The State of Agile Risk Management – IRM Webinar Review
Recently, the Institute of Risk Management’s Switzerland Chapter hosted a webinar in which Stephane Martin, CEO of VirtueSpark’s partner Smart Risk Consulting, presented the findings of a study he had recently undertaken for a client.
The study was an in-depth investigation into risk management agility and culture and was conducted in two parts. The first part involved extensive research, engaging risk management experts for interviews, and harvesting online content and white papers covering agility in risk management. The second part polled risk practitioners across different industries about the state of agile risk management in their companies. The findings provide some intriguing insights that help us understand the current state of agility in risk management.
Assessing the Status Quo
The first segment of the study, which was inherently theoretical in nature, attempted to lay down some of the basic principles of agility as applied to risk management. These fundamentals framed the questions to risk practitioners in the second part. The preliminary findings were grouped into categories, covering concepts, definitions, frameworks, process steps, and competencies, among others.
In general, the findings of the survey were that even a general definition of agility is lacking in all organizations, and in 90% of organizations, there is also no definition of agility as applies to risk management. Nevertheless, most respondents could pinpoint their own definitions of agility as the need to adapt to changes.
Formalized competencies or behaviors needed to become risk agile were similarly lacking, with all respondents stating that there was no documentation in their organization regarding risk agility. Once again, though, respondents could point to competencies and behaviors such as flexibility, problem-solving, and open communication as necessary for success in risk agility.
Unfortunately, but perhaps unsurprisingly, the barriers to implementing risk agility highlighted many similar challenges faced by organizations attempting to implement any kind of transformation. These include rigid company processes, slow decision-making, a lack of support from top management, and short-term thinking.
Even in the absence of any clear definitions, respondents demonstrated that their organizations had either begun to implement initiatives to become more risk agile, or respondents had clear ideas about what kind of initiatives would be necessary. Broadly, these were concepts that aligned closely with the competencies and behaviors and included adopting a more flexible approach, working more closely with management to highlight linkages between risks, and developing better systems for managing risks.