“I found that just surviving was a noble fight” – Billy Joel
Most companies want to do much better than “just surviving.” But the world is a dangerous and complex place. Surviving itself may be difficult, but the focus is most often on less extreme situations such as:
- Not making bonus
- Not beating last year
- Not beating competitors
- Not making a profit
Said another way, a common goal that is informally set for risk managers is “no surprises.”
Unfortunately, that goal forces risk managers to keep their focus on the small bumps in the road ahead. That may mean that there may not be anyone at all focused on the places where the entire road is washed out by a flood or blocked by an avalanche.
Surviving the big crises requires resilience
In the case of the really big disturbances, survival is the noble fight, and survival will often require resilience. As originally envisioned by the biologist C.S. Holling in 1976, resilience is achieved by constantly changing, renewing and reorganizing in order to survive, despite an extremely adverse situation. Resilience incudes not just reactions to adversity, but also the preparation for adversity and the avoidance of the adverse events and the worst effects of the disturbance.
Enterprise risk management (ERM) is the name for an approach to organizing risk management. I often describe ERM as a set of “n+1” control cycles, one for each of the “n” key risks and one more for control of the aggregate risk in comparison to the aggregate ability to absorb losses.
The four keys to resilience
There are four key aspects to ERM that cause it to be much more than “n+1” control cycles. These four keys mean that ERM can provide resilience for those who adopt and maintain an ERM system.
- Transparency – around level of exposures of key risks, the success or failure of risk mitigation activity, and the gains or losses associated with risk exposures.
- Discipline – the commitment to reliable management of all key risks and to the aggregate risk of the firm.
- Alignment – consistency between the primary strategic objectives of the firm and the objectives of the risk management programs, so that ERM supports the primary goals of the firm.
- Adaptability – planning to react to information about the changing risk environment to keep the focus on the risk management needed to succeed next year, not last year.
The ERM process draws its power from transparency and discipline, and its direction from alignment, and can only maintain its effectiveness over the long term with adaptability. While each of the four keys to ERM provides these tangible benefits, resilience can only be achieved with all four.