“Today, the risks are considered separately. Each business manages its risks using its own methods and data (fire risks, financial risks, etc.), explains Sebastian Delmott, Educational Manager for Global Risk Management at CentraleSupélec Exed. however, daf, due to the transversal nature of its function, can see that all its goals affect all business risks.
Daf at the crossroads of business risks
It is a question of what risks are the most important in order to determine their priorities and allocate the necessary resources. “We have to ask ourselves what risks are acceptable or not, especially in terms of economic losses. To do this, CFOs must define strategic goals and requirements to manage risk management policy. emphasizes Vincent Derosh, also head of education.
However, it is not a question of generalizing these risks using standard lists, because: “Where each company (depending on its size, sector, environment, …) has its own risks and different goals”, insists Sebastian Delmott. All of these risks must be considered by Daf as part of the company’s global risk mappingbut they need to be analyzed and prioritized in the light of the company’s strategic goals and context (political, environmental, social …), as their criticality varies from one company to another, from one country to another and from one period to another.
26 general risk categories
It exists 26 general categories of business threats and threats : external to the company (environment, policy, insecurity, media, customers), internal, related to management (commercial, legal, communication, human resources, strategy, ethics, etc.), internal, related to technical resources infrastructure and buildings, materials and equipment) and internal, related to production (research and projects, human factor, physico-chemical, professional, operational, etc.).
However, we can cite current critical risks (not ranked):
International political instabilitysuch as Brexit, the war in Ukraine, the economic war between China and the United States, which ends in economic sanctions, or national, for example, social conflicts that could lead to a change of leaders at various levels (example of the recent Spanish independence attempt) … This instability can lead to exchange rate crises, supply chain disruptions, tax increases, complicated contractual relations, the need to relocate headquarters and factories …;
Difficulty of regulation and rapid change of regulation for products and substances: not all countries have the same standards for food additives, the use of phytosanitary products, safety … But also for data from the GDPR, for example, or for algorithms with rules that are likely to appear in the years to come;
Forced digitization, with the massive influence of digital companies on the ways of consumption, sales, work, influence, marketing, production … Traditional companies have no choice but to follow this digital transformation, which is accompanied by cultural and technological upheavals. But it is not just a matter of initiating digital transformation, it must be successful (controlled, in particular, from a financial point of view). “ We see many cases where this transformation is disproportionate because it is poorly supported in terms of project risk management, which affects efficiency, costs and time. “, emphasizes Sebastian Delmott.
The growth rate of technological breakthroughs accompanied by financial bubbles that can destabilize markets. Internet, artificial intelligence, NewSpace, quantum computer, new energies, connected health, biotechnology … Each new breakthrough is accompanied by high expectations of winning, as well as more or less large-scale fraud and fraud;
Cybersecurity which has a very high cost for companies in terms of: losses associated with attacks; costs associated with recovery from attacks; economic losses associated with the loss of customers after attacks; protection and prevention of attacks; insurance costs, which now include cyber risks
Economic war including destabilization by competition (companies, countries) makes DAF the main target for corruption, extortion or blackmail, data theft.
However, this awareness of risk does not seem self-evident. Because risk management is not an identified benefit to the company. “Even if it doesn’t bring anything, it prevents you from losing. Take the case of Ferrero, how much it will cost them in terms of lost sales due to a health scandal, or in advertising to restore their image.says Sebastian Delmott.
Good timeliness of risk management
Good temporary risk management occurs in 3 stages. Previously, it was about expectations, creativity, as well as imagination and perspective. “We need the ability to anticipate and make decisions with an approach, as in the so-called army. OODA (for observation, orientation, decision, action). You need to be able to model scenarios to manage the strategy accordingly. ” explains Vincent Derosh. Time: it’s about how to react and what decisions to make. Finally, we need to learn the lessons later and find out what worked and what didn’t. At each stage, risk management must know which position to take. “You need to know your strengths and weaknesses and be able to show dexterity.” Says Sebastian Delmott.
There is also talk of a risk appetite that managers and Comex need to support. It’s also about soft skills. “A good risk manager needs to know how to ask questions and doubt. BecauseThe first enemy of risk management is confidence », emphasizes Vincent Derosh. But at the same time, of course, a good risk manager must also provide confidence.