Active risk management helps companies to deal with insecurities, to reach operative and strategic goals and to improve the performance of the management system [1]. This makes it an important element in safeguarding entrepreneurial success. At the same time, risk management does not add direct, but merely indirect value, by avoiding risks or exploiting an opportunity.
Regrettably, legal requirements like the German Stock Corporation Act [2] do not provide sufficient hints how this task of optimisation can be solved by the individual company. However, the maturity concept for risk management offers helpful guidance as the model’s levels of development can be easily linked to the structure and characteristics of a specific enterprise.

Maturity Level 1: Linear companies

The first level of risk maturity is represented by companies characterised by linear structures. These companies are typically relatively small, have a limited portfolio of products and services, and their target market is clearly defined. As a result, the risks arising from the direct environment and internal processes can be easily handled by one person.
Accordingly, it is rather simple to meet the requirements for a risk management system in such settings. The only thing a company has to do is to make sure that there is at least one person who systematically keeps track of risks and evaluates them. Moreover, it must be guaranteed that this person takes a responsible part in decision-making processes and that relevant information about risks are duly considered.

Maturity Level 2: Ramified businesses

Businesses of the second level are marked by a ramified system of structures, resulting either from a division of labour (e.g. development – manufacturing – sales), parallel marketed products and services, or different target markets. This means that the company can no longer be controlled and managed by a single person alone, while each of the branches within the company structure still have the features of a linear enterprise.
Efficient risk management under such circumstances demands that it be shared: In each branch at least one person should adopt the role of a risk manager in charge of identifying, assessing and addressing risks in the respective area. If in all parts of a company this is to happen in more or less the same way, tools and processes for risk management have to be clearly defined and aligned with each other. Within these branches it is the risk managers’ job to make sure that the information about risks is sufficiently taken into account when decisions are made. To ensure that this is common practice even on the top management levels, a system of filing and transmitting information has to be created. In this way information collected on lower levels of a company will be equally accessible to higher levels.

Maturity Level 3: Matrix companies

Complex companies are characterised by a matrix structure. Communication and decision-making does not take place in a linear top-down or bottom-up manner, but both horizontally and vertically. As a consequence there are many interfaces where information has to be exchanged and decision-making is increasingly decentralised. Going along with this, information about risks has to be available at many different places. Decision-makers have to be capable of dealing with this information to handle risks and opportunities* effectively.
To meet these requirements, an effective risk management system must have tools and processes that run smoothly. It should be clearly defined where there are interfaces between different areas and how risks are transferred and re-evaluated in different settings. Also, information about relevant risks have to be accessible to all people who are responsible for making important decisions. At the same time, staff members need to have the necessary knowledge about risks and opportunities and the technical expertise for dealing with them. Their skills should comprise the ability to identify and assess risks, and to integrate them into decision-making processes. In this way the collected information about risks is sufficiently accurate and the information can be used efficiently and adequately.

Maturity Level 4: Risk-taking companies

Companies of the fourth stage have a high level of risk-taking, i.e. these companies systematically try to exploit opportunities by taking calculated risks, which, once a reality, can endanger the company as a whole or in parts.
It is an essential element of these companies’ business models to create an ideal balance between opportunities and risks. The requirements that matrix companies have to meet in terms of risk management have to be fulfilled for opportunity management as well. What is more, performance indicators should help to assess how efficient the respective risk and opportunity management strategies are. These indicators should of course be under constant surveillance and modified where necessary.

Maturity Level 5: High risk companies

The keyword “high risk companies” comprises two different types of enterprises: those whose main business is managing risks and those for which risks, once a reality, will have a desastrous impact on their environment.
In both cases it is essential to have effective risk management strategies. This requires that all risk management processes be systematically and constantly improved, on the basis of adequate performance indicators. Companies whose main job is risk management should also apply this to opportunity management.


[1] DIN ISO 31000:2018 Risk management – guidelines

[2] §91.2 AktG (German Stock Corporation Act)

*According to the definition [1], the term “risk” signifies both negative and positive effects of uncertainty on targets. In contrast, following the common usage, we here use “opportunity” for positive and “risk” for negative effects.

Internal business processes often cost a lot of time and money, as it is the efficiency of industrial processes that determines how much time and money is needed on all levels of a company, from manufacturing to business management. Thus optimising internal business processes has a direct impact on the performance and financial success of companies.

The concept of process optimisation

Process optimisation is nothing new. Ever since James P. Womack’s bestseller “The Machine that Changed the World” from the early nineties, Lean and other approaches to process optimisation have become common management practice. When you submit the keyword “process optimization” at Amazon, you are offered hundreds of books on this very subject.

Considering the vast offer of methods, tools and implementation assistance, today’s industrial processes should be perfect. There should be no waste of resources. It should be natural – and no longer be a competitive advantage – to have optimised processes however complex they be.

However, even almost 30 years after Lean & Co found their way into business, reality still looks different: People responsible for shaping internal processes act according to the motto “We’ve always done it like that”; in spite of changing environment, no adjustments are made to internal processes; things that go wrong are addressed only superficially rather than being used as a starting point for a thorough revamp; and attempts at initialising process optimisation regularly come to nothing. Instead of just patching up bugs with a quick fix, you should focus on sustainable solutions.

5 Steps to Successful Process Optimisation

If you want to make sure that processes within your company run smoothly, without waste of resources and that your next process optimisation leads to a sustainable increase in productivity, you should follow these five steps:

1. Set your objectives accurately

Before starting to optimise internal processes, you should define what exactly it is you would like to improve: Are you concerned about reducing costs, enhancing quality or speeding up response mechanisms? Or are you going after something more complex, like, for instance, customer satisfaction or staff loyalty?

Besides defining the objectives, you should also consider how to measure success. This includes the data to be recorded, the timing of the data recording and any calculation required to evaluate progress.

2. Get to know the status quo

Having defined your objectives and targets, you should familiarise yourself with the current state of affairs within your enterprise. Knowing the status quo will help you identify weaknesses, outline the need for improvement to those involved and carving out starting points for process optimisation.

Furthermore, the analysis of the present state of affairs will help you to check how useful the criteria are which you have chosen for assessing success. At the same time, you build up a coherent frame of reference for your improvements, so that you can measure quantitatively how effective your methods are.

3. Choose a suitable method

The third step is about choosing a method suitable for the set target. Even if various industry pundits suggest something different – there is no one and only path to follow. Therefore, you have to find out yourself which of the available methods is most likely to lead you to success.

In case you should not have the necessary know-how in terms of proper methods and tools, or if you lack orientation in the jungle of approaches and strategies at hand and feel unfit to make a wise and informed choice, you can rely on the assistance of experienced management consultants. In this way you will prevent yourself from missing your targets just because you used inappropriate methods, hence safeguarding your economic success.

4. Get your optimisation project going and done

The next step is simply put: You have to put your project of optimising internal processes into practice. It goes without saying that this should be done comprehensively and with meticulous care, for otherwise the set targets cannot be fulfilled.

During the process of optimisation you should keep an eye on the measurements you have chosen to assess your progress. This will help you see at an early stage if the measures taken have the desired effect or if you might have to modify them.

5. Integrate your improvements into existing structures

Now only one last step is missing, which, however, is often overlooked although it is vital: Processes carried out by humans have a tendency to fall back into old, deeply ingrained habits. To avoid this, you have to make sure the new processes are firmly anchored, i.e. you need to create mechanisms to prevent this regression.

If you keep these five steps in mind when optimising internal business processes, you will truly improve the efficiency and financial success of your company and secure its long-term success.
In this article we present another approach to continuous improvement. If you want to learn which approach best suits your company’s needs, please contact us for a free initial discussion.

Making strategic decisions in an insecure, constantly changing environment is challenging for two reasons: first, the changes a company faces are normally unpredictable and second, in most decision-making processes there are systematic weaknesses.

Using scenario planning to improve decision-making processes

According to Kees van der Heijden it is several different mechanisms that systematically paralyse strategic decision-making processes. In his studies he identifies seven such mechanisms which individually or in combination can cause a strategic paralysis of companies:

  • Ingrained, inflexible attitudes
  • contradictory, unaligned perception
  • prejudiced way of receiving and interpreting information
  • embedded biases
  • risk aversion
  • overconfidence
  • misjudging the accuracy of one’s own predictions

These mechanisms can easily affect decision-making processes in a negative way, especially if the environment of a company is exposed to substantial change. All this leads to errors in strategic decisions and, eventually, economic failure.
One way of avoiding these traps is scenario planning. Scenario planning visualises possible future developments. This process, usually cooperative and drawing on data from different sources, bypasses the pitfalls listed by van der Heijden. It systematically improves the effectiveness of strategic planning, which, in turn, will become more responsive to shifting circumstances.

Key criteria for scenarios

If scenario planning is to have such a positive effect on decision-making processes, the developed scenarios have to meet the following criteria:


The forecast spectre of developments drafted by scenario tools must be relevant to the decisions in question. This means that scenario planning must take account of all dynamics that have an impact on relevant decisions and their consequences.
In a similar way this is true for the specified timeframe: for a comprehensive evaluation it should cover the whole range of possible decisions and their effects. If the created scenarios, however, go significantly beyond this time span, they might distract attention from essential issues.


Apart from being relevant, scenarios should also be comprehensive. In this context the term ‘comprehensive’ means that both uncertainties and certainties are considered. Uncertainties, i.e. dynamic situations and constellations which may develop in any direction, form the basis for thinking up plausible futures. However, certainties, i.e. factors whose future development can be easily predicted, are just as important in scenario planning because they help scenarios remain realistic.

Sufficiently revealing and realistic

The scenarios created by scenario planning should be sufficiently revealing. This means that they should extend the scope of possible futures and their timeframe as far as possible. If this requirement is met by two, three or more scenarios depends on the specific case in question.
At the same time, the scenarios should remain realistic by remaining within the scope of the prognosis. This scope should be made plausible, wherever possible, by available data and studies.


Every scenario developed in the context of scenario planning should be restricted. Scenarios are no predictions of the future, but describe a possible way that things might turn. Such an outline has a clear beginning, usually the present, and a defined end-point, which is the end of the timeframe under consideration. Between these defining points lies the description of a development which begins at the starting point and goes through right to the end-point.
If these four criteria for scenario planning are met, the scenarios will be a strong tool to avoid the described weaknesses in decision-making processes.

We highlighted guidelines for the decision-making process in the article “Without any alternative? – Improved decision making”. Considering these tips will enable you to develop meaningful scenarios and create a positive impact on your company. If you have any questions, do not hesitate to contact us.

Increasing uncertainty, rapid changes of the environment and a constantly rising level of unpredictability urgently require an active risk management system for every business strategy. Top executives, project managers and department leads find themselves more and more confronted with a host of improbables, which they have to consider in their decision-making processes to secure long-term success and reach their goals and aspirations.

Assessing risk management processes

How successful risk management strategies are normally does not become clear until the set goals are achieved – or, if things go wrong: are missed. However, this approach to assessing quality is problematic as it is merely reactive. Potential for improvement can only be recognised and realised when it is actually too late.
It would be better to use a different approach that assesses the quality of risk management processes in companies independently of whether goals are reached or not. Potential for improvement should be identified before risks have already become a reality. One concept which meets these requirements is the maturity model, created to assess risk management strategies in companies.

Maturity concept for risk management systems

The maturity concept includes a reference model that helps integrate risk management strategies in companies. To do so, several aspects are examined and assessed, so that they can be systematically improved. These aspects cover very different perspectives, thus preparing the way for a holistic assessment of risk management systems.

Definition of processes and roles

How are risk management processes defined, what activities do these processes consist of and what roles are defined in this context?

Tools and documentation

What tools are used for risk management purposes and how is relevenat information documented?

Application and embedding

How are risk management processes and tools applied within the company and how are risk management processes integrated into other processes?

Interfaces and processing of information

What defined interfaces concerning risk management processes exist in the company and how is relevant information processed?
Training and development of skills
What mechanisms make sure that the right people have the necessary skills required for successful risk management?

Risk culture and awareness

How strong is risk awareness in the company and how closely is it linked with the respective corporate culture?

Use of the maturiy model for a successful risk management

The maturity concept has three different functions in terms of improving risk management processes in a company. First, the reference model helps describe risk management systems in a consistent way which at the same time fits the specific requirments of the individual company. These descriptions can be used as a target definition for risk management processes.
Second, this model makes it easy to analyse how much progress has already been made in implementing risk management strategies. Thanks to the holistic approach including different viewpoints, strengths and weaknesses and the current level of implementation become clearly obvious.
Finally, the reference model used in the maturity concept is a road map for improvement risk management systems in companies, particularly when it comes to developing and prioritising measures that ensure healthy and prospering growth.