How can CROs protect the innovation engines in their organizations?

What happens when you spray weed killer on young, flowering plants? The plants die.

CROs (chief risk officers) around the world could be doing something similar to the innovation engines within their organizations. CROs are currently in the spotlight. While everyone is pointing fingers at them for failing to prevent the current financial crisis, we’re also hoping that they can prevent a similar crisis from recurring in the future. And CROs are obliging by revamping processes and adopting new practices in areas which include governance risk and compliance, enterprise risk management, integrated risk management.

However, the current focus on revamping the risk management processes exposes their organizations to a significant risk of slowing down, or worse, crippling the innovation engines in their organizations. While government bailouts and raising new capital from other sources may help organizations prevent their demise, these will not be enough to restart the growth engine required to prosper again. Rejuvenating their innovation engines will be critical if organizations want to get back on the path of growth and prosperity. And though this may not be obvious instinctively, CROs have a critical role to play in rejuvenating the innovation engines within their organizations.

Where could CROs go wrong?
Currently, CROs are revamping the risk management practices within their organization. They are doing a serious gap analysis of their business processes to identify weaknesses in the risk management area. Heavy scrutiny by stakeholders will force CROs to perform an in-depth analysis this time, more in-depth than they would do in normal times, which will no doubt identify many gaps within their risk management framework.

Once these gaps are identified, the plans for addressing the gaps will also be heavily scrutinized. Research has shown that humans become more risk averse under pressure and take actions they would not easily undertake in normal times. In tough economic times and under the watchful eyes of stakeholders, CROs may similarly adopt a very risk-averse approach that leads them to take a heavy-handed approach in addressing the various gaps identified in their risk management framework.

A common way to address the gaps in a risk management framework is to introduce new processes (in the form of risk-mitigating controls), which can sometimes mean more bureaucracy (e.g., need management approval, fill out new forms, document every small action). While this may be effective in operational parts of organizations, this may not always be the right approach in areas where innovation blooms. This would typically include the customer-facing processes, customer service processes, new product development processes and customer co-development processes. Using a heavy-handed approach in these highly innovative areas is like spraying a powerful weed killer on young, blooming plants; it will simply kill them. And that would seriously hamper the future growth prospects of the organization. CROs should ensure that they do not contribute to this.

How can CROs avoid killing innovation?
Firstly, CROs need to be aware of processes where innovation typically blooms within their organization. A simple way to do this is to identify the innovation scale of the processes. The business processes are ranked on a simple scale of 1-5 (where 1 = low scope of innovation [e.g., performing quarterly maintenance of the payroll system] and 5 = high scope of innovation [e.g., a new product development process]). If the risk framework is not designed around processes, then this exercise can be performed at the business unit level.

Secondly, existing risks across processes must be identified. Since the processes contributing to innovation are critical for growth and performance of the organization, CROs can use the above innovation scale to prioritize the processes where resources should be invested during the risk identification process.

Thirdly, the various controls in place to manage the known risks must be identified. This is where CROs would typically find operational gaps in the form of either controls not working effectively, or even cases where controls simply do not exist. CROs need to work with business unit managers or process owners to either strengthen the existing controls or define new controls. If CROs are not vigilant during this third step, they may stifle innovation.

When performing this exercise of redefining the control environment for processes with a high scope of innovation (let’s say 3 and above on the scale suggested previously), CROs need to ensure that the controls will not kill the seeds of innovation in these processes. One way to prevent this is to perform an “innovation assessment” of existing and suggested new controls.

The assessment question can be as simple as “how does/will this control affect the innovation scale of the process?” All key stakeholders in the process being evaluated should participate in this assessment.

Controls should not be formally put in place until the assessment responses clearly indicate that the controls will not have an adverse effect on the innovation scale of the process. It is possible that there will be some controls that could have a negative effect on the innovation scale of the related process, but must still be implemented. This may be due to legal or regulatory obligations. For such controls, sign-off should be required from key senior stakeholders who are responsible for the innovation and performance of the organization. This would at least ensure that an informed decision is made and the impact of new controls on innovation is fully understood.

This framework will ensure that CROs do not introduce or strengthen controls to such an extent that the innovation seeds within the business processes are completely washed out. At the end of the day this is simply about weighing the risk and returns, and making an informed business judgment.

Conclusion 
CROs have an important role to play in ensuring that the innovation engines in their organizations do not slow down as result of revamping the risk management practices currently being demanded by internal and external stakeholders. By identifying the processes that contribute to innovation and performing an innovation assessment of controls, CROs can drive a more informed decision-making process and thus avoid slowing down the innovation engines, which are so critical to reemerge from the current economic crisis. 

About the Author

Manoj Kulwal is a Risk Business Solutions Manager with SAS. He has expertise in the areas of innovation, performance management and risk management. Read more about Kulwal on his LinkedIn profile. manoj.kulwal@sas.com