Achieving a dynamic approach to operational risk management is essential in today’s uncertain, interconnected, and increasingly volatile world

On 6 September, StrategicRISK hosted a webinar in partnership with Riskonnect to discuss how agile risk management can help businesses to overcome many of the operational challenges they face in their day-to-day operations.

Chaired by Matt Scott, co-founder of Insurance DataLab, our expert panel consisted of Riskonnect director of sales and partnerships Charles Longridge, Chapelle Consulting managing partner Ariane Chapelle, Santander UK operational risk and resilience oversight Lori Slack, and Smart Risk Consulting CEO Stephane Martin.

The discussion began with an exploration of what it means to be agile, and why it is important for modern businesses.

“Agile is all about being adaptative and responsive to feedback,” said Chapelle. “This means that for operational risks it is all about being responsive to new information and new events, and constantly adapting your risk management practice [in response].”

Martin added that companies that make a success of agile risk management often share a set of core competencies that set them apart from the rest of the market.

“[Agile organisations] have cross-functional capabilities, are self-organised, collaborative, and have a proactive approach to managing risk,” he said. “They are also active in their learning and have the ability to scan their environment – a real sense of curiosity.”

Culture too is important, with Slack adding that the most successful agile organisations have a “common strategic direction, clear accountabilities for budget and hand count, and delegated decision-making”.

“Culturally, an agile organisation that is committed to both innovation as well as the engagement of its colleagues and stakeholders is invaluable,” Slack added. “This provides an opportunity to speak up and challenge while learning through the launch of new products and ongoing feedback.”

Learning From the Past

The shockwaves that reverberated around the world in the wake of the Covid-19 pandemic have now brought into sharp focus the importance of organisations possessing these traits.

Longridge said that events such as the pandemic had forced organisations into making faster decisions than they had previously been used to, arguing that organisations should now be looking at “quality data from source, in real-time rather than relying on just periodic reports from analysts or subject matter experts”.

To this end, Longridge said that technology had become increasingly important for agile organisations, allowing businesses to “automate and process more information to get ahead”.

As well as changing the way many organisations operate and respond to risks, the pandemic has also proven to be a learning experience for many – something that agile organisations were able to turn to their advantage.

“The ability to quickly pivot, openness to new approaches, and breakdown of traditional ways of working are all examples of how agile teams quickly adapted and demonstrated their resilience in light of cross-market situations which could not be scenario tested alone,” Slack noted. “Agile players quickly overcame barriers in decision-making and even redefined how they met their customers’ needs.”

The subsequent supply chain crisis that has arisen out of the pandemic has also provided its own opportunities for learning.

Martin said that several organisations he has worked with have used the forced changes to their supply chains – such as repatriating operations back onshore – to improve their ESG credentials.

“[There has been] a real shift of mindset and a number of decisions linked to the choice of production now links to the carbon footprint created, not only the cost,” Martin noted. “Even though this has been pushed by investors or rating agencies, the pandemic situation has also been a help in that regard, [allowing organisations] to apply better, greener logistics.”

But how do you implement agile in your organisation?

One of the biggest challenges to implementing agile in any organisation is culture and structure – and namely those siloes that exist within many of today’s businesses and limit the proper flow of communication.

“We need to break down silos within organisations and make the process more collaborative and accessible,” Longridge said. “Technology can play a part… [but] it is the business culture that needs to change first in order to remove silos of risks.”

Longridge continued by saying that “organisations must move away from just a top-down prescriptive process to allow bottom-up communication from operations and third parties”.

He added: “If not, decision makers cannot plan effectively – they will not have line of sight to the root cause of the risks that affect the business. To do this you need to extend the ownership of risks, and not just controls, beyond management.”

Ultimately, however, Chapelle was able to sum up the need and purpose of agile risk management in one concise statement.

“Companies with good risk management culture are those constantly seeking to improve their risk management practice, without waiting to be told by regulators or internal audit,” she said. “The capacity to question oneself and strive to improve is a key feature of agile risk manager.”