Risk teams face a challenging reality: how not to be seen as the traffic cops of business, always killing great deals with endless concerns about sanctions, corruption or security, but, at the same time, not just being a rubber stamp, signing off any opportunity that isn’t obviously in violation of regulations. It really comes down to being able to help the business understand its risk threshold and then determining how to operate within that argues Cory Davie, Control Risks
When I re-located to Australia, I noticed Aussies, including Aussie companies, have an interesting relationship with risk, particularly offshore risk, which falls into two clear schools of thought.
My second week in Australia I met a mining client going into a remote area of Mali, who said they were fine because “a lovely Belgian bloke was going to be there. He sorted out all the licences.” It was an incredible lack of understanding of the risks they faced in that region and when I tried to explain what we would expect them to do - i.e. a threat assessment, full journey management plan and review of other operational factors such as bribery and corruption, which could impact their ability to operate - they rolled their eyes and said they’d figure it out once they were there.
This perspective seems particularly common for those going into Africa, where there is a perception that things are so complex, and so inherently unknowable, there is no point in asking the questions anyway. Just jump in and figure it out as you go.
About a year after that, I worked with a client who was looking at moving into a new country in South East Asia. They had us do everything; we mapped out the political trajectory, the corruption risks, the security issues and the specific operational challenges at every point of their project plan. They then had us do deep dive intelligence profiles of every partner, vendor and associate in the potential deal. In the end, they had a robust mitigation plan for the very real, but very manageable, risks of this new operation and at the last minute the board said it simply all looked too hard and pulled the plug on the deal.
And just last week a client requested a threat assessment for a potential operation in North Africa and we delivered a fairly positive picture of a complex place that, with judicious management, could be a medium risk destination, but one with great opportunity. The board said, if it wasn’t low risk, they wouldn’t go and walked away from the deal.
This is where risk professionals can really shine and demonstrate how they can open up value for a business, that they are not just the traffic cops or insurance guys. A clear, standardised risk-based approach to reviewing operations, which uses sophisticated sources to determine the key threats around the external environment and identifies specific risks applicable to the organisation, allows decisions to be made with eyes wide open.
For the “she’ll be right” guys, understanding the precise risks allows them to better design their operations, potentially dodging speed bumps and road blocks that otherwise could derail a project. For the “no way” guys, understanding that the headline risks in the press aren’t always the same as the realities on the ground can open up new opportunities and markets that otherwise would go untapped. Further, by having a standard approach, they will be able to compare apples to apples and trust that a low risk in Botswana is the same as a low risk in Fiji. Most importantly, as a trusted internal source that looks at the evidence of a threat with clear eyes, the risk team can be the door openers, the ones who create legitimate opportunities in jurisdictions that otherwise seem too hairy and who, at times, can protect the company from their own enthusiasm.
Cory Davie is partner and general manager, Australia Pacific at Control Risks