Balancing risk agility and risk resiliency is the focus of PwC’s recently published fifth annual risk study. The report, Risk in Review: Going the Distance, makes the case that organizations that do both well are more likely to have long-term success.
Of particular interest to me is how the study defines risk agility and risk resiliency. Risk agility is an organization’s ability to “. . . respond quickly to changing markets, customer preferences, or market dynamics,” according to the study. Risk resiliency is defined as an organization’s “. . . ability to withstand disruption by relying on solid processes, controls, and risk management tools and techniques, including a well-defined corporate culture and a powerful brand.”
These definitions capture well two approaches to risk. One is offensive or aggressive while the other is defensive or protective. Put in those terms, it is clear why organizations that excel at both are more likely to enjoy enduring success
The PwC report, based in part on a survey of 1,679 risk professionals from 23 different industry segments, packs an impressive amount of survey data, case studies, and region- and industry-specific figures in its 30 pages and ends with key recommendations, titled “10 ways to build enduring growth.”
The report segments industries into four categories:
The report determines that while risk agile companies — faster movers — are far more likely to expect revenue and profit growth than those that are not risk agile — slower movers, steady performers — they fall short in areas of business continuity, succession planning, and strategic alignment that contribute to sustainable success. The bottom line: Even though risk agility enhances growth, balancing it with risk resiliency provides a competitive edge over the long term, according to PwC’s analysis of the data.
From an internal audit perspective, the PwC report findings are similar to what I’ve said before about the value of aligning the audit plan with the organization’s risk appetite and business strategy. When properly aligned, internal audit provides assurance that management’s actions fall within the risk appetite while alerting management and the board about the relative strengths and weaknesses of controls, practices, and policies designed to protect the organization.
The PwC report’s list of 10 ways to build enduring growth includes basics such as aligning risk management with strategic planning and defining the organization’s risk appetite. I’ll comment here on just a few of the others.
All organizations should embrace the goal of becoming High Performers as defined by the PwC report. Some industry segments may not be positioned to excel as much in the area of risk agility, but all can strive to succeed in risk resiliency, and internal audit should play an active role in achieving both.
I welcome your comments, as always.