Risk Managers – Change Mindset For Strategic Risk Management

In the previous post, I discussed the role risk managers can play in Strategic Risk Management (SRM). In my view to enter into the SRM arena, risk managers need to change their own mindset first. Presently the risk management function focuses on mitigating operational risks at micro level and hedging financial risks. To add to the confusion people equate SRM to Financial Risk Management. In my view SRM is more than hedging of risks, as this is risk mitigation where risk is viewed as a threat. Business strategy covers market, operations, finance, resources and products. Hence, SRM encompasses exploiting the upside and protecting the downside of business strategies across functions to increase business value

Risk managers are nowhere near addressing the strategic risks.  As per the survey “Fall guys : Risk management in the front line – A report from the Economist Intelligence Unit Sponsored by ACE and KPMG”  – just 41% of the organizations involve risk management function in formulating and implementing corporate strategy. The gap is huge and risk managers need to restructure and reframe their departments to focus on strategic risk.  I am giving here three suggestions for risk managers to bring about this change.

 1.    Fragmented risk management departments

Risk management function in a large organization constitutes of internal audit, compliance, information security, disaster recovery, fraud risk and physical security departments. Sometimes these departments are integrated and reporting to one Chief Risk Officer. In some organizations, these departments are reporting to different functional heads, namely Chief Financial Officer, Head of Shared Services, Chief Technology Officer etc.

These departments are all focused on addressing the financial and operational issues of the business. None of them has the objective to provide a strategic level understanding of business risks to CEO and board. When the department structuring and key performance indicators are incorrect, it is not possible to address larger issues of the business. The first step is to restructure the risk management function and prepare an annual plan incorporating time for addressing strategic risks. Risk management function should integrate embed itself in the organization framework.  

2.    Risk managers focus on negative aspects

Generally, on checking risk registers one will find negative aspects –  threats and weakness with a “what can go wrong” analysis.  Risk registers do not contain the opportunities business managers can exploit to increase business value. The positive aspects or the upside of risk is not evaluated by risk managers. Without it, how can they contribute to strategy? According to Economic Intelligence Unit survey, senior managers think risk management function top three objectives are- identifying new and emerging risks,  enabling managers to make better business decisions and ensuring corporate survival.

Sit back and think about it, how many risk managers have effectively contributed towards these objectives in the last year. Risk managers need to start working towards being business partners and enablers. That is, focus on the constructive aspects and become solution providers.

3.    Supply not meeting demand

According to the Economist Intelligence Unit survey, the top three activities, which risk managers focus on, are – conforming to regulatory requirements, securing corporate reputation and image, and stemming financial loss. The top three risks which senior management are concerned about – weak demand, instability in one of the major markets, and financial market instability. In the analysis of top ten, some of the risks mentioned in senior management demand and risk managers supply chart are common. However, it is clear that there is variance is senior management requirements and risk managers’ fulfillment. What is demanded is not supplied.

Hence, it shouldn’t surprise risk managers that senior management is frustrated and does not see value add from their role. Risk managers need to get a better understanding of senior management expectations to become involved at strategic level. Leave the risk management jargon at your desk and focus on understanding business strategy.

Closing thoughts

Risk managers need to develop a holistic view, look at the big picture and understand macro level risks. The focus should shift from identifying micro level financial and operational weaknesses in the business to strategic level. Risk management functions need to rebrand themselves from being problem creators and nitpickers to business partners and positive contributors. The doors to the CEO and board cabins will only open when risk managers effectively address strategic business risks and demonstrate to board their business understanding and usefulness

References:

  1. Fall guys : Risk management in the front line – A report from the Economist Intelligence Unit Sponsored by ACE and KPMG
Advertisements

10 comments on “Risk Managers – Change Mindset For Strategic Risk Management

  1. Interesting points of observation.

    1. “Risk managers need to develop a holistic view, look at the big picture and understand macro level risks.” This is the very crux of Financial Crisis 2008.

    2. “The focus should shift from identifying micro level financial and operational weaknesses in the business to strategic level.” This is where the disconnect, between operational and senior management level. If strategic level thinking is not clear the operational weaknesses would exacerbate.

    3. “Risk management functions need to rebrand themselves from being problem creators and nitpickers to business partners and positive contributors.” Fault line is at Board level. Strategic thinking when absent, impact on problems created does not reach the macro level risks that come as a thunderbolt and invariably too late to adjust or maneuver, may I say.

    4. “The doors to the CEO and board cabins will only open when risk managers effectively address strategic business risks and demonstrate to board their business understanding and usefulness.” It was clearly demonstrated by Inside Job:

    Quote: {LAWRENCE McDONALD FORMER VICE PRESIDENT LEHMAN BROTHERS}

    LAWRENCE McDONALD: Richard Fuld never appeared on the trading floor. There
    was art advisors up there all the time. You know, he had his own private elevator. The-,
    the, he went out of his way to be disconnected. I mean, his elevator – they hired technicians to program it, you know, so that his driver would call in in the morning, and a security guard would hold it. And there’s only like a two- or three-second window where he actually has to see people. And he hops into this elevator, and goes straight to 31. UNQUOTE

    There is only one way to get out of the mess from the Financial Crisis 2008 that is entrenching the companies with focus on Sustainability of Values. If Corporate World at large and America in particular think they can maneuver to come out of the crisis, they will go further down to an irretrievable abyss, without a good foundation.

    • Hi! Excellent points noted, as usual. I agree with you that the gaps are huge at senior management level in strategy development, and it needs revamping. I hope my new post discussing the challenges in strategy development from McKinsey Survey, agree with your thoughts on the issues.

      Sonia

  2. Pingback: Enterprise Risk Management V/s Strategic Risk Management « Sonia Jaspal's RiskBoard

  3. Pingback: Strong Risk Culture Benefits Strategic Risk Management « Sonia Jaspal's RiskBoard

  4. Pingback: Chief Financial Officers’ Focus Areas After Recession « Sonia Jaspal's RiskBoard

  5. Pingback: Good to Great Risk Management « Sonia Jaspal's RiskBoard

  6. Pingback: 10 Best Practices for Governance, Risk Management & Compliance « Sonia Jaspal's RiskBoard

  7. Pingback: 10 Steps for Restructuring Risk Management Function « Sonia Jaspal's RiskBoard

  8. Pingback: Strategy to Execution – A Risky Path « Sonia Jaspal's RiskBoard

  9. Pingback: Technology

Comments are closed.