G.R.A.S.P – A Differentiator for Risk Management

During the next few years many businesses will be moving forward to normalcy. Whether that is a new normal or just a variant on the past normal we are not quite sure just yet. What we are sure of is that all of use will have to do something differently.

In our review of the risk landscape we have determined that there are a couple of actions that all risk management teams will need to take if they are to remain relevant or simply to separate themselves from the average risk management team.  Of course, being the brilliant consultants that we are, anything that we create has to have an acronym. Ours is G.R.A.S.P.

So, to help you all get a grasp on the risk universe and emerging challenges that we are all facing, lets us introduce to you G.R.A.S.P.

G = Governance: This is an area that has long been neglect in risk management. Usually it is left up to industry regulators or internal auditors to review and opine. This seems shortsighted. Governance, the infrastructure and methodology to oversee and manage, is a key pillar of risk management. Unfortunately, many audit teams do not audit governance, and even fewer risk managers include it in their scope of responsibilities.  It may be time to make sure that we are taking a keen interest in governance processes within our organizations.

R = Response: A key learning from the recent pandemic should be an eye opener for all of us in risk management.  It has been proven time and time again that risk assessments are only good at predicting those things that have occurred. An even then, we still don’t know when something will happen.  However, those organizations that can recognize and respond quickly to a risk event will have a better chance of minimum impact to the bottom line. Now might be the time for risk managers to strengthen the businesses recognition of risk events, establish a rapid risk response methodology and/or team, and implement create policies, processes and training for a strong rapid response process.

A = Analysis: We all have indicators that feed us data but the question that arises is what does that information tell us?  In recent reviews completed by auditors in several companies it was noted that while indicators are a way of managing information, many business leaders are lost when it comes to interpreting and analyzing the information. More telling is that many indicators are one-dimensional and very few risk managers are integrating risk data to get a complete picture of risk for an organization. Perhaps it is time to revisit our development of indicators, the complexity of those indicators, the integration of risks and our ability to analyze the data.  Good GRC tools and methodologies can help in this regard.

S = Scenario: As in Scenario Analysis an often-overlooked tool in our operational risk kits. A properly developed scenario analysis that complements historical internal and external data could yield valuable information on potential threats that could result in more complete risk-based decision making and also better planned contingencies which in turn could save us a lot of time and money.

P = Profiling:  Most of us are familiar with the risk assessment. While we do have some reservations on the use of the risk assessment and a couple of small inherent weaknesses that manifest themselves with the risk assessment, they can be great tools for management.  However, a “Risk Profile” can bring the management of risk an additional piece of information that supports sound practices. The Risk Profile includes understanding the motivation for decisions. A single manager, an entire leadership group or the Board of Directors can drive this motivation. Regardless, motivation, or the reason “why”, is an extremely important piece of information that is absent in many risk processes today.  It will pay dividends to better understand the emotion of risk management not just the data.

SO, as we emerge from the pandemic and engage again in business activities it is important to GRASP hold of the future. From a risk management perspective, we can truly feel comfortable moving forward when we know our processes are sound, our people are engaged and our tools are robust. Only then can we take advantage of the opportunities that are coming our way!