• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact

Making decisions in times of uncertainty (part 2)

September 02, 2022

The high level of uncertainties faced by all businesses today – whether as a result of the continued impact of Covid, Brexit, climate issues, the cost-of-living crisis, war in Europe or other factors – means that boards are finding effective decision making with a high level of confidence particularly challenging.  The last Risk Committee Chairs Forum (RCCF) roundtable, held under the  Chatham House Rule, explored the main challenges of decision making in these difficult circumstances.  I had ten ‘takeaways’ from the discussion; the first three were considered in my previous Risk Coalition blog, and I discuss a further three learning points today.  (The final four learning points will follow next week, in my final blog of this series.)  So, onto takeaway #4…

4.     Avoiding risk spotting

Risk spotting – identifying individual risks – can be a mugs game say some non-executives.  Most organisations now link their principal risks to business objectives and strategic goals, and this is a step forward from the age-old practice of creating an endless list of risks, many of which can be theoretical as far as the organisation is concerned.  But it is now time to focus less on the risk (cause), but the resulting event or aftermath that needs managing.  So, to take a recent example, it was not so important knowing what the likelihood of a pandemic happening was – rather, we should have been asking ourselves what would happen if none of us could access our places of work (for example).  So, think about what might really cripple your organisation or might just be a game changer.  Whatever the reason for a risk crystalising, we need to deal with the outcome.  As one non-executive explained, this is the approach of taken by the military: iterative consideration of possible outcomes, each ‘darker’, more extreme and more unlikely than the last – all in order to help us prepare better.

5.     Scenario planning is the key

So, conventional linear thinking – identifying a risk, analysing it, and mitigating it – doesn’t quite seem good enough anymore.  Recently, both the pandemic and the invasion of Ukraine have shown us the value of scenario planning[1].  Scenarios don’t just help with decision making at the time of crisis, they help a board with dealing with the aftermath and the recovery.  They are particularly helpful at times of uncertainty. What might the future world look like, what could be the possible courses of action for the organisation and what might be the implications?  (So don’t forget to look at the upsides and opportunities, and not just worry about what might go wrong.)

Looking at extreme and unlikely scenarios, not just ‘plausible’ ones is helpful, but ‘wargaming’ can help move assessments beyond a paper-based exercise to help the board and executive actually begin to experience a crisis before it materialises.  (We have fire drills, so perhaps we should  test out other risk responses through practice.)  In assessing scenarios, we need to ensure we have the right expertise round the table to provide meaningful challenge.  We need to think through what might cause our scenarios to be incorrect and to challenge them effectively.  We need to remember the reason we run scenarios is that no one knows what the right answer is going to be – so bring an open mind with you when you’re discussing them, listen to all the views around the table and consider all the possibilities.  Diverse thinking will be invaluable.

6.     Don’t get distracted

It’s important to retain focus and not get distracted.  If you’re in the middle of a crisis, or see one coming, it is important to avoid any flak that might be flying and to dismiss trivial matters that may cloud the issues at hand.  The business’s ability to deliver must remain the focus at all times (see paragraph 7).  Non-executives often point out the extensive amount of time that they spend on the detail of regulatory reports.  Far better to understand the process for their preparation and what reporting controls are in place, and make sure there is good quality assurance over this.  Then, the committee’s focus can  be on the key matters of judgement and key messages of the reports, allowing more time to be spent considering the key risk issues and their mitigation.

It is worth reflecting on papers and committee information more generally.  It is a perennial issue (and perhaps a topic for a future blog) but the risk committee chairs agreed that committee papers need to be more succinct and bring out key matters more clearly.  One of the risk committee chairs present even remarked that the regulators asked them whether they could really get though their committee papers given their length!

The final blog in this series, to be published in a few days’ time, will consider my final four learning points from the RCCF discussion on decision making in an uncertain environment.

[1]   See the Risk Coalition’s earlier blog on the role of the risk committee in the Ukraine crisis.

Hanif Barma is partner at Board Alchemy, which focuses on board effectiveness and improving the performance of risk and internal audit teams.  He is also a co-founder of the Risk Coalition.  

The Risk Coalition’s Risk Committee Chairs Forum (RCCF) has been set up as a professional forum for risk committee chairs to exchange views and share experiences, network and learn from each other and from outside experts.  The next RCCF event will be an online roundtable on at 8.30am to 9.30am on Thursday, 8 September 2022, discussing the topic: “How do you know your risk management arrangements are effective?”.  You can book here for this event.  (This is a Chatham House Rule event for risk and audit committee chairs only.)

Tags: Hanif Barma
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson