Your Biggest Organizational Risks and Your Role in Addressing Them
The last few years have shown we need to change our approach to addressing organizational risks. Traditional risk management efforts give us a list of what to worry about in the short term. But we also need to consider the really big risks that could arise down the road and cause major damage.
The Importance of Looking at Risks Ahead
To understand why looking ahead at potential organizational risks is critical, here are three fictional executives and the challenges they’re dealing with:
- Melissa has been CEO for the last five years—an extremely difficult time that stretched from just before, straight through, and now immediately after the COVID-19 pandemic.
- David is the president of a U.S. state university system. Everything he and his colleagues built and supported was completely upended during COVID-19, as students and faculty avoided the campus and interacted virtually for two full academic years.
- Mary is the executive director of a huge mission-focused not-for-profit operating on three continents. Everything from fundraising to critical service delivery has been at risk since early 2020.
These are three executives with very different backgrounds—each leading very different organizations. But they all have one critical concern in common as they look past COVID-19 to the next five years: What’s next?
Business risk management efforts lean heavily on the here and now. What known and emerging threats do we face today? And how can we hold them back from causing harm to our organizations and us in the short run?
But what about tomorrow? And next month? And next year and beyond? Are we paying adequate attention to what’s hiding just over the horizon—what many risk professionals refer to as prospective or upstream risks?
This is key, as it’s the risks ahead—the ones that “could never possibly happen here”—that have the potential to change everything.
5 High-Impact Organizational Risks to Consider
For organization leaders and auditors at all levels, here are five organization risks to get your own discussion started.
- People and Knowledge Risk
This risk area has several branches of concern, including competitive-edge technology; information systems that can support growth projections; and intellectual property, formulas, and processes.
But what about human risk? Specifically, will we have the employee and manager years of experience, operational knowledge, and allegiance to the organization needed to meet strategic and operational goals? Or will we face a growing pattern of experienced staff jumping ship for perceived better opportunities and greater security with competitors? Will we experience new replacement staff doing what’s expected but not looking long-term to their employers for career potential and financial security?
Thanks to COVID-19, we’ve all encountered businesses, both large and small, that can’t serve customer, student, and even taxpayer needs simply because there’s no one available to meet those needs. What if that trend accelerates in the next five to ten years? What would be the impact on pretty much every aspect of any organization’s ability to meet their objectives?
- The Tone in the Middle Risk
There’s so much talk among audit and compliance professionals about the importance of the “Tone at the Top.” But what about the “Tone in the Middle”? What are the risks when mid-level managers and supervisors slide away from what they feel are outdated or unreasonable official corporate policies and instructions in pursuit of just getting through this week, this month, and this quarter? What’s the impact on organizational and individual ethics?
From my work over four decades, I know a few things for certain. But firmly on that list is when there is a disconnect between the tone at the top and the real-world tone in the middle and first-level ranks, there’s a problem—a HUGE problem that’s often difficult to see or mitigate right now to head off even greater risk tomorrow.
- Geopolitical Stability Risk
We’re living in a very divided world. That’s not news. But what happens when those divisions jeopardize leadership’s ability to move forward confidently? Long-term investment decisions on infrastructure, hiring, technology, facilities, and other factors must take into account projections about political implications both in our home countries and increasingly abroad.
From for-profit businesses to not-for-profit service organizations, risk decisions about human resources investment, inventory and equipment staging, transportation and banking reliability, and individual safety are all subject to geopolitical stability concerns. Throw in government and corporate corruption plus organized crime often found in countries with the greatest potential for revenue growth, and these risks grow exponentially.
Your pushback might be, “But we only operate in our home country environment.”
But what happens when your university is politically identified as red or blue, and half of your potential students shy away from applying out of concern that their educational and career interests will be marginalized or ignored? Or political leaders attack your regional construction firm because you’re reluctant to financially and verbally support their one-sided agenda? Or your local restaurant chain, bakery, or manufacturing company is tagged politically one way or the other?
Geopolitical and domestic political risks have far-reaching implications for pretty much every organization. Are your leaders doing enough today to shield the organization and their employees from the potential—perhaps likely—fallout?
- Weather, Water & Energy Risk
Historical weather patterns are changing. Destructive storms are damaging in-place investments. Water resources in much of the world are strained and getting scarcer by the day. The cost of energy production and distribution has become unpredictable due to changing technology, shifts away from fossil-fuel-based sources, and supply uncertainty when the source is in neighboring countries and beyond.
A triple-threat prospective organizational risk from weather, water, and energy. What’s your organization’s mitigation plan for the next ten years and beyond?
- Artificial Intelligence Risk
The power of artificial intelligence to influence decisions, sway voters, and skew the accuracy of perceptions is already scary. Just ChatGPT should keep organizations leaders and their auditors awake at night over the risk of it being “weaponized” by competitors, hackers, organized crime, and even nation-states in their efforts to undermine legitimate business activities. The organizational risk, in short, is huge. Moreover, it’s largely underestimated by today’s managers.
Finding the Balance in Addressing Risks
When contemplating the management of future risks, one of my favorite expressions jumps out: “They did the best they could considering the task was impossible.”
It’s impossible to predict the impact of the following on business:
- Skilled labor
- Middle-manager actions
- Political stability
- Effects of weather, energy, and water
- Artificial intelligence
And yet, as auditors and professional risk compliance managers, we’re asked to do just that: consider the risk impact, likelihood, and mitigation plans in place or planned.
Our job isn’t to find solutions to these and other prospective big risks. But it is to evaluate whether others are doing just that.
What are your organization’s five biggest prospective risks? And are your leaders really doing enough about them right now?