What does a risk-aware organization look like? Start by treating risk as a shared responsibility.
In an evolving approach to risk management, leaders must examine who is responsible for risk management and how they can adopt solutions that protect all parts of the organization.
A comprehensive, cross-functional approach to risk management is widely accepted as a sound strategy for organizations, with nearly 80% of executives agreeing that risk management must involve all parts of the organization. In our recently sponsored Economist Impact survey of over 650 executives worldwide, the numbers suggest a hesitancy for putting this effort into practice:
Less than half of executives are investing in organization-wide risk management teams. Only 36% report integrating risk management into their overall strategy or placing decision-making as a priority feature of their risk management system.
While risk identification and management are top of mind, many leaders are still trying to understand the interconnected nature of risk, which should lead to the establishment of a cross-functional structure for dealing with adverse events. Something that happens in one part of the enterprise, a regional financial market, or the world can cascade through the organization’s operations in many ways.
So what does a risk-aware organization look like? Going beyond the singular role of risk manager or risk officer, risk management is an effort that requires an interdisciplinary, interconnected approach to create a framework for anticipating and mitigating risk across the entire organization.
The pitfalls of a siloed risk strategy
Risk is present everywhere in an organization. The past few years have brought an increased focus on the factors that drive risk, from financial to technological, environmental, operational, and new approaches to the workforce. The majority of global leaders understand the many sources of known risk and continue to concern themselves with mitigating it. While these leaders agree that risk management must consider all parts of an organization, a majority (57%) say their organization needs to improve cross-functional collaboration to manage risk.
A risk management strategy that focuses only on cybersecurity, financial factors, or supply chain fluctuations, or that targets only specific business units within the organization fails to stay ahead of both risk identification and mitigation. For example, significant shifts in workplace reconfiguration or closures have proven to be an unexpected source of risk.
“Risk is a factor in any business endeavor. Our job is to plan for and properly manage the activities that we know can create increased risk. It is also incumbent upon us to share what we’ve learned from the past to anticipate potential risk. Best practices, experienced personnel, appropriate resources, as well as proper communication and collaboration, are essential to risk mitigation.” – Aurora Cammarata, Corporate Real Estate & Facilities Advisor, Iron Mountain
The research shows very little formal accountability for risk management within an organization—only 29% of leaders have clear policies around risk management and only 22% have designated accountability in place. This creates a risk environment that leaves departments and employees in the dark, leading to potential scenarios where one area of the organization may suffer an adverse event, while another may feel its impact but have no way of anticipating or managing it for themselves.
Research conducted in 2022 found similar responses related to organizational resilience—which goes hand in hand with risk. A resounding 84% of executives agree that to succeed in creating a sustainable, resilient culture and operations, cross-functional collaboration is essential.
Related: Read more about why building organizational resilience is a team sport.
Who is responsible for risk management?
To create a truly risk-aware organization, risk management must be a shared responsibility. Over 60% of executives think their organization needs to improve information sharing between functions, teams, and external partners. When asked “Who is responsible for risk management in your organization?” these leaders identified a range of roles from CEO to the head of IT, showing a lack of consensus on who is ultimately responsible.
Because risk identification and management are happening on the ground in day-to-day activities, it’s important to equip everyone in your organization to be a risk manager and promote cross-functional collaboration. Let’s explore what this looks like in a risk-aware organization.
What does a risk-aware organization look like?
A strong indicator of effective risk awareness is representation by key stakeholders, yet only 4% of surveyed executives report having a risk management committee that is directly responsible for driving risk management. A risk management committee creates the scaffolding needed to build a comprehensive, cross-functional team dedicated not only to informed decision-making but to the pursuit of practical applications of risk management across the organization. The design and implementation of a risk committee can bring several benefits to your organization, including:
-
Expert insight from risk officers, legal, operations, IT, data analytics, human resources, facilities, senior management, and potentially external experts
-
Effective collaboration between departments or business units
-
Optimized resources and budgets to better implement risk mitigation
-
A shared purpose for managing risk and protecting your organization’s reputation
-
Creation of an enterprise-wide policy and education program
Risk literacy has a tremendous impact on an organization’s ability to execute cross-functional collaboration. By adopting the language of risk management, risk-aware leaders create a culture that promotes the proactive identification and assessment of risks. Being “risk literate” empowers employees to understand, evaluate, and respond to risks in their respective roles. These employees can effectively communicate potential threats and vulnerabilities to other parts of the organization, fostering timely decision-making and effective risk management.
A risk-aware organization measures risk and the success of its risk management practices. The majority of executives believe their risk management efforts are performing better than they perhaps actually are. Nearly 70% feel that they’re somewhat or significantly ahead of their peers in risk management, but they don’t have a consistent way to track or measure their efforts. This makes it difficult to articulate the return on investment of risk management investments and to share progress with stakeholders. Promoting measurable risk management helps all areas of an organization stay invested and committed to ongoing initiatives.
Why is cross-functional collaboration key for risk management?
In today’s complex landscape, effective risk management is crucial for organizations to thrive. A risk-aware organization recognizes that effective risk management requires a collective effort beyond individual departments or functions. By fostering cross-functional collaboration through open channels, dedicated teams, risk literacy, and accurate measurements, organizations can amplify their ability to identify risks early on and proactively manage them.
Risk management and organizational resilience continue to be popular for large-scale discussion, and executives are more interested than ever in bringing both into action. Find more expert recommendations and global insights by exploring our risk and resilience resource center.
Featured services & solutions
Amplify risk management. Strengthen resilience. Empower your organisation.
Archive, backup, recover and store data with Iron Mountain portfolio of solutions. Minimize downtime and ensure business resilience and continuity.
Resilience reimagined
Are organisations ready to face the next unknown? This report, co-sponsored by The Economist and Iron Mountain, helps to answer that question.