The Next Step–Resilience
First we had Enron, Worldcom and Parmalat and the world responded with internal controls over financial reporting. A well-controlled business reporting process was hailed as the way to ensure investors didn’t get hurt and companies wouldn’t go bankrupt. It didn’t work out that way because the focus on was on controls to eliminate risk of bad reporting; that left the door wide open for businesses to do stupid things and take enormous operational risks as long as they reported them accurately.
So after the financial crises of 2008 we all focused on risk management. Now the focus moved from controlling/eliminating bad results to managing risk. The reality is that too often managing risks means trying to avoid or control them and you can only manage risks you think of and know about. The failures of risk management are already laying the ground work for the next crises which will be unexpected events taking down businesses. In fact that is already happening, just not on the scale of the first two crises yet.
The solution is to take the next step to becoming a more resilient organization. A resilient organization understands that it was created to take risk in pursuit of its objectives and without risk taking it won’t be able to deliver growth in profits, employment and returns to stakeholders. It also understands that risk cannot to be eliminated, but should be understood and managed. Finally, it understands that it can’t possibly plan for all unexpected events because it has no idea what all of those risks are.
Instead, a resilient organization sets itself up as an organization with the right processes to get early warning when events happen that create a threat for the organization. This way there is time for the organization to react before the effects become insurmountable. The resilient organization understands that it can’t possible plan for and manage every risk so, instead, it makes itself agile and adaptable so it can react quickly to events and take the appropriate actions to minimize damage and, more importantly, take advantage of the situation to grow and expand.
Resilient organizations are coming, if only because non-resilient organizations will disappear; there are only two questions. Will it take another crisis for resiliency to be widely adopted and will your organization be the one that becomes resilient or will it be left behind by those that became resilient first?
This article originally appeared as a blog on the website of the Texas Society of Certified Public Accountants (September 29, 2014) and has been reproduced with permission from the author and the Texas Society of Certified Public Accountants.