In an earlier post we highlighted that one of the roles and responsibilities of any organisation’s Board is to ensure the organisation’s structure and supporting environment for an effective and efficient risk management framework to operate is properly established and maintained. In this manner, the organisation will continue to drive towards enhancing its stakeholder value.
Through the activities of risk management functions, organisations need to gear and align themselves to be flexible and adaptable to the ever-changing environment and the multitude of risks (including opportunities) that come with it. One of the underlying objectives of the risk management function would be to provide adequate assurances on current inherent risks and threats, as well as real-time insights into the opportunities and potential risks that lay ahead. As with the general life saying, prevention is better than cure. In this case, pre-empting risks and thereafter, identifying and implementing appropriate controls and mitigating measures will place the organisation (from Board to Floor) in the right position to be prepared and not incur any surprising negative impacts.
Nevertheless, the organisation must also be prepared with an appropriate Business Continuity Plan (BCP) which would, in most cases, also include a Disaster Recovery Plan (DRP). Through such plans, the organisation could be well-prepared to tackle a number of worst-case scenarios. However, pre-empting such scenarios will, in the long run, always be less costly to the organisation – be it from a financial, operational, regulatory as well as reputational perspectives. The latter three perspectives would tend to also lead to financial negative impacts.
Bottom line is that proper risk management planning and going through a continuous process of maintaining a level of awareness of the risks, threats, controls and possible consequences is a healthy and proactive way of creating an element of competitive advantage.