Today, you can be a completely new entrant to the market, a small, nimble startup like Airbnb once was, and still sweep away the larger, more established competitors before they even know it. This is the reality of the digital age. Every day, there are new technologies emerging, better cost models, and simpler products and services. In a 2015 study by MIT’s Center for Information Systems Research, board directors estimated that 32 percent of revenue over the next five years would be at risk due to digital disruption.
However, that isn’t the only disruption taking place. Cybercrime, terrorism, extreme climate events and geopolitical shocks are all affecting businesses in numerous ways. We’re also in the midst of a major regulatory roll-back -- President Donald Trump has already begun his efforts to repeal Obamacare and the Dodd-Frank Act. For organizations, there’s a lot of uncertainty ahead, and it’s definitely impacting the way both large and small businesses are run.
So, in this disruptive world, what does it take to be a high performer? Here are three best practices that, in my experience, set the winners apart from the rest.
Look ahead and prepare.
When Airbnb first entered the scene almost a decade ago, its odds of success seemed low. Hotels certainly did not view it as a threat. But, we know how that story ended. Airbnb, with its digital solution to make home or apartment renting easy, is now valued at $31 billion dollars and active in over 65,000 cities. What’s more, it is continuing to radically disrupt different facets of the travel industry.
The problem is that many companies today aren’t able to see what is coming next, or what is coming at them, because they spend so much time looking in the rear-view mirror instead of scanning the road ahead. They react to incidents after they occur instead of pre-empting and preventing them. That’s not going to work anymore. The risks, as well as the opportunities, are coming thick and fast -- and they’re evolving rapidly. If companies want to stay ahead of the curve, they need to be able to anticipate the bends in the road. And the only way to do that is with data. When you have sufficient, timely risk intelligence, you can make better decisions that drive high performance.
The good news is that today, the technology exists to aggregate, sort and analyze large volumes of information from inside and outside the enterprise. Spreadsheets and papers -- they belong to the past. Today, we’re seeing the emergence of true systems of intelligence that can harness and mine structured and unstructured data. We’re seeing new innovations around predictive analytics, advanced visualization tools and mind maps to help companies anticipate the risks and opportunities ahead.
The key is to free up resources that are stuck trying to analyze the past performance of the business, and instead redirect those resources to focus on what could happen, and how the business needs to respond. That is pivotal in helping companies preserve corporate integrity, protect their brands, and drive high performance.
Strengthen risk agility and maturity.
The buzzwords here are risk agility and risk resilience -- how flexible and adaptable your risk management programs are, and how quickly you’re able to withstand and recover from threats and other risk events. PwC, in its 2016 Risk in Review study, found that risk-agile companies are far more likely to say they expect significant revenue and profit-margin growth. It also found that companies that are both risk agile and risk resilient are destined for long-term success and growth.
How do you build this kind of maturity in your risk management program? Part of it is about being able to look ahead and anticipate risks, as mentioned earlier. But, it’s also about ensuring that people across the organization take responsibility for the risks in their processes and decisions. It’s about breaking down silos and ensuring that audit, compliance, risk and other functions are able to collaborate and share Governance, Risk and Compliance (GRC) data seamlessly. It’s about mapping risks, controls, regulations and processes in a single framework, so that you can immediately understand how, for instance, a change in regulation impacts the organization’s risk profile. It’s also about giving boards and senior management the right amount of intelligence at the right time, to help them determine where the real risks lie. Companies that demonstrate this level of risk maturity, agility and resilience will be able to thrive in a disruptive world.
Think like a fast-moving startup.
Companies that are just starting out are almost always looking to grow and scale, to get bigger faster. But, no matter how big you get, it’s important to retain that startup mentality. Why? For one, startups are agile; they’re quick to adapt to changes in markets, customer demands and business requirements. Who would have thought that Google, which started off with online search engines would one day be building technology for driverless cars? Or, that Facebook, which began as a social network, would be developing virtual reality devices? But these companies -- among the most famous startups in the world -- are not afraid to adapt and evolve. As the Harvard Business Review reported, “Instead of being really good at doing some particular thing, companies must be really good at learning how to do new things.”
The other advantage that startups have is that they’re constantly experimenting not just with new products and services, but also with business models, processes and strategies. There’s a sense of ownership and accountability that permeates the entire organization. Decisions aren’t just taken by the higher-ups alone -- they’re driven right down to the frontlines.
Startups are also risk takers. They often take more risks, bigger risks than larger organizations. MetricStream is over a decade old, and we’re a fairly large company -- but we still strive to think like a startup, particularly in how we take risks. Most recently, we launched our GRC apps in the cloud, unsure if the market was ready for it because no other GRC company had established a private GRC cloud before. But today, the majority of our customers deploy our GRC apps over the MetricStream GRC Cloud. And with our new FastTrack cloud deployment methodology, customers are able to start using and deriving value from their GRC apps in less than eight weeks.
The bottom line is that companies need to keep taking risks, to be agile, to anticipate and respond to shifts in the market. The world’s best-known startups -- be it Airbnb, Facebook, Amazon or Dropbox -- are all responsive to risks and opportunities, and that’s a large part of what helps them succeed in a disruptive world.
The Olympic motto -- Faster, Higher, Stronger -- can very well be the mantra of successful businesses today, especially in a disruptive world. We need to be able to respond faster to shifts in the risk, regulatory and business landscape. We need to drive higher performance. And finally, we need to build businesses that are stronger and more resilient. These objectives can’t be achieved overnight. But, it’s important to start -- to get on that journey of risk management and compliance, beginning with a few functions and processes, and then moving up gradually to create a fully integrated, technology-driven, forward-looking GRC program across the enterprise.