Managing enterprises is far more complicated today than ever. The average life span of companies is plummeting. According to a CNBC.com article, Is Technology Killing Off Corporate America, “ . . .The average age of a company listed on the [S&P 500] has fallen from 60 years in the 1950s to less than 20 years now. . .” This was in 2017, prior to COVID and the evolution of technology and business models that has taken place over the last three years. The margin for error in setting and executing your strategy is decreasing while the rate at which critical events occur increases.
Sustaining your enterprise demands that you achieve business agility and identifying risks and planning how you’ll respond to them is a crucial component of that. Attempting to manage in a dynamic risk environment with a risk management approach adjusted only periodically won’t work. Agile Enterprise Risk Management (AERM) is a critical necessity.
In a previous article I proposed that companies should apply a broader group of management disciplines to Risk Management. In this article, I will describe what this should look like and why.
Major Business Drivers Are Dynamic – ERM Must be Adaptive
Rapid change and disruption require an active ERM infrastructure that includes people, information and knowledge assets, processes, and practices to synchronize with the continuously evolving enterprise. Traditional approaches must be revised. Companies should:
- Invest in disciplines, such as Enterprise and Business Architecture (EA and BA) to accelerate decision-making. EA and BA can only help you react more quickly to events if the information assets you create with them exist before decisions are required.
- Staff and fund EA and BA appropriately to ensure their viability. While it may seem prudent to delay investment in down times, if you don’t have the right processes in place to produce the information and knowledge assets you need, you will undermine your AERM program and impair your agility.
- Recognize and resist the human propensity to undervalue investments in preparedness, such as ERM, that seem only to contribute to avoiding negative outcomes.
What holds companies back from making these investments? It is complicated and different for each organization, but there are commonalities. The way EA and BA are often practiced and tooled can tilt them towards overkill. They are often focused on ingesting enormous volumes of detailed data but then don’t always produce intelligible, clear, and tangible value to senior decision-makers.
Many, if not most, large enterprises have an ERM function that, like budgeting or strategic planning, works on a cyclical basis. But, if risk-based thinking is not integrated into day-to-day operations it may not be applied in the heat of a moment when dealing with an unforeseen threat or business opportunity.
Because the environment can change so quickly, RM must be designed to be updated dynamically to adjust to your businesses’ evolution as it responds to events. This will not work if you review and revise it annually based on a snapshot of the enterprise. Instead, it must be incorporated into the company’s short- and long-term management and decision processes. In the same way that systems development has evolved to be Agile, ERM should also.
Critical Requirements for an Agile Enterprise Risk Management (AERM) Transformation
An Agile Enterprise Risk Management function should incorporate:
- A Risk Information Management System and Repository
- Connection to other relevant repositories, such as the EA and BA models
- Search and analytical tools and dashboard interfaces
- Integration with enterprise planning and operational decision processes.
The AERM function must be:
- Scalable; provide tangible value for a subset of the enterprise, such as a business unit, but also accommodate the entire enterprise if you choose to operate at that level
- Lightweight; not add a significant burden to decision-making and design activities
- Malleable; easily transformed to adapt at speed to changes in the structure or operations of your business
- Integrated into your operations and decision processes, not bolted on and overseen by an administrative group that adds overhead
- Designed to contribute to business agility by reducing decision latency at times of exigent need
Outlines of a Solution to Support the AERM Process
Given the requirements, above, the elements required to begin to implement AERM include:
- Information Assets
- Lightweight EA and BA models, that show the interrelationships of relevant entities, such as Products, Capabilities, People, Processes, and their Enabling Infrastructures
- Extensions to the data model that support rapid analysis and highlight interactions among modeled entities and risks
- System
- A centralized Agile Risk Management System that houses the information required to manage AERM assets, enable rapid analysis and adjustment and support regular assessment of AERM performance
- Processes
- Business Analysis, Project Portfolio Management, Program and Project Management practices that enable your company to keep AERM in step with its evolution
- AERM processes that are integrated into strategic and operational decision-making
Clearly, this represents a change in how ERM is traditionally practiced. It is an Agile, DevOps, Lean, AI-driven world now. Athletes are trained to intuit how action is likely to unfold in the field so that they can act and react with a minimum of conscious thought. In business, unforeseen, unplanned-for risks can slow down or compromise your response to events. If you expect to succeed, ERM has to evolve to keep pace with the changing environment in which you operate.
To achieve sustainability, AERM is a must and in future articles I will add detail to the vision of how this may be accomplished.
Bio:
Howard M. Wiener is Principal of Evolution Path Associates, Inc., a New York consultancy specializing in technology management and business strategy enablement. Mr. Wiener holds an MS in Business Management from Carnegie-Mellon University and is a PMI-certified Project Management Professional.
He can be reached at:
howardmwiener@gmail.com
(914) 723-1406 Office
(914) 419-5956 Mobile
(347) 651-1406 Universal Number