Supply Chain Risk Management: Part III

Today's corporate directors have a broad view of risk oversight as a responsibility for the whole organization, says Dennis Chesley, PwC's risk consulting leader for the America and Asia Pacific. Indeed, seven years after the financial crisis, roughly half of all boards in PwC's most recent “Annual Corporate Directors Survey” still plan to increase their time and focus on risk management.

“Directors that I speak with recognize that risk is an element in all their deliberations,” says Chesley. “But boards don't always get what they need from their risk functions, even those that have adopted best-in-class enterprise risk management.”

According to Chesley, chief risk officers often present to their boards detailed laundry lists of risks, heat maps with probabilities and impacts for every conceivable risk, as well as contingency plans for every worst-case scenario short of the “zombie apocalypse.”

“In one recent conversation, a chief risk officer told me that their risk register contained 1,472 risks,” says Chesley. “At that moment, I realized this approach took every key control in the organization and labeled the failure of that control a risk. Too often, these laundry list approaches provide a lot of detail, but make it hard to see what's important and what's not.”

That's all well and good, Chesley adds, as it certainly helps to portray to boards that risk is “doing its job.” However, it doesn't help boards do their jobs.

Chesley tells logistics managers that there is now new guidance available to help close the gap between boards and their risk functions, however. In fact, The Committee of Sponsoring Organizations of the Treadway Commission [COSO] has recently released a draft of its updated ERM framework called “COSO Enterprise Risk Management—Aligning Risk with Strategy and Performance.”

“The previous edition of the COSO ERM framework, published more than 10 years ago, was already the leading risk framework, used by thousands of organizations worldwide,” says Chesley. “With this update, COSO hopes to emphasize a few things that will make ERM even more relevant.”

Chesley explains that this new draft describes several new dimensions of risk's influence on strategy in plain English. “It frames risk in terms of its influence on an organization's own particular performance objectives,” he says. “This puts risk in language that is top-of-mind for every manager in the organization, for virtually every decision beyond what to have for lunch.”

Perhaps most importantly, it does so in very practical ways that will help boards better understand the risk profiles of their strategies and the warning signs of when their strategic assumptions have gone awry.

SC
MR