utopian vision for most organisations, as it often requires constantly identifying the biggest risks and changing risk management strategies accordingly. Knowing which risks can be taken and which risks need to be kept at bay is vital to the health and value of an organisation.
Another key aspect of an organisation’s transition to becoming a more risk-smart business is the role of culture and how culture is developed – particularly by the board and senior management.
Organisational practices and culture are passed down from the top and it is therefore important that the board plays a key role in promoting risk control. The tone at the top sets the principles, values and ethical climate. If the board and senior management emphasise the importance of risk management, the organisation will be more inclined to adhere to the same values of risk management.
With growing geopolitical tensions and an increasing number of interconnected global crises, organisations need to strengthen their risk awareness.
In the face of growing geopolitical tensions and an increasing number of interconnected global crises, it is imperative that organisations strengthen their risk awareness. Organisations must face the challenges and ask questions about the relevance of their strategic vision, structure, business model, competitive position and values in the new world order. The ability to innovate, remain competitive and sustain value requires a structured and planned risk decision-making process that is both clearly proactive and robust.
As part of the new European corporate responsibility regulation (Corporate Sustainability Reporting and Due Diligence Directives), risk management is a key part of the requirements. Companies will have to establish a “risk and control framework” in which risks are systematically managed. It is probably not possible to build overlapping risk management practices for different purposes so that they work effectively and transparently together.
NordCheck’s risk management is well suited to different areas and functions. Excel may work for the initial stages of the risk management process, but if you want to implement a risk management plan that works in the long term, Excel’s shortcomings will quickly become apparent. Developing a company’s risk management process needs to be supported by an appropriate tool that makes it easy to analyse and map risks, especially as accountability regulation will make it more and more demanding in the future.