When it comes to identifying and dealing with their key risks, companies increasingly have taken a fill-in-the-box approach as influenced by their advisers.
Occupational health and safety standards? Tick. Privacy guidelines? Tick. Cyber security? Tick. Anti-fraud and corruption measures?
The list goes on …
COVID-19, however, has highlighted how the left-of-field dangers are often the real existential ones that can torpedo a company.
The pandemic also highlights how a more holistic approach to risk analysis can open up opportunities for enterprises to transform their fundamental business model and strategic goals.
“Most companies consider their primary risk management tools to be compliance programs, internal controls and internal and external audits,” the Harvard Business Reviewnoted in a recent article.
“While reducing the incidence of ethical reporting and compliance violations is important, such a narrow focus prevents the risk management function from helping their companies manage a much larger and ever widening universe of risks.”
Well before the coronavirus, many ‘old world’ industries were being massively affected by digital technologies. The ill-equipped companies tended to focus on the obvious compliance-driven risks, rather than taking the required quantum leaps to transform their vulnerable business models.
According to New Zealand-based software innovator and risk management expert Ben Stevens, the key lies in not leaving risk management to the back-office box tickers, but identifying threats and opportunities with employees’ input. “Strategy setting and risk is joined at the hip and should not be seen as a job for the boffins,” he says.
“More and more there is recognition that while there are a lot of risk tools available, they are owned by the ‘risk person’ while the ‘strategy person’ is responsible for strategy.“They work in splendid isolation but you really want input from everyone and for everyone to be a part of the process.”
In Stevens’ view, most risk assessment documents are “trite”, isolating perhaps two or three useful risks and opportunities out of several dozen.
“But what’s the risk that will most likely kill you? It’s usually not thought up by the guy in the corner, but by people at the coalface,” he says.
In 2017, Stevens founded the cloud-based subscription software Flipview, which enables organisations to meld risk analysis with corporate goal-setting by using a “bottom up” approach.
As its name implies, Flipview aims to upend traditional views about risk management and corporate strategy. At its core, Flipview uses customisable survey tools so employees can contribute in a structured way by identifying the high-priority risks and opportunities.
The survey data automatically feed into a workshop module and dashboard reporting, which in turn streamlines strategy planning.
Stevens modelled the user-friendly dashboard on the elegant instrument cluster of his lovingly restored 1964 Volvo P1800.
‘‘Driving home from a consulting engagement, I was stuck in traffic and looked at the dashboard and thought, ‘Wouldn’t it be great if the consulting process could be automated through clever questions mapped to a simple dashboard?’”
His prototype software was called Risk Dashboard, but as more clients started using it for strategy planning he changed the moniker to Flipview. Flipview’s key purpose is to frame risks not as those outlined in negative compliance processes, but the grassroots ones pertaining to competitor activity, supply chain shifts and evolving consumer attitudes (for instance, environmental concerns such as single-use plastic).
As a sign of the times, “me too” dangers such as sexual harassment and discrimination claims are appearing prominently on risk registers.
Flipview is used by a wide variety of organisations, ranging from a small printing business in suburban Auckland to ASX-listed companies.
For some clients, the process can be spookily prescient. For instance, one survey highlighted the heightened risk of a product recall – and even before the results were compiled the client suffered such an event.
In another case, a client realised its core cabling business was threatened by the surge in Wi-Fi enabled products.
“In this case, recognising the risk created opportunities as the company found new revenue streams,” Stevens says.
As a former executive in the TV, recorded music and payments industries, Stevens was well versed in business disruption long before ‘coronavirus’ became a household term.
He says the best way for a company to avoid this topical “tripping hazard” of disruption is to become a disruptor itself. Ironically, this in itself is a very risky strategy “but in a turbulent environment, taking calculated risks is critical to survival.”
For example, NZ’s Tourism Holdings created Mighway, an app that allows camper van owners to rent their vehicles to tourists. This initiative potentially cannibalised the company’s core business of renting its own camper vans, but also protected it from being disrupted and ultimately created a new (global) revenue stream.
As for the coronavirus, Stevens says it was a “bit like the Martians landing”. Beyond insurers and the World Health Organisation, few bodies had pencilled in ‘pandemic’ as an existential threat.
Naturally, the virus has forced organisations to rethink their business models and reasons for being.
“Most organisations didn’t have proper business continuity plans. But – guess what – they all have them now,” he says.