The Why and How of Integrated Risk Management

Posted by Peter Bussey on Fri, May 04, 2018 @ 10:31 AM

Find me on:

To say that industrial organizations today are operating in an intensely competitive, fast-changing business environment, dramatically understates the situation. Companies are under constant pressure to be more efficient, more innovative, and attain a competitive edge. Environment, health, and safety (EHS) and operations leaders face significant challenges with greater compliance obligations, complex global business networks, increased stakeholder demands for transparency, and the constant drumbeat of rapid change. Using a set of manual, localized solutions to manage business and operations data further adds to the woes of EHS and operations leaders.

As change accelerates, the risk environment gets more complicated, and risk management becomes necessary to deal with the uncertainty impacting the organization’s success. Business leaders need to quickly adapt to change including new threats such as industrial cybersecurity. To be resilient, organizations need to incorporate risk management into decision-making and resource allocation throughout the enterprise.

Business Integration of Risk Management Falls Short

Widely-recognized consensus risk management guidelines such as ISO 31000 and the COSO Enterprise Risk Management guidance outline principles for effective and efficient risk management across an organization’s entire risk portfolio. Such guidelines emphasize the necessity of embedding and integrating risk management activities throughout the enterprise, from strategy and planning to day-to-day operations on the plant floor.

Operational Risk Management FrameworkFor example, ISO 31000 principles of risk management include alignment with other business activities, integration with all other business activities, and consideration for organizational and cultural factors. These are directly related to business strategy, leadership, and embedding risk processes into all areas of the organization, as appropriate. Organizations often come up short in this regard.

LNS Research recently polled EHS and risk practitioners on their adoption of eight accepted risk management principles. Although most respondents had robust and appropriate risk assessment and treatment processes, the three principles, mentioned above related to business strategy and leadership had low adoption rates. This indicates there is much work to do in fulfilling the promise of integrated risk management, especially from an organizational culture and leadership perspective.

Integrating Risk Management into the Business with a Unified Framework

If business integration is the goal, a key strategy to get risk management working effectively and efficiently throughout the enterprise is to adopt a unified framework.

One aspect is to standardize risk management across the risk categories in the enterprise risk portfolio, including operational, supply chain, financial, and reputational risks, among others. Another aspect is to rationalize the risk-based approach to various management system standards. This is made easier by the harmonization of risk-related requirements of ISO 9001, 14001, and 45001, and the 2018 update of the ISO 31000 RM guidelines.

Given the greater complexity and interconnectedness of risk environment, developing a unified risk management framework makes more sense now than ever.

Consider Integrating, Selectively

To be clear, this is not to say that all risk management activities, processes, and enabling technologies should be integrated into all organizations. Instead a unified framework should be considered and implemented where it makes sense. Some risk management processes, including closed-loop risk assessment and treatment are good to standardize across domains such as quality, health and safety, and environmental management.

Enabling information technology systems supporting risk management are also ripe for consolidation, as there are many common processes that cross business function boundaries. This includes not only risk assessment and treatment but related if not integral processes such as management of change, and audit, incident, and action management. Another area of potential integration and benefit is bridging the business/operations gap to take advantage of rich sources of process-level granular Big Data, and advanced analytics capabilities for predictive risk management.

Fast-paced change in industrial operations and global business networks presents new risk management challenges. Industrial cyber security threats are a prime example. How an organization adapts its risk management activities will impact its success in achieving its objectives in the face of uncertainty.

Choosing the Right Software Partner to Mitigate Risk

Our research shows that most organizations relying on localized, manual solutions for risk management. This amounts to complex, confusing webs of systems and data sources that can’t support effective enterprise risk management. Organizations today need next-gen enterprise and industrial software that can consolidate disparate IT systems and data sources into a singular, holistic solution, delivering deep visibility into performance metrics, and fostering cross-functional interaction.

But selecting the right software solution is a complex undertaking that demands multi-level, multi-regional, cross-functional, and inter-departmental collaboration. Read the ebook, “Software Selection Handbook: A Methodology for the Pursuit of Happy Users, Lowest Risk, and Best ROI” to identify and avoid the many pitfalls and challenges throughout the selection process.

Software Solution Selection Handbook

Tags: Environment, Health and Safety (EHS), Compliance, Risk Management