Ok, if you have been following our ‘Doing Good Business Well’ series of blogs, you will already know this, but in case you haven’t … here follows a quick catch up. Two months ago, we announced the launch of our integrated approach to helping businesses achieve outstanding performance. In Chapter 1 – Your Ideas & Purpose, we covered:
- Mission or Vision Statement?
- Setting Your Strategy
- Setting Your Business Objectives and Planning to Succeed
A couple of weeks ago, we started sharing Chapter 2 – Checks & Balances, beginning with a topic all about Governance.
Is your organisation a “better to play it safe”? type of organisation or is the general ethos that “there is no getting ahead without taking some particular risks?”. Do leaders aspire to see their organisation represented as a “super hero” in your particular industry? This could have a big impact upon the amount of risk and challenge they want to take on, or indeed can afford to take on. Or are they more prudent?
Attitude to uncertainty and chance is important as it directs and guides how to identify and respond to new opportunities, take chances, and deal with uncertainty. It is essential for translating what you set out to achieve into delivering the best possible performance. It creates the boundaries beyond which your business doesn’t want to stretch, and the safety nets that are needed. It is core to decision-making and employee wellbeing and critical in this Pandemic / Post Pandemic world. Remember, there is no right or wrong answer though!
Risk Statements comprise of:
- How much risk to take – in broad terms
- Where do we take the most / least risk
This blog is about “How much risk to take’. You’ll have to stay tuned to read about ‘Where’ to take risk, because that comes in the next blog, but it’s pretty vital to get this bit right first, or you are just trusting to chance!
It is also pretty important that your business leaders do actually sit down and have a conversation about this, particularly now that you have a business plan and have started to mobilise that. I say this because we all know that despite all the good will in the world and even with an excellent business plan, even if it’s managed and executed by people with exceptional organisational and project skills…….. ‘stuff’ comes along. Life happens, the wind blows in the wrong direction, jobs disappear, climate change and digital inclusivity remain high on the agenda for many a politician, economist and society (your customers) in general.
Organisations who can bring many different experiences, attitudes, perspectives and methods to the table, for working and problem solving, exhibit great strength. But their decision-making and actions need to be guided by the original purpose of the organisation, the boundaries they have set themselves and the “stakes” they and their stakeholders are willing to accept.
This is where the Risk Statement comes in, because it guides this decision-making. If it is also published, it will let everyone (staff, customers, other stakeholders, regulators and governing bodies) know exactly what your organisation has put in place to manage any risk and uncertainty that could enhance or threaten the outcomes of your business objectives. (Yes risk is all about being willing to take a ‘punt’ on something uncertain for potential gain, as well as protecting your business objectives from negative threats.)
As your Annual Accounts normally contain a Directors Report along with Financial Statements, including a Risk Statement too, is a great way to build transparency and trust with stakeholders. Every Ltd. company must file a copy of its accounts for each financial year with the relevant tax authority (HMRC in the UK) and at Companies House (in the UK) regardless of its size. Financial statements have to be prepared and filed in accordance with the provisions applicable to the Financial Reporting Standard in the UK, and for global companies they have to go one step further and apply International Financial Reporting Standards (IFRS). This is so that statements can be consistent, transparent, and comparable around the world.
The accounts you file with Companies House are publicly available, so this is a good place to record your Risk Statement too, along with other Directors Reports. Almost all large corporations publish Annual Accounts on their company website and share with company members too.
With these things in mind, isn’t it a great idea to get out there and show the world how well your company has planned to seize opportunity and bat away threats. The way that companies perform in this area is also hotly debated at the moment with several large consulting firms, legislative and authorising bodies. So why not get ahead of the game and write your first company risk statement, or take another look at the one you have been using for the last three plus years?
How do I create or review our Risk Statement?
Put simply, and as a starting point there are a few headings to combine a bit of text about, in your Risk Statement and they are:
- Describe your risk architecture (briefly define risk roles, responsibilities, communication and reporting structure, including frequency)
- A sentence describing your rules, procedures and risk management methodology, tools and techniques.
- A nod to your risk strategy, which should be about attitudes and philosophy.
Remember when you do this though, that it should not be a tick box exercise. You should align this statement with your company objectives; with how you do it (business strategy and operations) to make sure that all company stakeholders can still achieve the benefits you told them your business strategy would deliver in the first place. Deciding your organisation is going to become a ‘super hero’ in your industry doesn’t throw all of those important things out of window, because you have changed your mind now. To prevent this from happening check that you have all the right people in the room, when you decide what your Risk Statement is going to be.
Some examples of risk statements:
“We develop our strategy and our attitude to risk taking at one and the same time. This gives us the overall boundaries within which our business will operate – guiding and challenging the choices we make. This is at the heart of everything that we do and supports transparency in our delivery to our stakeholders.”
“Our approach to risk-taking is based upon robust and effective arrangements for controlling our business. This enables management to direct and guide how our staff work, behave and the decisions they make. As part of these arrangements the amount and type of risk that our business is prepared to seek, accept or tolerate in delivering our strategy is included in our policies and guidance to staff.”
(you might also find it useful to consider the following phrases . Try replacing the amber text with words more appropriate for your organisation)
“We are a {simple /complex}, {low / medium / high risk} organisation.”
“We have a {highly cautious / prudent / bold / adventurous} attitude to risk-taking and this is central to our culture and how we do business.”
Finally, a very brief word about Risk Strategy; since we haven’t covered this implicitly in our ‘Doing Good Business Well’ series. Whilst writing a whole Risk Strategy may be over-kill for a small to medium sized business, which operates in a relatively relaxed regulatory environment, it is an essential tool for defining approach to risk in a large corporate or highly regulated environment, where more people will need to understand ‘where your business is coming from’. Put simply, if you have lots of people managing risk across a much bigger organisation a short Risk Statement might not be enough to support everyone. They may require a bigger picture and this is when a Risk Strategy document will be most helpful.