First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

You are here: Home / Business / Always-on risk and strategy management

By | 2 Minutes Read

Always-on risk and strategy management

always-on strategyI like the idea of “always-on” strategy and performance management, as discussed in a piece by members of the BCG consulting firm.
Always-On Strategy hardly mentions the word “risk”, but it’s there in a major way.
Consider this:

To increase the odds of success in today’s turbulent environment, leading companies are complementing their annual strategy-setting process with something more dynamic. We call it always-on strategy.
Always-on strategy gives companies a systematic way to scan for signs of disruption and explore unexpected changes to the strategic environment. Companies identify the most pressing strategic issues and regularly engage senior leaders in formulating a response.

Doesn’t this sound like risk identification, assessment, monitoring, and response?
Aren’t “issues” the same as risks?
Later, the authors say:

Always-on strategy complements the annual [strategy] process by giving senior leadership a regular forum in which to monitor and discuss issues that warrant continual attention, including those identified during the annual process and during the course of the year.

Isn’t this what we strive to achieve with risk management, addressing the issues that might affect the achievement of strategies and objectives?
But the authors see issue or risk monitoring as the responsibility of the Chief Strategy Officer:

The chief Strategy Officer (CSO) and the strategy team are ideally positioned to identify issues from the top down, both in the business units and externally. They can provide a structure and tools to capture and filter information from the broader organization.

CSO doing this instead of the CRO?
What does this mean?
If the language of strategy and issues resonates with leadership, use it instead of the technobabble of risk.
I met one CRO who reports to the CSO.
Is that a model that makes sense (in non-regulated industries – because the regulators have a risk-averse view of risk management)?
Maybe it does.
Maybe it allows and stresses an emphasis on achieving objectives instead of ‘managing risk’.
What do you think?

Norman D. Marks, CPA, CRMA

Norman has led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT security and governance functions.

He retired in early 2013. However,he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.

Latest posts by Norman D. Marks, CPA, CRMA (see all)

Share with a friend or colleague

Learn the 10 essential HR policies in the time of COVID-19

Get the Latest Posts in your Inbox for Free!

About Norman D. Marks, CPA, CRMA

Norman has led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT security and governance functions.

He retired in early 2013. However, he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.

Footer

About us

Established in 1995, First Reference provides organizations with practical and authoritative resources to help ensure compliance with constantly changing Canadian legislation and best practice

Main Menu

Stay Connected