Conquering Risk Through Transformation: A Union of Risk Management and Strategy

In our current volatile risk landscape, organizations have a unique opportunity to change their perspective on risk management. Instead of viewing risk management as mitigation only, forward-thinking leaders transform their risk management practices to align with overarching business strategies to drive business success. In a recent panel discussion at the annual Audit + Beyond conference, Ronel Vermeulen, Director at CrossCountry Consulting, and Saul Armenta, Vice President of SOX & Financial Compliance at T-Mobile, shared the insights they learned while driving transformation and connecting ERM with business strategy in their own organizations. This article defines risk transformation, summarizes the benefits and challenges they faced applying risk transformation in their own businesses, and provides a roadmap to reach your goal.

What Is a Risk Transformation?

To take advantage of risk as a strategic differentiator, organizations must first transform their perspective on risk management. As Saul Armenta explains, “A risk transformation repositions risk management as a strategic business partner together with process owners, technologists, data specialists, and functional owners to form an integrated approach to risk management.” The partners then work together to identify the relevant risks and design the most practical, collaborative risk response, which could be mitigation through controls, prevention through automation, or whatever solution the group agrees to pursue. Through a risk transformation program, the organization integrates a variety of viewpoints to understand the interdependencies between the business functions better. 

Benefits and Challenges to Risk Transformation Programs

Risk transformation centers on delivering value to the organization in several key areas. The primary value is realized by improving risk mitigation strategies across the business by bringing together the stakeholders involved in the control processes. Ronel Vermeulen says, “The integrated approach typically leads to streamlining the control systems, which reduces compliance burden, often through standardization and automation.” The benefits continue to grow since reduced compliance fatigue then results in an improved employee experience. 

While everyone may agree that the value of a risk transformation is worth the effort, there are common challenges that can derail the program’s progress. Vermeulen recounts, “Again and again at the end of a transformation, executives have shared that they wished they had brought in the risk and controls teams earlier. Because they brought the risk team in late, they had to rework processes around risks and controls they had not considered.” Other challenges arise when the organization is overly focused on a single risk area, like finance or compliance, which can reduce the ability of the teams to collaborate on other risk topics fully. Finally, Armenta relates, “When there is a general lack of risk awareness across the organization, the teams may not realize that the risk and control teams are an internal resource they can tap into for advice early in their initiatives,” leading to a reactive approach to risk and control. 

Roadmap for Successful Risk Transformation

When considering an integrated risk transformation, developing a road map that ends with risk having a seat at the table and adding value to the organization is critical. Ronel Vermeulen says, “There are four key steps that should be included in your roadmap.” These four steps include:

• Ensure risk is part of the target operating model
• Create a risk team with the right skill sets, relationships, and influence
• Establish design principles that will guide you
• Remain engaged in stakeholder engagement and integration

Vermeulen explains, “When you are talking about the value that you bring to the table as part of this and being the strategic ally, also think about how you will measure success and develop performance indicators for tracking.” 

Conquering Risk

Saul Armenta reminds us that having all of these steps in place can lead to the strongest risk response – risk elimination. “When you gather the right people together to tackle risk concerns, you can streamline, automate, and eliminate processes and remove risks so you will not need to spend time and effort managing unnecessary risks.” A successful transformation ensures everyone is aware of risk and control and understands how managing risk is part of their job. Each person works in a way that balances their job responsibilities to add the most value to the organization. Vermeulen points out, “The risk transformation applies to all organizations, of all sizes, and all risks that can impact the organization.” By applying the best practices presented in this session, you can take advantage of the work done by those who have already been through risk transformations and ensure a successful union of risk management and strategy.