Tackling the Wicked Problem - Managing Risk (part 7)
In part 6 of this series, I covered how leadership teams can build a more robust approach to developing talent as they tackle the broader ‘wicked problem’ of continued success. This instalment explores how firms can better approach managing risk as part of that same approach, highlighting some key areas for consideration.
Risk through the lens of business enablement
Over the past decade, firms have been compelled to focus on risk management and compliance like never before. More onerous regulation and public scrutiny have propelled risk discussions to their rightful place at the top of the agenda. However, risk and compliance officers have often been seen as the naysayers of the business, with their remit viewed as a ‘tick box’ exercise to be circumvented or ignored as often as possible.
Behavioural change (the hardest change to make) is where the best firm leadership teams have focused when it comes to addressing risk management. This starts with a fundamental shift in the way risk management is viewed by the business – instead of seeing a potential blocker, the risk team is seen as a key business enabler. With this lens at the forefront, firms have reduced internal friction, increased decision-making efficiency, and improved the day-to-day working experience.
After adapting this new lens, success depends on leadership establishing a robust approach to inculcating risk management throughout the firm. Below are four areas that leadership teams should consider in building such an approach.
Set the right tone for risk to be an enabler
In addition to defining overall firm strategy, the leadership team establishes and reinforces firm culture. Not quite as simple as ‘do as I do’, but the talent within the firm will generally mirror the actions and approaches of their leadership team – as Jim Whitehurst notes in his article Leaders Can Shape Company Culture Through Their Behaviours, ‘…culture change begins when leaders start to model the behaviour they want the organization to emulate.’
So, if a leadership team allocates little to no time to risk management in strategy setting or ongoing management meetings, or roll their eyes whenever compliance is mentioned, why would they expect their teams to have a positive attitude to risk management? Instead, management of risk should be given appropriate time in every element of strategy setting, and is something that should be reported upon regularly at the highest level. Not only is the need for strong risk management not going away, it is becoming more and more the single blind spot that could take down your whole firm if mismanaged.
That’s the stick, but there is also a rather large carrot to embracing a positive approach to risk management. Believe it or not, the best emerging talent wants to work in an environment that has a strong ethical code and a desire to ‘do the right thing’. Over complicated rules can of course stifle innovation and lead to frustration but, as Rob Goffee and Gareth Jones found in their article Creating the Best Workplace on Earth, your people will thrive when they have an expansive structure they understand and believe in. Put simply, a positive approach to risk management helps your talent to feel more secure in their day-to-day actives, which increases happiness and productivity, and in turn attracts and retains the best people.
Risk is not an island, and must be integrated into the overall business
Michael Volkov summarises this challenge very nicely in his article, by asking ‘is your Chief Compliance Officer Lonely?’. If risk management is isolated from the rest of the business, then really only bad things can happen – at best the firm will be avoiding issues by luck, at worse one or more of those issues will eventually bubble to the surface and have a severe impact on the business.
Of course, some responsibility falls on the risk team to humanize their role and connect with the rest of the firm. However, there are simple things leadership teams can do to help set everybody up for success:
- Integrate risk into the ‘day-to-day’
This isn’t to suggest that everyone must have a complex checklist to tick off before they can take any action, but use training and technology to help people be more aware of potential red flags or situations in which they should call on the risk team for advice.
- Performance/pay levers
Best used as a positive with people receiving higher performance ratings and reward for demonstrating an aptitude for being risk aware. Even by just making it known that good risk awareness is an element that will be reviewed will drive some of the desired behaviour.
- Develop a culture of accountability
Yes, your firm probably has a risk team and, yes, it is their job to help the business better manage risk, but this is such an important area that everyone in the firm should feel a level of accountability proportional to their role. ‘That’s someone else’s job’ just isn’t going to cut it anymore when it some to risk.
Risk teams must leave behind the ‘theoretical vacuum’ and embrace commercial reality
Assuming that risk management is integrated into the firm, the other side of the coin is that the risk team must ensure that they are effective within the commercial realities facing the firm. Leadership can help breakdown the historic ivory tower around risk management but, in turn, the risk team must immerse themselves in the business context of the firm and provide support for real life situations (rather than in a theoretical vacuum). For many risk professionals this is second nature and they relish the chance to be closer to the business, but for some there will be an adjustment period where they will likely require support from your L&D team.
There are multiple professional services firms that have already achieved this symbiosis between risk management and commercial efficiency. One simple recent example that particularly resonated for me is a client of ours (an international law firm) where preliminary conflict checking now occurs at the initial stages of the business development process – the business benefit being that they are hunting for new clients and work in whole segments of whitespace that have been provisionally conflict cleared, reducing the potential for wasted effort identified only at a much later stage.
Technology is your friend when building a better risk management culture
Perhaps more so than any other area for professional services firms, the management of risk is one that lends itself to technology support. Data must be consistently consumed, analysed and potential ‘red flags’ highlighted on a scale, and often in a timeframe, that simply isn’t feasible for human effort alone. However, for me, the key here is not the wholesale replacement of humans with AI, but more how do we best support that human skill set with helpful technology – Augmented Human Intelligence (AHI), if you will, helpfully defined by Gartner here.
Let’s take conflict checking as an example, an area which is close to our heart at Intapp. As we developed our Conflicts AI solution, we quickly realised that the optimum approach was to understand how artificial intelligence and human input could best be combined. Humans tend to be poorer than our AI counterpart at large scale, monotonous review; whereas AI struggles much more with the nuances of specific, unusual situations.
This approach enabled us to develop a solution where the AI can efficiently handle 80-90% of conflict checking (the vast majority of cases that fit standard parameters), and highlight the 10-20% where human review is the best way to ensure the right result (the edge cases where the dangers usually lie).
In short, no humans were harmed in the making of our solution – instead we were able to work with our clients to free up huge amounts of time for the risk team to focus on the cases where their expertise and focus is critical.
There is no reward without risk, but finding your ideal tolerance level is key
To coin a phrase from the US Army War College, the commercial world in which we operate is becoming ever more VUCA – volatile, uncertain, complex and ambiguous – and, as Sunnie Giles mentioned in her article How VUCA Is Reshaping The Business Environment, And What It Means For Innovation, this provides equal amounts of opportunity and challenge.
With this increase in business complexity, the successful management of risk is going to become even more important, rather than dwindling at all in significance. Consultancy.uk notes that many firms are struggling already to keep up with the pace of regulatory change, and this burden is only going to get more cumbersome.
Rather than proverbially burying their heads in the sand, the best leadership teams are alive to this changing environment and are taking proactive steps to improve their risk management approach. As well as what I discussed above, the key is for leadership to honestly define their tolerance level for risk at the outset and build a business culture that inherently reinforces that level.
Commercial risk will never be completely eliminated nor would a successful firm want to do that, because fortune usually favours the bold. That said, a robust pervasive approach to risk management, focused on the ‘marathon rather than the sprint’, will likely deliver more consistent success over time – and less sleepless nights for your leadership team…