March 4, 2022
5-Step Risk Management Strategy for Your Business
Don't wait until it's too late.
6 min read
I glanced down at my altimeter - 4,500 feet.
We locked eyes and silently decided “let’s go for it.”
For a quick second my stomach twisted and my mind raced as we completed the final maneuver. Before I knew it, the skydive was done. The altimeter hit 2,500 feet and it was time to deploy the parachute.
“Wow, that was close,” I thought. But was it really? Probably not? I guess I’d never know.
The problem with risk is that everything is fine… until it’s not.
Over the past several years I’ve picked up skydiving, and aside from terrifying your family and being a beautiful way to see the earth, it’s a great way to learn a thing or two about risk management.
Just like business, it’s a team sport with a strong individual component. Unexpected things happen all the time, but preparation and back-up plans make almost anything manageable. In both cases you’re making rapid decisions with imperfect information that determine success or failure. When things go wrong you might find yourself in freefall, all alone, with no one to help you.
But experience teaches us that it doesn’t need to be that way.
If you haven’t seen skydiving routines before, it might seem like an unusual comparison to the risk management function of a multinational business, but stay with me for a second. Plummeting toward the earth at 120mph while you’re executing the choreography of a boy-band music video, forces you to become deeply attuned to what can (and will) go wrong, and how to ensure that you land to walk another day.
In my opinion, there is a five-step risk management strategy you can implement at work, and in the air, to ensure your organization lives to walk another day:
1 - Assess:
It seems obvious, but we all know countless decisions we (and others) have made without consulting data. Assessing your current situation as deeply as possible is often the difference between a well-calculated chess move and a foolish low-probability gamble.
The assessment phase begins long before decisions are made, and never stops. What systems does our organization run? Who are the teams in charge of key decisions? What will our competitors do? Is there geopolitical risk around the corner? Are the regulators changing their stance on a relevant issue? Any and all data points should be considered to paint a picture as clear as possible of what objective reality looks like. Only then can we move on to subsequent stages.
2 - Imagine:
How often do you perform scenario modeling? How about mock training exercises that replicate real-world situations? Do you and your team spend time dreaming and imagining worst-case scenarios to prepare against? Do you have a dedicated “red team” tasked specifically with trying to break your product and/or business model? You should. It’s virtually impossible to prepare for something unless we imagine how it may arise, and then working through the downstream consequences.
Imagining and modeling future scenarios is critical to ensure that not only leadership, but every member of the team, knows that things could go wrong. When skydiving, we usually have about 90 seconds between the time we leave the plane until we’re a splat on the earth, unless a magical parachute saves us. A lot can go wrong in 90 seconds, so it’s imperative that each potential scenario is considered in advance. The wider the array of potential issues, the more resilient the strategy.
3 - Plan:
Of course, imagining potential outcomes is only half the battle – extensive planning (and contingency planning!) is required to ensure your team’s hard work results in success.
Is the objective clear? Are the steps well-communicated? How will your different functional teams integrate? Are different team members aware of the risks associated with their colleagues’ tasks? Is everyone prepared for a sudden change of environment by competitors or regulators? Are there plan Bs and plan Cs constructed for each possible scenario to quickly pivot the team if needed?
The business world has never been more complex with nearly an infinite number of variables that can affect operations. Planning, testing, and simulating potential scenarios is the best mechanism for ensuring preparedness.
4 - Feel:
I’m hesitant to put a word like “feel” in the list of steps to manage risk, but hear me out. When you’re in freefall staring down at the earth from 10,000 feet, making it to the ground feels very, very important. It is exactly this sense that establishes a clarity of objective that we need to perform when things get difficult.
I’m not proposing we add life-and-death stakes to business – we already know life is stressful enough – but a sense of ownership and significance over the objective is unbelievably powerful to align stakeholders to the mission.
Does everyone understand the stakes of mitigating risk in the organization? Do they understand what happens if they fail? Risk mitigation is broad enough that it’s often “everyone’s job”, but if everyone does not feel the weight of that responsibility every day, it very quickly becomes no one’s job. Compliance risk can literally mean the difference between profitability and bankruptcy – it’s critical that the entire organization feels this significance in order to support each other.
5 - Execute:
If you’ve already completed steps 1- 4, step 5 shouldn’t be too tough, but no one can do it for you. The hard work put into planning and preparation means nothing if politics, excuses or complacency get in the way of execution. Hopefully by this point stakeholders are excited about the mission, prepared for unexpected events, and are leveraging the tools available in the organization to get things done.
While skydiving isn’t for everyone, the lessons learned under immense pressure and limited time are powerful. Whether we realize it or not, risk management is a part of our everyday business life.
The next time you consider enterprise risk, put yourself in a mindset of looking down at the earth from 10,000 feet. Would you leap out blindly, or take the time to Assess, Imagine, Plan, Feel and Execute? Choose wisely, it’s a long way down.
The opinions expressed in this blog are those of the individual authors and do not represent the opinions of BRG or its other employees and affiliates. The information provided in this blog is not intended to and does not render legal, accounting, tax, or other professional advice or services, and no client relationship is established with BRG by making any information available in this publication, or from you transmitting an email or other message to us. None of the information contained herein should be used as a substitute for consultation with competent advisors.