FCCS News & Insights

Risk Management and Strategy Discussions

Risk management strategy should be included in every strategic planning session, both at an organizational and individual initiative level. Especially for Farm Credit organizations and other cooperatives, which are committed to protecting their members’ assets, issues like risk identification, assessment, mitigation and management should be uppermost in leaders’ minds.

“When board and senior leaders gather annually to discuss their organization’s strategic plan, risk management strategy should be an early agenda item, as things like risk tolerance and priorities can impact other strategic discussions,” says Lisa Parrinello, Vice President, Risk Management and Insurance Services. “And, of course, risks associated with projects and initiatives – both ongoing and potential – should be discussed and addressed.”

The annual risk management strategy discussion should include the following steps.

Include the Right Stakeholders
Most annual strategic planning session include the board of directors and senior leaders. For risk discussions, in particular, it’s important to include the Chief Technology Officer to address cyber risks, the Chief Human Resources Officer for employment risks and the Chief Marketing Officer to identify reputation and communication risks, in addition to the CEO, CFO and legal counsel, who can ensure compliance with FCA regulations.

Identify and Assess Risks

One discussion item should be the status of current risks and any new risks arising across current operations and portfolio, keeping in mind that as processes and systems age, risks can increase. This is particularly true of cyber security protections, and cyber security should be a key discussion, including each of the 12 cyber security controls that the insurance underwriters consider and that were included in the 2022 Farm Credit Cyber Insurance Assessment. The same risk conversation should be had
regarding any new strategic initiatives being considered.

Prioritize the Risks
Leadership should then prioritize the risks in the order that makes sense for the organization – based on likelihood or impact, for example. Keeping in mind strategic priorities and risk tolerance, as well as financial and other resource constraints, categorize risks into priority levels for mitigation.

Develop Risk Mitigation Strategies
For each identified risk, identify the appropriate risk management strategy. Insurance is one key mitigation strategy, but operational changes are also essential: changes in policies, additional training, investment in security systems and other solutions need to evolve to continue protecting against evolving risks. Organizations may want to discuss current coverages and premiums offered through the Farm Credit Captive Insurance Company.

Scenario Planning and Testing
Table top exercises should be part of any risk management strategy. During the strategic planning session, the previous year’s test results should be discussed and the following year’s planned, including frequency, approach, topical areas and scenario set-up. Business continuity planning and testing should be incorporated in these exercises.

Monitor and Review Risks
In our fast-changing business environment, risks can arise without warning, as COVID-19 taught us all. And while there’s no predicting some events, organizations should pay attention to external trends and industry developments, ideally meeting at least quarterly, to identify emerging risks.
FCCS Risk Management consultants are available to offer their expertise to boards and leadership teams during strategic planning sessions or other meetings, and to support risk management teams throughout the year. For more information, contact Lisa Parrinello at 303.721.3214 or via email.