As a business leader, you are risk-aware. You want to innovate to add value, while maintaining compliance.
You do this because you want your organisation to succeed, and delight customers.
As a risk leader, you have developed business acumen. You want to add value and enhance compliance. You do this to help your organisation succeed, and delight customers.
The objectives are the same.
So why do you get the feeling that risk management is getting in the way of your ability to innovate? Or that innovation is getting in the way of your ability to manage risks?
What if risk management enabled your customer-centric business approach?
Traditional risk management activity is internally focused.
What if you considered risk management from the outside in?
Data privacy, for example. New rules have meant changes - so it is likely that you have been evaluating data privacy recently, or perhaps even right now.
Traditional risk thinking concentrates on the risk that your organisation faces - internally focused. If you've been lucky and have not had a significant breach, colleagues may challenge you like this:
“why focus on that - we have not been breached?”
Of course you could counter with “we haven’t been breached because we focus on it”.
In practice, this doesn't always work. You will probably be ignored, right?
Now switch that around, to focus on customers’ expectations, saying something like this:
"what would happen to our customers if we don't protect their data ... and what would that then mean for us?"
How does the customer perceive the risk - what do they expect us to do, are we up to it? Because: 1) we don't want to lose our customers, and 2) we want to keep our promise.
This is much harder to ignore - if you are truly customer focused.
It also means a change in thinking about which specific granular risks are most important.
How exactly are you going to allocate your limited resources.
This is just an example. You’re probably thinking about a range of other scenarios where outside-in thinking would achieve a better result.
If your organisational purpose, mission, vision or strategy includes the word customer or member - outside-in risk management is a natural extension of what you stand for as an organisation.