About Brian Schwartz

Brian Schwartz leads PwC Risk Assurance’s Governance Risk and Compliance (GRC) practice, overseeing all GRC service offerings, including risk management, compliance and business continuity management. Follow him at @schwartz_brian.
Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Creating a Strong Defense and Offense in Your Risk Management Program

Stakeholders demand that companies grow, but at the same time, they expect growth to be managed to make sure the brand is not tarnished. That means enabling value as well as protecting value, which comes down to striking the appropriate balance between risk agility and risk resiliency.

For many years, risk management has focused on protecting the brand and keeping the company out of trouble. But if it’s done right, risk management is about playing not only defense but offense as well—it’s about value protection and value enablement.

Defensive Risk Management

Defensive risk management is mostly about risk resiliency, enabling a company to either prevent bad things from happening or recover more efficiently from disruption. Defensive tactics include setting up a risk appetite statement and framework that are approved by the board on down. Next, the risks should be aggregated across the enterprise and mapped against that appetite along with related risk tolerances and limits. Defensive risk management is also about developing a set of very specific key risk indicators (KRIs) to look for. This includes having a solid business continuity management strategy that will quickly get things back on track after a risk event. These activities keep the company out of harm’s way, and may be the easier part of risk management.

Offensive Risk Management

The more difficult part is thinking about risk management offensively—leveraging it for strategic advantage and growth. The first offensive tactic is to align your risk management process with strategic planning so you can drive those priorities forward in light of all the risks you are facing. That’s not an easy thing to do because even though companies may think they’re aligned, many of them actually run two very distinct and separate processes. Another offensive tactic involves giving some of the risk management activities back to the business units—so they can run faster and drive risk-adjusted decisions and revenue plans.

Risk agility lets a company flex and grow by making the risk management process adaptable to changes in the business model or to external changes affecting the company.

online pharmacy cozaar with best prices today in the USA

It is also something that has to be thought about more formally so that it does not become counterintuitive to the growth agenda, but actually supports it and even helps drive it.

If a company is being held accountable by its stakeholders to grow—and they all are—that growth has to be pursued in a controlled manner so the brand doesn’t become tarnished. That is about striking the appropriate balance between risk agility and risk resiliency—playing offense and defense.

The simple fact is that companies that use their risk management activities to play both sides are more likely to see sustainable growth and better performance patterns because they are balanced between moving the business forward and keeping the business in check.

PwC’s study 2016 Risk in review: Going the distance highlights how companies can achieve this important balance. For example, companies that structure their risk management programs to play both offense and defense are more likely to see sustainable growth and better performance patterns.

online pharmacy rogaine with best prices today in the USA

In addition, these companies are nearly as likely to report that they expect significant revenue and profit margin growth (greater than 5%) as companies that are focused only on growth—and they are better positioned for sustainable success. Such companies are balanced between having the agility to move their business forward and the resilience to prevent bad things from happening and/or recover more efficiently from disruption.

online pharmacy fluoxetine with best prices today in the USA

pwc-3

High-risk growth

Some companies with aggressive top-line growth targets decide not to invest at the appropriate levels in their risk management programs, which can allow their growth to outpace their infrastructure. Following this course can bring more risks—vulnerability peaks and risk events become more crippling to the brand. In the end, more capital is spent on investments to take risk management activities to the next level after something bad happens to the business.

The mindset across industries is that immediate growth is great, but longer term, sustainable growth is better. Companies are building up stronger and more relevant second-line (risk and compliance) functions, and holding the first line more accountable on risk because they see that will help them achieve sustainable growth.
pwc-2

Adapt or get left behind

As the business landscape continues to evolve, companies need to adapt or find themselves in deep distress. The key to creating an effective risk management program is to find the right balance that allows for growth at a comfortable pace relative to the risk appetite and risk tolerance levels set by management, and accepted by the board. When that is done, your risk management program truly becomes a strategic asset, supporting both offense and defense.