CSRisk Management: A new suit of clothes for the naked CEO

There is risk management as we know it, and then there is CSRisk, as this author defines it, a triad of Creativity, Strategy and Risk Management. As he writes, the development and merging together of these three capabilities will allow CEOs to build globally competitive businesses and rest secure knowing that their exposure is limited to the absolute minimum. Readers will learn how to build a CSRisk capability in this article.

Pity the poor emperor! Pity the poor CEO! Every quarter, or sometimes even every week, he has to stand up in front of a group of important stakeholders and pronounce, without even a trace of uncertainty on his face or a quaver in his voice that he knows exactly where the market, new technologies, the economy, the customer and the competition is going. He must even state with absolute assurance what the company’s earnings will be for the next quarter to within one cent!

Now, it is easy to blame the CEOs for putting themselves in this situation. After all, some of them do indeed act like emperors and believe that they know everything. However, many simply find themselves in a situation where they feel they have no option but to say whatever it takes to fulfill the expectations of the people facing them. Could you imagine the reaction of a group of financial analysts if a CEO actually admitted that she did not know what was going to happen next quarter? How would employees react if the boss said she didn’t really know what was going to happen to the organization next year?  Both stakeholders know exactly what they want to hear, and the CEO’s job is to deliver “on message.” The emperor appears and pronounces, and no one dares to challenge what they see or hear!

Yet, the track record of almost all types of futurists, not just CEOs, in predicting what is going to happen and when, is generally abysmal. How many people accurately predicted the timing and impact of the most recent tsunamis, economic crashes, volcanoes, 9-11, Facebook or the use of biofuels? And, how many CEOs of Canadian manufacturers in 2000 predicted that the Canadian dollar would be close to parity with the American dollar in 2010? How many of those CEOs thought they had it all under control?

In an informal, off-the-record setting, management will acknowledge and share their fears of the normally “taboo” risks hidden behind the decisions they have taken. However, when it comes to real organizational decision-making, too many revert to traditional processes and models designed for a world of much greater certainty – where we could quite rightly assume that we knew how the world would unfold – and that simply no longer work.

However, there is an alternative. Although one CSR acronym has become a high-profile component of all management teams’ preoccupations over the past few years, there is another CSR that is much more likely to influence an organization’s success over the coming years. This CSR, CSRisk, is a triad of organizational and individual capabilities, namely Creativity, Strategy and Risk Management. It is the development and merging together of these three capabilities that will allow CEOs to build globally competitive businesses and to stand securely before their various stakeholders knowing that their “exposure” is limited to the absolute minimum.


Figure 1

Imagine, perhaps, Bombardier trying to go ahead with its C-Series planes without a strong CSRisk Capability. Without some creative strategic reflection, the opportunity for the company to build its first airplane from scratch would never have been seriously considered. A risk-avoidance culture would have meant that the project was unthinkable. Blindly proceeding without actively managing the inherent risk would have represented equally poor leadership by taking an irresponsible Big Bet and putting the future of the company in jeopardy.  Creative risk management allowed the company to move forward step-by-step, making sure that the risk at each step was minimized.

Research in Motion and its Blackberry represent a clearly differentiated strategy, lots of creativity, and a risk management appetite and capability to match. Both the Bombardier and RIM examples demonstrate how, by having developed a powerful CSRisk capability, actions that would be deemed far too risky for competitors fall well within the limits of your company’s capabilities to exploit them.

A contrasting example might be helpful. Having been challenged by some subordinates about its willingness to accept new ideas, innovate and take risk, the executive team of a major Canadian corporation responded by brainstorming to generate a list of actions that would encourage a move towards a culture of innovation. The session had generated some interesting ideas and some positive energy until the CEO proclaimed “But how do we know that if we do all this, we will actually become more innovative?” Needless to say, the tight focus on operational performance, conservatism, control and risk avoidance still remains alive and well in the organization. At the same time, the much craved-for (but much feared) “game-changer” strategies and actions remain beyond the company’s reach.

In a world where sustainable competitive advantage is increasingly defined by an organization’s ability to stake out a differentiated brand and product/service position, to be creative and innovative and to manage the inherent risk in a world of global uncertainty, each and every organization needs to challenge itself with regards to where their CSRisk capability stands today.

A critical view of these capabilities perhaps explains some of the problems organizations are facing.


Creativity is the antithesis of control. However, control-focused organizational cultures largely remain intact, even while senior leadership pleads for more innovation and creative thinking – whether that be in seeking out “Blue Ocean” market territory, quickening work processes or, in general, problem solving. In most organizations, it simply does not pay for employees to take risks. After all, you might fail and, more importantly, quickly be viewed as a failure. Risk taking is rarely something we see assessed and rewarded by performance metrics. Hence, it rarely happens.


Most strategic planning processes (and the resulting plans) assume that stability and certainty are just around the corner – if only those annoying “uncertainties” would just stop popping up to ruin the planned strategy and roll-out. Hence, it is true for many that strategic planning is a waste of time and money, as the underlying assumption upon which their process is based is false.

In addition, rarely is creativity visible at strategic planning retreats. The most important objective for many CEOs is to push and defend their own ideas. “Do we really need 2 whole days to discuss this?” is the oft-heard refrain. Other members of the management team simply want to protect their department or function while trying to get an increased slice of the budget pie. Many fail miserably to put aside their “departmental hats” to think of the well being of the organization. Any chance of creative strategic thinking is lost in the “red ocean” battle for departmental turf, and strategic planning degenerates into just more operational planning.

Risk management

For many organizations, risk management continues to fall primarily under the responsibility of the finance department. Financial risk is obviously important and needs to be actively and tightly-managed. However, the management of strategic and global risk also needs to be integrated into organizational decision-making and activities. Risk is everywhere – literally enterprise-wide – and any risk management process must include identifying, avoiding, mitigating and even seeking out strategic, operational and global risk – Black Swans included.

Within the strategic-planning process today, strategic risk management is often limited to a simple STEP/PEST-type analysis at the beginning of the strategic planning process, supported by tight procedures/rules/ bureaucracy during the plan’s implementation. This only succeeds in effectively snuffing out any flickers of creativity that might be struggling to survive within the rank and file.

The CSRisk Triangle

It is important to remember that the taking of risk ultimately creates shareholder value, and that competitive advantage accrues to those better able to successfully take on more risk. This point explains why, in the diagram below, the CSRisk Triangle does not sit on a solid-base but literally stands on the very wobbly tip of a strong capability in Risk Management. Without good risk management, the “tipping point” is very quickly reached and the whole model (and organization) crashes.

Figure 2

Building an integrated CSRisk capability.

The challenge facing all organizations is to grow their CSRisk capability by expanding outward, away from the centre of the inner triangle in the diagram. This sees an organization gradually adopting a culture of risk management as opposed to risk avoidance, to embracing creativity as opposed to imposing control, and to one where long-term vision, strategic readiness and guiding principles drive and direct operational performance. But be warned. Developing two out of three of these capabilities will not be enough. We need to develop all three, otherwise we do not benefit.

Operational focus: Strategic readiness

To improve its strategic readiness, the organization needs to facilitate the emergence of a new norm, which allows the emperor’s and his or her team’s vision and paradigm to be challenged, and in which the organization’s strategic assumptions can be regularly questioned in the search for both radical and incremental innovation.

In addition, having acknowledged that we cannot predict the future, the use of scenario planning should become the cornerstone of any strategic decision-making process. Scenarios are futures that could happen. We are not saying that they will. Accordingly, the search for “No Regrets” actions, or using the 3 Horizons approach, along with the creation of a portfolio of strategic (risk) options to be played over time, also becomes a meaningful and valuable mechanism for taking and implementing long-term strategic decisions.

Control culture; Creativity unleashed

Creativity can never be exercised if control is paramount and a mistake (read “failure”) is the kiss of death to any career-advancement. It is difficult to learn to ride a bike without risking falling off. If I know I will be punished for falling off, I will simply never risk learning to ride. What I need is to be encouraged to try, all the while knowing that the “trainer wheels”, our risk management system, will do its job of minimizing damage if I fall.

Our workspaces, meeting spaces and conversation processes also need to be structured to encourage creativity and synergy creation. This might be as simple as using holding World-Cafés, using Open Space, talking sticks or Deep Democracy-style conversation processes. In this way, the mythic Blue Ocean dreams of executives and entrepreneurs alike may at least become realities in the form of small but valuable blue gems.

Risk avoided, risk managed

It is possible to avoid or eliminate some types of operational risk, but strategic risk and global risk will always be there. The next Black Swan is just around the corner.

The first step in moving towards a culture of risk management is to declare that we have no idea what is around the corner. Hence, the idea of creating a 3-5- year strategic plan built on a counter-assumption is as ridiculous as is the stakeholder asking us to do so!

Rather, we need to build a rigorous integrated strategic/risk management planning process that will allow us to be flexible as events unfold. The value of incorporating the use of heat maps, risk profiles and on-going risk management tools into the strategic-planning-and-implementation processes is difficult to deny when we assume that we will have to deal with unknowns, unknowables and possibly highly volatile levels of uncertainty. We then all need to get together wearing our creative hats (the green one for those followers of Edward De Bono) in order to see how we might deal with them.

A new suit of clothes for the CEO

Where will all this leave our poor CEOs? Those unable or unwilling to develop and integrate these three CSRisk capabilities risk being left behind in the race to be competitive in a constantly changing global world. One day soon, his or her nakedness will be proclaimed for all to see.

Why is that? Without risk management, creativity poses a threat to both the individual and the organization, and any and all strategy will be built on the false, dangerous assumption of certainty, i.e. that we know what is coming. Without strategic readiness and creativity, organizations will be left behind in the “red ocean” in terms of competitive advantage and their ability to react and innovate as events unfold.

It will take courage for CEOs to stand in front of their stakeholders and acknowledge their nakedness: the “elephant in the room” that they really have no idea of what’s coming around the corner. However, having done so, CEOs will be able to stand with real confidence and pride, knowing they have built an organization with a CSRisk capability that will be ready to deal with the future – whatever that might turn out to be.