I like the idea of “always-on” strategy and performance management, as discussed in a piece by members of the BCG consulting firm.
Always-On Strategy hardly mentions the word “risk”, but it’s there in a major way.
To increase the odds of success in today’s turbulent environment, leading companies are complementing their annual strategy-setting process with something more dynamic. We call it always-on strategy.
Always-on strategy gives companies a systematic way to scan for signs of disruption and explore unexpected changes to the strategic environment. Companies identify the most pressing strategic issues and regularly engage senior leaders in formulating a response.
Doesn’t this sound like risk identification, assessment, monitoring, and response?
Aren’t “issues” the same as risks?
Later, the authors say:
Always-on strategy complements the annual [strategy] process by giving senior leadership a regular forum in which to monitor and discuss issues that warrant continual attention, including those identified during the annual process and during the course of the year.
Isn’t this what we strive to achieve with risk management, addressing the issues that might affect the achievement of strategies and objectives?
But the authors see issue or risk monitoring as the responsibility of the Chief Strategy Officer:
The chief Strategy Officer (CSO) and the strategy team are ideally positioned to identify issues from the top down, both in the business units and externally. They can provide a structure and tools to capture and filter information from the broader organization.
CSO doing this instead of the CRO?
What does this mean?
If the language of strategy and issues resonates with leadership, use it instead of the technobabble of risk.
I met one CRO who reports to the CSO.
Is that a model that makes sense (in non-regulated industries – because the regulators have a risk-averse view of risk management)?
Maybe it does.
Maybe it allows and stresses an emphasis on achieving objectives instead of ‘managing risk’.
What do you think?
He retired in early 2013. However,he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.
Latest posts by Norman D. Marks, CPA, CRMA (see all)
- How effective are your systems of governance, risk, and control/compliance (GRC)? - October 19, 2021
- Delivering value from IT audit - September 22, 2021
- Selecting software for risk management - August 18, 2021