In the dynamic landscape of the Nigerian business environment, where uncertainties and disruptions have become the norm, the role of Chief Risk Officers (CROs) is undergoing a profound transformation. Traditionally seen as gatekeepers focused on mitigating risks, modern CROs in Nigeria are increasingly becoming enablers of strategy, playing a pivotal role in aligning risk management with organizational goals. This evolution is not merely a conceptual shift; it's a strategic imperative for organizations to thrive in the face of rapid change and uncertainty.
The Interplay of Strategy and Risk Management
At the heart of this evolution lies the recognition that strategy and risk management are inseparable. Organizations in Nigeria, just like their global counterparts, are realizing that calculated risks are essential for survival and value creation. The need to balance risk-taking with strategic decision-making has never been more crucial, especially in times of massive disruption and transformation.
The traditional approach of viewing strategy and risk management as distinct entities is giving way to a more integrated perspective. The choices organizations make in defining their strategies inherently involve actions that mitigate risks arising from macro trends, market dynamics, business model threats, or competitive differentiation. Thus, strategy and risk management are now regarded as two sides of the same coin, and organizations are compelled to take calculated risks to not only survive but also to create value for stakeholders.
Shifting from Gatekeepers to Enablers
In the Nigerian business landscape, the evolution of the CRO's role is evident in the shift from being mere gatekeepers to becoming enablers of strategy. The focus has moved beyond the restrictive mindset of preventing the enterprise from risky endeavors to a proactive approach that asks, "How can we work towards achieving the company’s goals while managing or mitigating the risks involved?"
This shift is essential in the face of the greater risk of value erosion resulting from unsuccessful strategy execution than from operational inefficiencies or compliance incidents. The CRO's role now extends beyond risk mitigation to actively contributing to the organization's strategic decision-making process.
Engagement in the Strategy Decision Process
For CROs in Nigerian organizations, active engagement in the strategy decision process is paramount. It involves having a deep understanding of the company’s strategic context, participating in the definition of strategic initiatives, and contributing to the setting of strategic goals to measure performance. The modern CRO is not a passive observer but an integral part of any forum that makes strategic decisions within the organization.
In organizations that have successfully embraced this evolution, the CRO is no longer a separate entity but an essential collaborator in shaping the future direction of the company. This engagement ensures that risk considerations are embedded in the strategic planning phase, enabling a more holistic approach to decision-making.
A Unique Vantage Point
The roles of the CRO and the strategy officer should be merged, offering a unique vantage point. This integration ensures that the same scorecards are used by both the strategy and risk teams, fostering alignment of mitigation actions with strategic outcomes.
This alignment between strategy and risk management reflects a forward-thinking approach where risk considerations are not an afterthought but an integral part of the strategic planning and execution process. Nigerian organizations can draw inspiration from this model to enhance their own risk management practices.
Revised Charter for Enterprise Risk Management
To fully embrace the evolution of the CRO's role, organizations in Nigeria need to revisit the charter of their enterprise risk management office. This revision should include more progressive responsibilities that align with the integration of strategy and risk management.
Key components of this revised charter may include:
Comprehensive Risk Register: Cast a wide net to build a risk register that covers all aspects of organizational risk, including strategic, operational, legal, and compliance risks across all stakeholders.
Risk Hierarchy: Build a risk hierarchy that effectively aligns all the risks of the company with its strategic objectives. This ensures that risk management efforts are directly contributing to the achievement of organizational goals.
Close Collaboration: Identify, assess, and monitor risks closely and in conjunction with business units and departments. The collaboration should extend beyond risk professionals to involve all relevant stakeholders in the risk management process.
Frameworks and Tools: Implement frameworks and tools across the organization to assess risks using common yardsticks. This standardization facilitates a more cohesive and efficient approach to risk management.
Cultural Transformation: Permeate a culture that encourages stakeholders to proactively identify and discuss risks. Fostering an open environment where risks are acknowledged and addressed creates a more resilient and adaptable organization.
Enabling Innovation through Risk Management
The evolving role of the CRO is not just about risk avoidance but also about enabling innovation. A case in point is a Nigerian company's transformation objective to enable innovation at scale. The CRO and risk management team played a crucial role in this initiative by analyzing risks associated with open internet access, collaborating with cross-functional teams, and implementing a technology solution that both protected the enterprise and facilitated employees' innovative endeavors.
This example illustrates that risk management, when approached strategically, can serve as a catalyst for innovation rather than a hindrance. Nigerian organizations can leverage their risk management functions to create a balance between fostering creativity and ensuring the security and compliance of operations.
Skills and Traits of the Modern CRO
The evolution of the CRO's role necessitates the acquisition of new skills and traits to complement traditional risk management expertise. In the Nigerian context, where business complexities and uncertainties are abundant, the modern CRO should embody the following:
Deep Understanding of Strategy: Develop a deep understanding of the company’s strategic context, strategy, and the interplay between various strategic programs and processes.
Stakeholder Orientation: Understand the expectations of the company’s stakeholders, including executives, employees, clients, investors, partners, vendors, and society. Stakeholder-oriented risk management ensures that the interests of all parties are considered.
Proactive Outreach: Constantly engage with teams across the organization to identify risk patterns proactively. Waiting for risks to surface is no longer sufficient; the modern CRO must actively seek out potential risks.
Empathy and Collaboration: Embrace traits of empathy, inspiration, persuasiveness, and collaboration. These qualities are crucial for building a risk-aware culture and facilitating open communication about risks within the organization.
Change Agent Mentality: Be a change agent, focusing on result orientation and decision-making through consensus. Fearlessness in calling out risks and making decisions that contribute to the organization's success is a critical trait.
International Standards and Unfamiliar Territories
Internationally accepted risk framework standards, such as those proposed by The Committee of Sponsoring Organizations of the Treadway Commission (COSO), emphasize the convergence of strategy and risk. While these standards provide a framework, Nigerian organizations are urged to take the initiative in defining their approach to achieving this integration.
The complexities of the Nigerian business landscape are transforming rapidly, and organizations are venturing into unfamiliar territories. This presents an opportune time for CROs to lead the way in providing guidance for navigating the uncertainties of the future.
In conclusion, the evolving role of Chief Risk Officers in Nigerian organizations reflects a fundamental shift in how risk is perceived and managed. The integration of strategy and risk management