Agile Risk Management: Preparing for Success Beyond Adversity

  • By Johan Nystedt, Chris Wegman and Max Glodde
  • Published: 5/14/2024
Agile Risk Management Article Header

In the contemporary business milieu, characterized by rapid evolution and unpredictability, organizations confront a diverse array of risks that can profoundly influence their operational efficacy, fiscal health and long-term viability.

Traditional risk management methodologies have predominantly emphasized readiness and mitigation strategies for adverse scenarios. However, there is an emerging trend toward a more nimble and comprehensive approach to risk management. This new paradigm underscores the importance of not only shielding against potential threats but also proactively preparing for both advantageous and challenging outcomes. Resilience can and should be seen as a competitive advantage for companies undertaking transformational shifts or engaging in strategic initiatives, including M&A.

In response to this paradigm shift, new approaches emphasize robust analyses of organizations’ spare risk capacity in the context of strategic ventures. The goal is to ensure that organizations can pursue growth opportunities without jeopardizing their financial stability.

In addition, in response to the ever-increasing velocity of change, companies need to hone their ability to enhance and integrate agility and measurable certainty into business continuity and disaster recovery processes. This can be achieved by translating potential exposures into financial metrics and offering a streamlined platform for developing and implementing effective business continuity plans (BCPs). When this approach is combined with the aforementioned risk capacity analytics, the upside of mitigating potential losses becomes real. Understanding the risks associated with any major transaction or business initiative is paramount.

The Evolution of Risk Management

Historically, the realm of risk management has been predominantly equated with crisis mitigation, with its chief aim being to identify potential threats and devise strategies to diminish their impacts. This reactive model, however, often rendered organizations susceptible to overlooking significant opportunities.

In stark contrast, the holistic approach to risk management signifies a substantial shift in perspective. It advocates for a proactive and comprehensive strategy that balances the evaluation of potential threats with the identification and leveraging of opportunities.

Traditional methodologies for business impact analysis (BIA) and business continuity planning (BCP) have typically depended on manual processes, such as using Excel and Word, leading to inconsistencies and inefficiencies in accurately and uniformly managing exposures.

New innovative software solutions can be instrumental and preemptive in transforming these traditional practices. This preemptive approach not only mitigates the risk of potential disruptions but also uncovers opportunities to strengthen resilience against such threats. This information can be helpful in conversations with regulators, auditors, customers and insurers.

The fact is that most BIAs, even if they were done well, are outdated. BIAs and BCPs need to be regularly updated, tested and maintained in order to maintain their relevance.

What sets such new technology apart is its capability to operate in near real-time. This feature ensures that a company's interdependencies, exposure quantifications and BCPs remain in sync with the business as it evolves and expands.

The contrast with previous methods is stark: Instead of rummaging through outdated BCPs stored in filing cabinets, new methods of sharing a BCP not only save time but also guarantee that the plan is current and relevant. This cutting-edge approach ensures that organizations can respond swiftly and effectively to both challenges and opportunities in the dynamic business landscape.

The New ERM

As ERM is becoming more strategic, risk practitioners recognize that strategic initiatives, such as acquisitions, are pivotal to a company's growth trajectory. These initiatives offer opportunities for expanded market presence, heightened profitability and competitive enhancement. However, they also carry inherent risks.

The ethos of holistic risk management transcends the conventional focus on merely defending against negative outcomes. Instead, it emphasizes the importance of assessing and understanding an organization's spare risk capacity, enabling it to confidently pursue growth initiatives.

Recent experiences in the banking and airline sectors underscore the tangible benefits of enhanced preparedness for adverse events. When significant disruptions occur, they often impact various segments of the organization and its interconnected supply chain. These scenarios create the potential for shifts in market share.

Companies that are better equipped to handle disruptions typically have a higher chance of capturing additional market share and bolstering their economic stance. This perspective reframes risk management from being solely about crisis planning and response. It highlights its role as a strategic tool for carving out a competitive advantage in the global marketplace.

This progressive approach to risk management is not just a defensive strategy; it's an offensive play. It enables businesses to not only weather storms but to emerge stronger and more dominant in their respective markets. By embracing this comprehensive and agile approach to risk management, companies can turn potential vulnerabilities into opportunities for growth and market leadership.

How to Do It

This section provides frameworks for companies pursuing upsides (strategic initiatives) and protecting downsides (agile business continuity and disaster recovery). We recognize that bad can come out of good and vice versa. The table below shows the positive ramifications of protecting the downside while reemphasizing the danger of ignoring potential negative surprises when pursuing growth:How to Do It Table

How Leading Companies Prepare for Opportunities

Measuring Spare Risk Capacity When Pursuing the Upside

Spare risk capacity is the margin between a company's current risk exposure and its risk tolerance. Providers that employ sophisticated risk assessment models to evaluate this spare capacity give a company a clear understanding of how much risk they can comfortably take on without breaching financial covenants or compromising their overall stability, helping to support BCPs and BIAs holistically.

An organization's risk capacity is often tethered to specific thresholds, such as commitments to corporate credit ratings or compliance with financial debt covenants. Identifying and determining these critical thresholds using metrics like leverage ratios and coverage ratios is critical. For instance, staying within an investment-grade credit rating necessitates understanding the financial metrics corresponding to such a rating.

With critical metrics and fluctuations identified, a base case stochastic model representing the business as is can be constructed. This model, utilizing estimated fluctuations, provides a nuanced view of future results. Overlaying scenarios on this base case allows for the evaluation of various strategic initiatives, such as M&A or business transformations.

Managing Spare Capacity for Strategic Initiatives

For real impact, companies need to not only measure risk capacity but also manage that capacity to support strategic initiatives. When planning for such endeavors, multiple contingency scenarios can be built on the base case scenario to identify mitigating actions. This involves eliminating existing risks deemed non-core to the business, such as foreign exchange or commodity exposure.

The key is to free up room for strategic initiatives by proactively addressing under-compensated risks. Additionally, by being better informed about risk scenarios, decision-makers can mitigate the risk of the “winner’s curse” in M&A auctions and other time-sensitive situations.

Below is a framework that Nystedt Enterprise Solutions created to guide action aimed at freeing up risk capacity:Nystedt Enterprise Solutions Framework

Business revolves around taking risks where you have an advantage in pursuit of return. This means mitigating undercompensated risk to free up risk capacity for high-return business initiatives. By quantifying the potential impact on financial metrics, cash flow, and other critical indicators, clients can make informed decisions about whether to proceed with the initiative, modify their approach, or consider alternative strategies.

In other words, understanding and mitigating the risks that are inherent in an organization can prove to be a competitive advantage. Decreasing the expected loss associated with a disruption of production is the equivalent of increasing sales in an up-turn. Both situations position the company for continued success.

How Forward Companies Protect Against Downside Risk


New approaches empower organizations to make informed, high-quality risk management decisions grounded in data-driven insights. A fundamental aspect of this process is the quantification of risks in relation to their impact on the business. However, this assessment isn't limited to identifying potential risks; it also involves measuring them against the mitigative resources and strategies available to the company. This practical application includes considerations for finished goods inventories, production alternatives and the role of external vendors in the risk management framework.

Progressive companies adopt the "80/20 rule,” or Pareto Principle, in their risk management strategies. This principle acknowledges that not every risk requires mitigation. Instead, the focus is on those risks that surpass the company's defined tolerance levels. By quantifying exposures in terms of actual revenue impact, this approach enables businesses to clearly identify their most significant risks. This clarity facilitates targeted and effective mitigation strategies, ensuring that resources are allocated to manage risks that pose the greatest threat to the company's financial health and operational stability.

This approach to risk management is not just about defense; it's about strategic optimization. Minimizing the risk associated with any transaction should increase the assumed ROI associated with said deal. By prioritizing risks based on their potential revenue impact, companies can allocate their resources more efficiently, ensuring that their risk management efforts are both effective and economically rational. This method transforms risk management from a reactive, crisis-driven endeavor into a proactive, strategic tool that supports sustained business growth and resilience.


Holistic risk management is not about encouraging recklessness; rather, it is about calculated risk-taking. The key is to strike a balance between ambition and prudence, ensuring that strategic initiatives align with organizational goals while remaining within acceptable risk thresholds. This approach safeguards against unintended breaches of financial covenants and maintains stability throughout periods of growth.

A comprehensive understanding of potential risks and rewards empowers organizations to make strategic decisions that drive growth without compromising financial integrity. In the pursuit of success, holistic risk management is not just a shield against adversity; it becomes a catalyst for sustainable and strategic growth.

Forward companies transform risk management into an essential operational tool, ensuring uniform adherence to a standardized risk assessment framework across all organizational units. This standardization is crucial for developing focused BCPs, enabling a consistent, effective approach to risk evaluation and management. It enhances the ability to compare and prioritize risks across different areas, facilitating efficient resource allocation.

This strategy underscores the significance of BCPs beyond mere regulatory compliance, emphasizing their critical role in safeguarding company value and community welfare. Prioritizing BCPs at the operational level ensures business continuity, minimizes disruptions and fosters resilience, thereby preserving business value and contributing to community stability.


Johan Nystedt is president and founder of Nystedt Enterprise Solutions LLC, and has managed risk for many companies including Conagra Brands (as the chief risk officer), Levi Strauss, RR Donnelley and Kraft Foods. You can contact Johan directly at [email protected] or find out more at

Chris Wegman and Max Glodde are co-founders of MEO Continuity. MEO offers a versatile risk management platform suitable for various industries, streamlining the processes of business impact analysis and business continuity planning. Our ethos centers on a holistic yet straightforward approach to risk management, aimed at safeguarding companies, their economic contributions, and the communities they impact consistently over time. The MEO team has a proven track record of aiding numerous Fortune 1000 companies in maintaining operations during challenging periods. For more information or to reach out to us directly, please email [email protected] or visit our website at

Copyright © 2024 Association for Financial Professionals, Inc.
All rights reserved.