In late 2012, Apple released iOS 6 along with its newest Maps app. Despite demonstrating an impressive on-stage demo of the app in action, the released version was grossly underwhelming. In Canada, for example, out of 2,028 existing cities and towns, only about 400 results were correct. The blunder came on the heels of another failure the year before with Siri and demonstrated serious quality control issues at Apple. How could a company with billions of dollars in cash allow such a product to market? iOS 6 is an example of how poor risk management processes can affect even respected organizations.
A thorough risk management process involves five components: identifying, analyzing, evaluating, treating, and monitoring risk. Additionally, businesses should recognize that not all risk come from internal sources.
The risk origin trifecta: internal, strategic, and external
Some businesses make the mistake of assuming that the risk management process only involves institutionalizing rules and enforcing them. In an article on the Harvard Business Review, the authors make an important distinction by breaking down the source of risk into three categories: internal, strategic, and external.
Internal risk come from within the organization and are often controllable. Employees and managers behaving illegally or unethically is an example of an internal risk. To put it more broadly, internal risk is a collapse of routine operational processes or the failure to apply them. For iOS 6, there was a failure to implement and enforce a quality control process for verifying locations—but it wasn’t the only cause.
There was also strategic risk, which likely involved an attempt to deliver Maps as one of the flagship apps for iPhone 5. Strategic risks are defined as voluntary risks companies accept in order to generate superior returns from its strategy. Strategic risks can really pay off, but only if the underlying assumptions are true. In Apple’s case, internal failure with quality control unknowingly disrupted the risk vs. reward calculation.
Effectively analyzing and evaluating risk
When it comes to strategic risks, there is rarely an easy answer, because these risks cannot be managed through a rules-based control model. Rather, you should implement a system that helps you reduce the probability for these assumed risks to materialize. With the proper controls, certain questions (e.g., quality control) should have been prompted when Apple analyzed the strategic risk of rush shipping apps for iOS 6. These questions do not inhibit risk taking. On the contrary, strategic controls offer another avenue to test internal controls.
A company with effective strategic risk management is able to take on higher-risk, higher-reward ventures compared with competitors who do not have such systems in place. Of course, even the best plans cannot account for external risks, which arise from events outside the company and are beyond its influence or control. Sources of these risks include natural and political disasters. Managing external risks requires a focus on identification and timely mitigation.
iOS6 illustrates that risk management is difficult even for the biggest players in industry. Overlooking some part of the risk management process is one reason why some fail. For others, failure stems from the lack of tools, attempting to keep track and manage a robust risk analysis and control scheme using antiquated solutions.
Simplifying the risk management process with ComplianceBridge
ComplianceBridge supports the modern risk management process by helping you develop and track all of your internal, strategic, and external controls to protect your organization. Creating these controls requires a detailed set of policies and procedures that are regularly reviewed by your staff across every department. Such a feat can be time-consuming and imprecise.
With ComplianceBridge, you can import and create thorough documentation on a centralized database that can then be reviewed and approved by various stakeholders such as department managers and third-party consultants. Once each document passes through the appropriate checks, you can publish and notify specific people in the organization about its existence. Finally, the robust metrics and reporting tools enable you to quickly gauge your risk and spot areas that need your attention. All functions exist within the platform, which streamlines the risk management process and ensures nothing gets overlooked (3).
Interested in learning more about how ComplianceBridge can help your business identify, analyze, evaluate, treat, and monitor risk? Take a tour.
- Kloosterman, Vivian. “What are the 5 Risk Management Process Steps?” Continuing Professional Development. July 08, 2016. Accessed August 16, 2017. http://continuingprofessionaldevelopment.org/risk-management-steps-in-risk-management-process/.
- Robert S. Kaplan and Anette Mikes. “Managing Risks: A New Framework.” Harvard Business Review. July 31, 2014. Accessed August 16, 2017. https://hbr.org/2012/06/managing-risks-a-new-framework.
- “Powerful Policy Management Software from ComplianceBridge.” ComplianceBridge. Accessed August 16, 2017. https://compliancebridge.com/products/policy-management-software/