RISK MANAGEMENT STRATEGY – ROLE OF THE TOP EXECUTIVES BY MAXWELL OWOLADE

In planning the establishment and operational strategy of a business, risk management must constitute an essential integral part of the plan. There are different kinds of risks, ranging from natural disaster like earthquake or tornado to fire and cyber risks. Risk management is about the identification, assessment and prioritization of risks. The process entails reducing and eliminating the occurrence of the risk or its effect on the business to a manageable degree.

The attendant risk of Advance Technology                                  

The advent of the internet has brought about cyber terrorism and this cyber risk has exposed big organizations around the world to increase operational, financial and reputation risk, as well as corruption.

Any organization that has access to any type of computing device is at risk and can have harmful cyber-attack experience. There is currently an increase in individual or state-sponsored hacking incidents, as more creative methods are continuously being devised by hackers. This is more so with the introduction of advanced Internet technologies such as the Internet of Things (IoT), which assists organizations in making better decisions, innovate faster and make available better products and services to their customers. However, this also creates opportunities for available information to be compromised, as more sensitive data are being shared among a greater number of participants, thus increasing the risk exponentially.

The Role of Top Executives

Top executives and senior management have the responsibility of mitigating and managing cyber security risks as they are intimate with the whole of the organization’s strategic planning. In order to do this effectively, they must collaborate with the rest of the organization through clear communication channels and have adequate security awareness; particularly if it is a global business concern.

The Consequence of losing reputation

Reputation risk is a risk of loss as a result of damage to an organization’s reputation. This can occur due to an adverse or criminal event, whether the organization is guilty of the occurrence or not. Such occurrences include safety matters, security issues, ethics, product or service quality, sustainability and innovation matters.

These can result in loss of trust with customers by an organization losing, with the attendant loss of patronage, loss of revenue and the risk of litigation. These, in extreme cases can lead to bankruptcy of the organization, loss of revenue and expensive litigation where customer’s right and privacy are invaded. Typical examples of this are the case of reputable consulting organizations, BP and Goldman Sachs companies, just to name a few.

How can risks be managed?

In order to have and maintain a responsible and successful corporate position, a risk management plan is a must. It helps not only to protect the financial and physical assets, but most importantly, the people.

There are many strategies that can be employed, but the choice depends on the type of business and the type of risk involved. Many risk management standards also exist. These include those developed by the International Organization for Standardization (ISO), the actuarial societies the Project Management Institute, and the National Institute of Science and Technology.

Despite the existence of variety of strategies that can mitigate risk, there is a fairly standard way consisting of five basic steps of identifying and managing risk.

The first is identification of the risk, followed by assessing how vulnerable key assets like information are to the identified threats. Next, the consequences of specific threats to assets must be determined by the risk manager. This is followed by identifying ways to reduce the risks and lastly prioritizing the management of the risk according to their importance.

Management of risk can take the form of accepting the consequences of the risk and budgeting for it. The risk can also be transferred to another party by insurance. Another way is by closing down a high-risk area of business. The last measure that can be employed is to reduce the risk by such actions like back-up plan for data or installation of sprinklers for fires.

Top executives cannot and should not play Ostrich, by keeping their head in the ground. With the dynamic changes in information technology and security and all the associated vulnerabilities, a robust and dynamic risk management must be on the table. Infrastructural risk should be part of weekly meeting agenda, even if there is no risk in sight. It is always good to be safe than sorry.

Organization leaderships should hold the mantra through their actions that prevention is always better than cure. As organization experiences these security turbulences, thus exposing their vulnerabilities each day because of the breakneck speed at which the technological infrastructures changes; top executives should be the leading voice because their authority and influence can go a long way to keep the man guiding the post to be conscious and be successful in protecting and mitigating these risks.