Leadership is about making a difference. If leaders of organizations in the 21st Century are to make a difference and grow their organizations to greatness, they must have the capability to navigate in a very risky and dangerous world. Thus, understanding and managing risk has become imperative for successful leadership of organizations in today’s world.

    A variety of risks confront organizations today, and any one of them could threaten an organization’s success and ultimately lead to a decrease in stakeholder value. The need for greater risk awareness by leaders is driven by much more than just cyber threats. Forces such as globalization and the geopolitical environment in which organizations operate add complexity to business, thereby increasing risks. Disruption, innovation, technology, and Big Data require companies to rethink their business models, core strategies, and target markets. Customers have ever-increasing demands for customized products and services, leading to more risks. If customer expectations are not met, market share and, ultimately, revenue and profits can be significantly and quickly impacted. Organizations must also comply with increased regulations in some cases and deregulation in others, both of which drive risks. Mergers and restructurings are causing organizations to downsize and undergo changes in management responsibilities, which also creates the potential for enterprise risks. Given all of these forces, leaders must have a heightened state of awareness of the necessity for holistic risk management and for a stronger governance structure for their organization.

    Well-managed organizations have always had some focus on risk management, but typically it has been on an exposure-by-exposure basis through various risk management silos. For example, the treasury function focused on risks emanating from foreign currencies, interest rates, and commodities—so-called financial risks. An organization’s insurance group focused on hazard risks such as fire and accidents. Operating management looked after various operational risks, and the information technology group was concerned with security and systems risks. The accounting and internal audit function focused on risks caused by inadequate internal controls and trends in performance indicators. The general assumption was that executive management had its eye on the big picture of strategic risks facing the enterprise in the short term and over the life of the strategic plan.

    As organizations grow in complexity and serve global markets, the leadership challenge is to understand fully how the various organizational units interact and relate, and, in turn, how the risks cut across the silos. Instead of managing risk in many individual silos, enterprise risk management (ERM) takes an integrated and holistic perspective on risks facing an organization. Risk-centric leadership does not mean that the organization will be risk-adverse, but that it strives to identify, assess, and manage risks and, when taking risks, the leadership does so intentionally rather than unknowingly. The key is to take calculated risks across the enterprise and appropriately manage and mitigate the risks for the benefit of the stakeholders.