Static requirements are those policies, procedures, and reports that define the boundaries of the framework and set up a management system. The dynamic requirements are the day-to-day systems, processes, and activities that manage risks.
Developing and implementing an organization’s risk policies, standards, and sustainability reporting is heavy lifting. This work consumes plenty of resources and many organizations are currently overwhelmed in simply meeting these requirements.While it is important to have policies, processes, and reports, these alone are no longer sufficient to differentiate an organization from its peers. Imagine the policies, commitments, and procedures as one bookend of a library and the reporting activities as the other. Organizations that have ‘books’ in between that describe their risk performance will become leaders in their respective sectors because they can tell more complete stories about how they manage risks.
Applying these requirements against a generic risk framework, two distinct categories emerge: static and dynamic.
Static requirements are those policies, procedures, and reports that define the boundaries of the framework and set up a management system. The dynamic requirements are the day-to-day systems, processes, and activities - the value chains within an organization - that manage risks. Due to the changing context(both internally and externally), organizations will be required to proactively manage the performance of these value chains and do so in a dynamic fashion.
Applying Pareto’s Law means that 80% of requirements are static and will consume 20% of an organization’s resources. It is the dynamic requirements - the 20% that consume 80% of an organization’s resources- that will separate leaders in risk management from their peers. Embedding the capacity to listen, intervene and inform is the only way to satisfy21st-century stakeholders’ expectations including international governing bodies who demand more transparency.
Organizations are at pains to inform stakeholders about all of the risk-related work they are doing. However, how would these organizations react when told that they will need to bolster resources four-fold. Reports, policies, and standards are important, but paperwork will only take you so far. Companies trusted to grow the decarbonization economy will be those that manage risks dynamically. They will actively seek data and use it to inform their decisions and measure their performance. They will be the ones that will move beyond reports and are able to share insights with stakeholders into how well they are meeting their objectives in real-time. Industry leaders will have a complete library for internal decision-makers and external stakeholders alike to help them see the entire picture. Society expects organizations to be more transparent in telling their stories about how they are managing risks. Having timely, reliable, and relevant risk information available for those stories is a good first step.
