Bringing risk into the ‘real world’ makes organisations more efficient, cost effective, and profitable. Organisations will be better placed to meet their business objectives on a more sustainable basis.

To bring a risk appetite document to life and make it real and applied within a business, the use of scenario planning and technology is required. The objective is to apply risk management, create a risk culture, and embed it across the organisation.

It nearly always takes a significant a risk event to occur before the status quo is challenged and people say that “risk can/should be done better”.

With hindsight, the argument is that the particular risk should have been identified earlier, and reported more clearly, so the inherent risk and mitigating controls could be understood. With this, the risk would have been better managed or prevented.

There are three key reasons why risk management often fails:

  1. Post an investment decision, and in a business-as-usual environment, risk is often largely ‘removed’ from the front line, and becomes a risk and compliance function responsibility. As we explored in Risk functions must be reimagined, risk management is often seen as the responsibility of a risk department, that is not engaged with by the broader business in daily activities and business decisions. This naturally leads to decisions that don’t holistically take into account ongoing risk and rewards.
  2. It is difficult to ‘see the wood for the trees’ in an ever increasing compliance and regulatory environment that is impacting all industries. Boards, risk committees and senior management can have thousands of individual compliance requirements to contend with. The requirements consistently change, so staying current is a challenge.
  3. Assuming an organisation’s processes identify the correct compliance requirements, critical issues are often hidden in risk reports that are hundreds of pages long. This volume of data makes it hard to quickly identify the key risks, emerging trends, or even possible compliance breaches. Trying to see strategic risks impacted by the content of such reporting is virtually impossible. 

To overcome these challenges, organisations need consolidated risk data on a centralised risk management platform that breaks down silos, and brings risk back to the front line. They need an approach that allows risk professionals to ‘partner’ with the business. This enables the type of consistently good risk culture that will help businesses stay on the front foot.

Risk in two dimensions doesn’t work today

Another hurdle on the path to better risk practices is that organisations are still looking at risk in ‘two dimensions’ – likeliness and severity. In other words, how likely is a risk to happen, and how significant would it be to our business?

These factors are still relevant, but in today’s fast-paced world, risk needs to be looked at in four dimensions, considering the speed, time or velocity with which a risk, once triggered, will impact a business, and the connectivity or contagion of how one risk impacts another.

Time plays a major role in risk management. Connectivity is equally important.

For example – what is the event or scenario that is most likely to unfold? This scenario will most likely be a connected series of three to six separately listed risks. If these risk are linked, it is easier to understand and assess the scenario, and easier to see how to mitigate and manage the outcome. It might be a workplace health and safety issue, communicated through social media, that flows on to impact sales and liquidity.

Real world risk management

Moving from ‘theory’ to ‘reality’ so that risk appetite, culture and operational risk resonate at all levels from the board to the front line requires understanding risk in the context of ‘real world’ tangible scenarios.

This is where scenario planning workshops can help across risk at three levels:

  1. Emerging/strategic
  2. Corporate or tactical
  3. Operational.

A board may focus on strategic risk such as trade relationships, while management focuses on corporate reputational issues, and sales staff focus on risk in customer service activities.

A simple example scenario to workshop at an operational level could be:

A board may focus on strategic risk such as trade relationships, while management focuses on corporate reputational issues, and sales staff focus on risk in customer service activities.

Risk in the real world infographic

Recognising different risk appetites

To demonstrate how risk appetite can differ across and within an organisation, we can look at the recent Boeing 737 issue, in which two aircraft went down causing significant loss of life.

There were different risk appetites across different country airlines in the decisions made as to whether to ground aircraft while waiting on the relevant investigation into the cause of the crashes.

While the in-principle decision to keep all human life safe should be consistent, where the revenue from the 737 aircraft made up a very significant portion of an airline’s revenue, the pressure to continue flying was greater than at an airline with a diversified portfolio. This was played out with different approaches taken.

KPMG's risk technology solutions

To support our clients in addressing the above challenges, KPMG has developed three new tech supported risk solutions which can be used independently, or as an integrated solution as part of KPMG’s Risk as-a-Service.

  • Dynamic Risk Assessment (DRA) provides insights into risk that can enhance capital allocation, decision making, resilience and agility.
    Find out more about Dynamic Risk Assessment >

  • Facilitator View is a consensus gathering tool which can be used in workshop scenarios to quickly agree on views around risk and risk prioritisation.
    Request a demo of KPMG Facilitator View >

  • KPMG Risk Hub brings organisations a world leading GRC system, managed and maintained by KPMG – bringing people, culture and technology together as an innovative Risk as a Service.
    Explore KPMG Risk Hub >

 

Organisations can choose to engage with part of, or all of, the Risk as-a-Service offered.

In addition to Risk Hub our managed service, KPMG also provides Powered Risk for risk transformation, integrating our forward-looking approach to risk management with deep industry knowledge, leading cloud GRC technology and global delivery capabilities.

Learn more about Powered Risk >

Turning risk into opportunity

KPMG’s risk technology suite can close the gap between board strategy, corporate decisions and operational risk.

For example, a supermarket staff member can have an app on their mobile phone connected to the company’s central risk database. When a glass jar falls, they can immediately log that incident, for everyone from the board to management to see.

If the data starts to identify similar issues across stores – then the machine learning aspect can alert management, who can then look at where to invest in safety procedures to prevent any serious incidents.

If organisations embrace scenario planning and technology to make risk ‘real’ and bring it to the front line, everyone across the business can contribute to, and access the same data. Staff of all levels can see how risk and reward work together, and make better risk-aware decisions as a result.

Bringing risk into the ‘real world’ makes organisations more efficient, cost effective, and profitable. Organisations will be better placed to meet their business objectives on a more sustainable basis.