The Language of Risk; Framing Risk Governance

Having just spent the best part of a year in a surreal state of ─ mostly ─ global lockdown, multinational corporations and domestic suppliers have been faced with unprecedented levels of adversity, and an ongoing uphill struggle against mother nature’s wrath. Experts who work in the world of procurement and supply chain have learnt at speed to innovate and develop solutions that strengthen existing systems and build resilience, enabling organisations the world-over to retain the ability to provide goods and services to a highly-demanding global population.

Needless to say, it has been an incredibly tough task, and in many cases, previously thriving businesses and sectors have crumbled under the pressure. Many are now questioning how the companies that have adapted to the new ‘normal’ did so with such haste ─ a question that can be answered succinctly with one term: risk governance. If you haven’t heard it before, risk governance is a term that refers to the way that businesses, individuals or societies applies a set of rules, processes, and mechanisms to minimise the potentially negative consequences of a decision or scenario. According to David Loseby, Group CPO at Rolls-Royce, you could class it as the “conscious strategic response to market conditions, by adapting and remodelling resources and the [business] models they must operate within to meet a changing risk landscape.”

Risk governance is a standard expectation within every company or institution, but it relies heavily on leaders and models having supreme dynamic capabilities to adopt new norms almost as quick as the markets change. A dynamic capability is essentially an organisation’s underpinning ability to purposefully build, integrate, and reconfigure internal affairs to bring about change within the everyday business environment. In essence, an organisation’s dynamic capability is defined by its ability to adapt its business model to suit evolving market norms and necessities.

Loseby, a thought leader in P&SM, highlighted the importance of dynamic capability in modern markets when he stated that “The business of achieving a stable business model, particularly when it’s under external and organisational pressure is one of the recently debated leadership competencies.” Fortunately, Loseby recently took the time to sit down and share with Procurement magazine his experience and research and discuss the five factors that he believes should define and help shape an organisation’s risk governance process. 

Framing It

For Loseby, “communication and the way that procurement risk management professionals frame their approach to the adoption of alternative methods is absolutely crucial to the successful implementation of systems that improve the way organisational risk management is recognised. There’s a lot to be said for the way that an individual can word something. Take a look at the history books ─ some of the greatest, most renowned addresses by leaders were inspirational, not just because of the words that they said but because of the way that they arranged and spoke them.” I suppose we can all agree that the manipulation of words, in the form of wordplay, is very nearly an art form; one which, I should add, the greater majority have not yet completely mastered. 

So, in essence, to bring about the change that we need to see in procurement and supply chain management, we must first change our approach and our individual methodologies, to ensure that we positively frame the alternative idea in a way that is undeniably beneficial for future progress. 

The Enterprise Risk Management System

So, to begin with, Loseby believes that the future of risk management ─ and, presumably, mitigation ─ all comes down to Enterprise Risk Management (ERM). ERM is a plan-based business strategy that breaks away from traditional risk management methods; the system aims to identify, assess, and prepare an organisation for any potential disasters or hiccups that may disrupt and interfere with business objectives and daily operations. 

Loseby told us that “ERM is essentially an improved version of the risk management approach of yesteryear. If organisations begin a journey towards adopting a mindset that says ‘we’ll embrace ERM as a more engaging and holistic way of providing risk governance’, then they’ll see a big difference in their risk mitigation strategies going forward. The key to this is how we frame the suggestion. It must be framed in a manner that improves the way in which the decision-makers and influencers of risk respond to managing the portfolio of risks.”

An often-cited example of the framing effect in psychology, sourced from an excerpt in Daniel Kahneman’s book Thinking Fast and Slow, which is wholly applicable ─ but theoretical ─ to our current COVID-19 situation:

Consider two potential framings of two vaccination programmes that are being rolled out across a nation. They could save 600 people affected by the novel Coronavirus:

• Program A will save 200 people. Program B has ⅓ chance of saving 600 and ⅔ chance of saving none.
• Program A will leave 400 people dead. Program B has ⅓ chance that nobody will die, and ⅔ chance that 600 will die. 

Loseby highlighted that “Subjects in the study choose a response that inferred survival by preferring A in the first scenario and B in the second.” This shows that the respondents overwhelmingly supported the wording that implies survival, suggesting that ‘framing‘ influences risk aversion. 

According to Loseby, risk management is defined as the process of identification, measurement, analysis, and control of the risk. The Group CPO emphasised that “Risk management focuses on reducing risk by sophisticated quantitative modelling, and the harmonisation of risk models and processes are more likely to lead to mechanistic ─ purely physical or deterministic ─ risk management. This will, to all intents and purposes, filter out the majority of the risks and controls applied to the models; as a result, senior decision-makers in an organisation will struggle to take in and understand fully the risk faced.” 

The Frames

Cognitive Framing

“Cognitive Framing aims to establish a knowledge structure that assists both the organisation and the individual in their understanding of new information and experiences in the most consistent and simplistic form.” 

“According to the research conducted by Stein, Wiedmann & Bouten, there could be two approaches that deploy the use of cognitive framing: 

1. Firms applying the cognitive framing of risk governance direct the usage of firm resources towards risk-related adaptive steering of the business model.
2. Firms applying the cognitive framing of risk management direct the usage of firm resources towards mitigating and minimising risks.” 

Strategic Framing

“Strategic Framing sets the “sellers” ─ focus on three core attributes: Purpose, Intent, and Functionality. In framing a series of approaches and social identities, a strategic approach becomes a catalyst for others to engage with the idea; this gives everybody equal opportunity to influence the direction being set and creates a sense of unity and shared meaning across the organisation.”

In the long run, Strategic Framing and the concept of sharing the load creates a culture within an organisation that offers long-term value creation and business model sustainability. Everybody has an opportunity to innovate solutions and an equal platform to present them from ─ employees love that, and so do external investors.

Action Framing

Action Framing is an action-orientated approach centred on simplifying and condensing the rules and regulations surrounding risk and how these should be managed in relation to the organisation itself.

This is in line with ISO 31000, a globally recognised set of standards relating to risk management, which gives general guidance on architecture, principles, framework, and process.

Emotional Framing

Emotional Framing is a form of framing that the majority of humans implement inherently in both personal and professional life. “It’s the purposeful intention of making something attractive to get people involved and committed to a course of action. This is said to be achieved through habitual language and positively connoted cultural symbols to create a common ground for all levels in the organisation. Emotional Framing plays an important role in the affective perception and comprehension of potential risks.”

Institutional Framing

Finally, “Institutional Framing influences how people connect a process with internal and external structural conditions, invoking the ‘creation of share conceptions.” Essentially, linking events or occurrences for the whole organisation to connect with and stand behind ─ rallying the squadron with a call to arms if you like. “Therefore, institutional framing of risk governance accentuates the supplementary control mechanisms such as interfaces between top management and the overall system of internal and external monitoring and supervision along with, or intensified information flows between internal and external supervisory bodies,” Loseby added.

“Looking at the above, if we summarise it, it’s clear that the opportunity for small and medium-sized enterprises to consider and engage with non-financial risks, such as growth, key talent and reputational issues are evident. When you consider that risk governance is a relatively new research area, we also need to recognise that corporate risk culture is increasingly important. It has also been suggested that the deliberate framing of risk governance might help to increase awareness of design alternatives, reduce uncertainty in an increasingly volatile world, and make ambiguity slightly more controllable as a positive outcome for business resilience and sustainability.”