Four Principles of Risk Management
Strong enterprise risk management is an imperative in the 21st century in a flattening world with growing complexity, the global movement of people and arguably more frequent disruptions and disasters. Organizations must match the evolution of strategies and operating models to mitigate potentially devastating brand and reputational risk. There’s a well-known quote from football coach Bear Bryant: “Offense wins games, defense wins championships.” A rigorous risk management program can provide great defense and readiness before, during and after disruption occurs.
In my 30 years at Bank of America, we managed a wide spectrum of risks with particularly acute periods of financial, credit, brand, merger integration, political and regulatory risks. I distinctly recall a mid-2000s business continuity risk review in which a respected colleague walked us through preparation for pandemic risk as SARS had emerged. I admit now to a bit of disbelief that a pandemic was particularly pertinent to building our plan but am grateful for his expertise and insistence that we develop appropriate risk mitigation plans.
Over time, I have narrowed in on the following principles of risk management:
Transparency is vital in terms of process, assumptions, and dialogue to ensure full understanding of inherent risks and risk mitigation. Transparency of financial performance is routine in board discussions as plans and assumptions are developed, results are recorded and updated through forecasts and multiyear plans. Robust discussions between management and the board establish expectations and the ability to pivot as expectations change. Isn’t the same transparency appropriate for risk plans, including full transparency of assumptions and scenario analysis? In one of my recent board roles, financial and credit risk accelerated with the trade and tariff wars. Management was swift to assess potential impacts and come forward with analysis for review and discussion with the board. Result? Management was prepared, the board was informed, and there were no material surprises as the tariff actions unfolded.
Analysis and adaptation are on-going dimensions of sound risk management with enhanced modeling techniques available through new technologies. Analysis should be robust and not just based on historical data as “unprecedented” events appear to be occurring more frequently. The loss rates in mortgage and home equity loans spiraled during the financial crisis and were termed “unprecedented,” but was it unpredictable with the changes in consumer debt-load and wildly accelerating asset prices? Adaptation to abrupt changes in the environment and operating model are hallmarks of strong risk-defense strategies as, for example, organizations around the world have adapted to remote work options that may prevail in go-forward operating models.
Imagination is not just for kids. It is the essence of creative thinking and dialogue as risks are assessed and analyzed, including the difficulty and probability of the unimaginable. While some would say that the current pandemic was unforeseeable, there was sufficient prior experience and predictions of a widespread pandemic that simply should not have been ignored. Perhaps the speed of spread and depth of supply chain disruption was surprising, but overall readiness should have been part of a strong defense playbook. The beauty of imagination is also the ability to identify and pursue new opportunities as organizations have quickly found new ways to serve and reach their customers during the current pandemic.
Look around the corner for what is coming, even the most improbable and uncontrollable environmental shifts. During my leadership of the Bank of America student lending business, enormous political and economic changes began to emerge which could have had profound brand and financial impacts. As we analyzed and modeled the potential changes, our long-term view of the business became less favorable and ultimately recommended an exit from the industry.
These principles can help form a solid foundation for risk management as a leader and as a board director and are best served through robust dialogue between management and the board and benefit from board diversity in experience, industry and tenure.
Tracy Grooms served on the board of Rabobank, N.A. until its sale in 2019. She currently serves on the Charleston Symphony Orchestra board and is seeking her next public company board assignment.