Share this content

The customer risk matrix

21st Nov 2018
Share this content

Risk: It’s a fundamental element of business planning and strategy with risk identification and mitigation being one of the key duties of a director. It’s also an ever-changing being, moving and adapting in response to internal and external forces. For example, KPMG’s Global CEO Outlook [1] revealed operational risk as the top threat for UK companies in 2017. Just one year later this had been relegated to 6th place with a return to territorialism now taking the top spot ahead of environmental/climate change, emerging/disruptive technology, cyber security, and brand risk.

Naturally every organisation’s risk matrix will be different depending on their business sector and marketplace. But there is a danger that in identifying risks we place them into discrete compartments, identifying and mitigating the potential for single points of failure rather than taking a more holistic viewpoint. And if we do treat risks in isolation there is a chance that solutions will be incomplete, with unintended consequences not only across the organisation but also externally with suppliers, consumers and other third parties all being adversely affected.

Let’s take customer risk as an example. Typing customer risk into a search engine resulted in a slightly alarming top result warning about the dangers of customers being involved in money laundering followed by an article on credit risk. But customer risk is far more than that.

  • What about the risk of reputational damage to the organisation should customers post negative feedback on social media sites?
  • What about the risk to the customers themselves if products are faulty or if inadequate safety protocols are put in place?
  • And what about the ongoing risk to organisational profitability if the business fails to take adequate account of customers’ needs and expectations when designing products and services?

In fact, customer risk impacts every aspect of the organisation. But customers are also potentially impacted by every other risk identified by the organisation. For example if cyber security is in your risk matrix, then you will have to consider the potential impact on customers if their data is lost or stolen. Or if, say, you are worried about an increase in extreme weather events due to climate change impacting your business, then you should also take into consideration the way in which the same events could impact your customers and influence their future behaviour.

Now we’re not saying that all risks should be lumped into some homogenous pile. But we are suggesting organisations take a more holistic view of risk in order to identify potential internal and external impacts. That increases the chances of fully understanding the nature of the risk and putting in place adequate mitigation measures. It will also help organisations to provide more meaningful information to investors thereby answering a key question set out in the FRC’s October 2018 publication on business model, viability and risk reporting, [3] namely;

“Is it clear to the reader how the business model, strategy and business environment link to the principal risks identified, and how the overall risks impact the viability of the business?”

[1] https://home.kpmg.com/xx/en/home/insights/2018/05/ceo-outlook.html

[2] https://www.frc.org.uk/getattachment/43c07348-e175-45c4-a6e0-49f7ecabdf3...

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.