In virtually all industries, organizations face difficult challenges in responding to rapidly changing, and globally pervasive risks. In an attempt to mitigate or manage these risks, executive risk managers strive to develop an efficient risk management program that is engrained in all aspects of the company’s culture. However, within the organization, the definition of “risk management” and its impact on strategy typically varies among individuals. In efforts to analyze differing risk perspectives, Advisen issued a report, Enhancing Risk Managers’ Strategic Influence, to offer suggestions for bridging this gap and enriching the risk manager’s role in developing strategy.
Prioritizing Risks Across the Organization
While senior management teams within most organizations take risk management seriously, the priorities of the risk manager and those of the executive board can and often do vary. CEOs are usually concerned with political, external economic, and technological risk factors—the risks that shareholders and equity analysts will likely hold them responsible for. In fact, according to the report, the issue of cyber security risk was the only risk area that corporate risk managers and executive decision makers had in common.
Depending on the organization, risks are broadly categorized in a variety of ways. A common schema places risks into four categories: hazard risk, financial risk, operational risk, and strategic risk. The risk manager typically assumes the role of managing the hazard risk, which includes liabilities and property-related exposures. Meanwhile, management is accountable for strategic risks. Other than cyber threats, risks addressed by the risk manager are rarely recognized as risks of executive management. This, however, is not a major concern; the priorities of the risk manager and management should vary and would, in fact, signal that the risk manager is performing his or her job effectively. Thus, management is less concerned with the priorities of the risk manager and thus turns their attention to other risks. Unless the risk is expected to expose the company to a sizable loss, management’s focus is on the more speculative and strategic risks that cannot be managed with traditional risk management techniques.
Communication Is Key
When his or her job is seen as undervalued or misunderstood, this can be frustrating for the risk manager. To alleviate this, the risk manager should communicate value by transforming actions into financial terms that the C-Suite is likely to incorporate into strategic decisions. Communication is key in this regard; the risk manager needs to be able to explain his or her role to others in ways that the company measures success and value in order to prove that his or her role is of strategic importance.
This communication should include a common “risk language,” in which the risk manager can speak effectively to issues that the C-Suite can relate to. This will ultimately assist the risk manager in proving his or her value to the organization. Moreover, conversations should occur in a forum setting, or perhaps, within informal board training sessions to ensure all individuals are concurrently updated on risks. By adopting this approach, the organization can take larger strides in developing a more unified and integrated approach to managing risk.
The Risk Manager Strategy
While many risk managers are satisfied with traditional risk management tasks, such as buying insurance or managing captives, others seek to be more integrated with the C-Suite in order to be a part of the strategic decision making process. As the risk manager of an enterprise risk management program, it is important to understand the company’s strategy in order to identify risks to that strategy. Being a part of the decision making process will enhance the risk manager’s ability to do his or her job. As previously indicated, it is up to the risk manager to effectively communicate risk transfer activities into a way that the C-Suite will understand in order to ensure the risk manager’s value is easily understood. Even further, the risk manager should seek to find an advocate in the C-Suite, most often the CFO. With an advocate on the C-Suite, the risk manager will have a way to communicate and produce contributions in regards to strategy.
In order to extract the most value from an enterprise risk management program, the risk manager should ensure his or her position is understood and integrated throughout the company. Their efforts will be most appreciated by the executive decision makers when risk techniques can be translated into a common financial language. By building this risk dialogue into the culture of the company, educating management about risk issues and the contributions of the risk management department, and accepting difficult, yet value-adding tasks, the risk manager can prove the importance of the job title. Ultimately, risk managers should develop a strategy to earn a seat at the C-Suite table, thereby including them in the risk-related strategic discussions.
Subscribe to ERM Insights
The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.