In a three-part series, part one outlined the implicit need to align innovation to the corporate strategy and through this we can determine ‘acceptable risk’. In part two I offered up numerous reasons why we should recognize and treat innovation risk differently, so as to allow it to perform closer to its promise of driving growth and achieving real advantage.
This post here is the third and last part, part three, where I lay out different mechanisms and framing of risk and innovation. These need to be evolved to fit your own risk appetite, not one size fits all. I hope it helps.
Risks are certainly shifting. In a recent piece of work by Deliottes called “Risk sensing:the (evolving) state of the art, the risks of most concern are changing each year. Interestingly, the pace of innovation stands among the top three risks in 2015 and tops along with regulatory risk, the list foreseen in 2018. With technology disruption, business model disruption and growing competition, social and customer engagement challenges the ability to manage innovation is growing as a concern and in risk management. We need to formulate a more robust risk innovation framework. Risk management for innovation needs to evolve to keep pace with the changing demands and pace of change we are undergoing in business challenges. Risk is becoming an evolving capability.
Mark Johnson of Innosight wrote a great article some time back that still holds true today, in its observations, on how poorly the relationship between risk management and innovation is understood. To quote the specific parts
- Risk management isn’t the antithesis of innovation; it’s the essence.
How an organization conceives of risk management will in large part decide how effectively innovation is pursued
- Risk management isn’t the brake on innovation; it’s the accelerator.
Risk management, treated as a learning process, not only propels innovation forward but can also speed it up.
- Real discipline in innovation risk management means a more relaxed approach to the financials.
In genuinely new-business innovation projects, it is critical to release the leaders of the effort from the norms and metrics of the core business.
Mark made some clear observations and statements on viewing risk management as a core competency.
As Clark G.Gilbert and Mark’s colleague Matthew J.Eyring argued in Harvard Business Review, the core competency of the most effective and successful innovators is risk management. To repeat: Risk management is their core competency. For these innovators, whether in new ventures or in a corporate setting, the ability to identify, prioritize, and systematically eliminate risks is what drives innovation forward.
They approach risk management not as a safety procedure but as a learning process. They know that no new-business model is perfect from its inception. So they test its various components and their combinations—its customer value proposition, profit formula, key resources, and key processes—in controlled experiments in tightly circumscribed markets, learning as they go and making adjustments.
It is (clearly) more prudent and ultimately more productive to first get the value proposition right and to judge it in terms of how fast it converts assumptions to certain knowledge. While experimentation speeds the time to a viable business innovation, it does not necessarily lead immediately to the kind of large-scale growth or increased market share that are usually the barometers of performance in the core business.
The relevant financial measure during this stage is whether the new business can be made profitable in its foothold market. Profitability confirms the strength of your fundamentals, allowing you the patience to scale up in a measured way. That is the real financial discipline in innovation risk management: the unswerving ability to resist applying the wrong kind of financial metrics at the wrong time and so unwittingly choke off growth potential before it can reach full fruition.
He concludes ” one of the biggest risks in innovation is to see risk management as a framework to be superimposed on new-business creation rather than as an inseparable part of the process itself.
Lets look at the mechanics of risk management for innovation.
For this I went in search of a broad discussion in understanding risk and its management. I found a series of articles written by Peadar Duiffy, as founder and chairman of Risk Management International (RMI) on risks in relationship to insurance and this series can be found through http://insurancethoughtleadership.com/risk-and-strategy-how-to-find-the-links. These I found to be especially useful to ‘translate’ into the make up of a risk management framework.
I’ve adapted these on how they might work or be used as a guiding group to build risk management and innovation in some depth. I think it works but you might advance these from your own perspectives.
Firstly lets establish some observations:
- Directors and senior managers need a globally accepted guide on the attributes of an effective risk appetite framework to manage innovation, independent of their corporate risk guidelines but they dovetail into them..
- Emphasis is shifting globally from risk management to building resilience and as we learn and explore about managing risk in innovation and each innovation can have different variances we need to ensure the risk optimization is achieved when risk and strategy are aligned with corporate objectives. Achieving this comes through the use of the three horizons framework for aligning where innovation fits and its (risk) horizon and place, pushing to encourage a greater scope of innovation, of building a validation, proofing and testing mentality.
- “Strategic risks” are those that are most consequential within the innovation activities that have a potential impact to the organization’s ability to execute its strategies and achieve its business objectives. Having a clarity of strategic risk, those must be material to have impact on the organization. These are the risk exposures that can ultimately affect shareholder value or the viability of the organization growth. Strategic risk management is focused on those most consequential and significant risks to shareholder value, an area that requires the time and attention of executive management and the board of directors. More radical innovations, disrupting positions or new business models would form part of this risk assessment.
Then we need to strengthening the strategic planning process
- Increasing rigor, formality and consistency in the strategic planning office which derives its authority from the board and the CEO’s office, needs engagement within the risk management of innovation. It at least needs ongoing awareness of the direction and impact any more radical innovation might have, to evaluate its impact.
- Aligning strategy, risk and audit board subcommittees (through cross-representation) in a manner that largely feeds into the board risk oversight, reporting and monitoring on innovation that might have material impact.
Embedding risk management and innovation competence within the structures developed.
- Explicitly articulating corporate and organizational objectives in relationship to innovations contribution and need.
- Testing the alignment of group, corporate and organizational objectives through development and review of risk appetite statements that bring the innovation efforts together. Who is responsible for what.
- Establishing an effective risk appetite framework, which includes:
- Statement of purpose and values of the organization towards innovation’s position of value and growth contribution
- Explicitly stated board risk assurance requirements; factors to consider and these would include:
- Mapping objectives to a risk appetite continuum, articulated and discussed
- Qualitatively expressed risk appetite statements to help in reassurance (reputation etc),
- Quantitatively expressed risk criteria related to both risk tolerance and risk limits
- Acknowledging these evolve but in a measured process that is dynamic and evolving from learning.
Understanding and improve progressively the organizational level of risk maturity
RMI had developed a five-level Risk Maturity Index, which provides a road map to risk optimization, it has merit for innovation to also follow. The index scores risk maturity capability requirements, etc. In summary, it describes:
- Level 5: “Value-Driven” — Optimizing value through aligning risk and strategy with corporate objectives,
- Level 4: “Clearly Managed” — Gaining value through aligning risk and strategy in pursuit of corporate objectives,
- Level 3: “Providing Insight” — Gaining insights into how to better align risk and strategy in pursuit of corporate objectives that evolve as innovators and the board gain growing confidence they are on a similar track,
- Level 2: “Gaining Awareness” — Developing awareness into how to align risk and strategy in pursuit of corporate objectives relating to innovation and its development
- Level 1: “Basic Learning” — Seeking awareness of the links of risk and strategy in pursuit of corporate objectives relating to innovation.
Establishing clear governance, setting policy and monitoring performance: In the context of the relationship between risk and strategy,good governance means accounting for the type of risk culture that encourages and manages innovation.
- “Risk culture” is a term describing the values, belief, knowledge and understanding about risk shared by a group of people within a common innovation purpose, in particular the employees of an organization or of teams or groups within an organization to relate too
- Risk culture, as an aspect of culture, can be practically described thus:
- Culture: The way we do things around here!
- Risk culture: The freedom we have to challenge around here!
- Risk culture is capable of being demonstrably and credibly evidenced and discussed.
First we need to explore: do boards express clearly and comprehensively the extent of their willingness to take risk to meet their strategic and business objectives in encouraging the innovation activities? Second, do they explicitly articulate risks that have the potential to threaten their operations, business model and reputation?
How are risk appetite, risk tolerance and risk limits related to one another?
The RMI Risk Maturity Index correlates and again, serves well for innovation and risk:
- Level of alignment of risks to strategy, objectives and execution of the innovation portfolio,
- Risk role affirmations at each maturity level (shown above),
- Risk culture affirmations (practices confirmed by internal and external attestors), who periodically check
- Risk defense affirmations (practices confirmed by internal and external attestors), in discussions
- Board and organizational processes that bring innovation continuously into the boardroom, in clear line of sight.
- Value realized at three levels: a) the customer, b) the organization and c) stakeholders.
As a particular Risk Assessment Strategy (RAS) is devolved down through an organization, its content will change based on the intended recipients as well as their relationship to innovation For example, a RAS at:
- Group executive level will be high level and inclined toward expressing appetite for risks to objectives that deliver value and increase performance, that show potential and promise. The RAS will clarify the innovation objectives, risks tolerance levels, escalation procedures, expected returns across a broader range of measures and how the control(s) to manage risk and innovation apply, looking for:
- Middle management level will articulate levels of tolerance that, if breached, will require escalation and “circuit breaking” reports, with priority given to immediate interventions and a review of internal controls but having a dynamic process of knowledge, learning, risks and opportunities to convey these to the board, if necessary or in a regular reporting format
- Business unit level and the team within these responsible for innovation, will have a more detailed and expanded RAS explanation, inclined toward expressing risk limits and internal controls that enable greater innovation understanding, spelling out risk tolerance, appetite and linking this into the articulated innovation strategy
The various components among the numerous risk maturity models tend to overlap considerably. Here’s one generic set of attributes of maturity:
- Risk is managed to specifically defined appetite and tolerances that relate to innovation need and strategy.
- There is management support for the defined risk culture and direct ties to the corporate culture
- A disciplined risk process is aligned with other functional areas to integrate innovation
- There is a process for uncovering the unknown or poorly understood risks of innovation and an evolving path to clarify, test, explore so a continued learning process is in place to build innovation capabilities & capacity.
- Risk is effectively analyzed and measured both quantitatively and qualitatively, both in hard terms and the softer potential seen at that point of time, to be determined and validated for improving quantification.
- There is collaboration on a resilient and sustainable enterprise, building on the knowledge and learning gained, shared and ‘factored into’ the risk management framework to keep it dynamic and evolving.
Innovation has many unknowns, but it is the learning and evolving that can give growing confidence. Constructing a risk innovation framework that grows as confidence is ‘found’ and a process to alert and inform gives the ability to constantly quantify these unknowns, constantly searching to find ways to measure and provide returns.
We need to relate risk and innovation in clearer ways, to give a greater confidence and encouragement to pushing for the new.
***Again, I certainly have to acknowledge, that I found the series of articles written by Peadar Duiffy, as founder and chairman of Risk Management International (RMI) on risks in relationship to insurance. as really valuable in framing innovation and risk as outlined here.