Risk managers are under siege. They have to deal with various stakeholder expectations – regulators, investors, shareholders, board, CEO, CXOs and business teams. In most situations, they are outnumbered and overpowered. Most risk managers face some level of resistance. Some are mere cogs in the wheel to ensure organizational compliance to regulations. On the other hand, a few have mastered the art of becoming invaluable to the organization. Accenture 2011 Global Risk Management Study segregates the best practices of “Risk Masters” from the general practitioners. The top 10% of the 400 respondents constitute risk masters group. The survey shows that the gap between the “best and the rest is increasing”. Check the graph below to understand the huge difference.
The interesting bit is that about 75% of the respondent organizations had revenues above USD 1 billion. That means the analysis of risk management functions is amongst the top performers of the industry. Hence, the question is – in the best of class organizations why there is a difference in focus and perception of risk management functions. What has made a few risk managers linchpins?
Seth Godin describes three categories of people in his book Linchpin – (1) Linchpins, (2) Supporters and (3) Leeches, devils advocates, pessimists and obstructionists. Don’t mind it, but frequently business executives think risk managers belong to the third category. They think risk managers as naysayers, problem creators, critics etc. The point to think is that at least 10% of the organizations consider risk managers as Linchpins. So what are these risk managers doing differently from the rest?
Accenture report highlights some of the best practices Risk Masters adopt.
- Be a source of competitive advantage
- Participate in key decision-making process and developing strategy
- Use sophisticated analytic and modeling tools to predict risks.
- Deliver business solution by going beyond compliance mindset
- Integrate all GRC functions
- Appoint Chief Risk Officer reporting to CEO
- Build risk culture within the organization
- Invest in tools, technology and other risk resources.
Now the above key points are not new to us. The difference is that some risk managers successfully implemented them, and others are still struggling. We can safely assume that most risk managers working in organization with over USD 1 billion turnover have the required domain knowledge and qualifications. If we do not take the victim mentality of blaming senior management and organization culture for lack of support to risk management functions, then we have to acknowledge that some soft aspects are at play. Question is –what are these soft aspects which make them Linchpins?
According to Seth Godin – “Linchpins are the people who make a difference, the ones that ship, the rare ones that truly have an impact. This group of people, in that moment of time, change everything.” Linchpins are valuable as they are irreplaceable and indispensable. The Linchpin’s attributes are:
1. Provide a unique interface between members of the organization
Seth Godin – Linchpins help lead and connect to people with finesse.
Risk managers frequently are unable to connect to business executives’ mission, vision and plans. Although they are in a position to provide a unique interface, they compartmentalize the business problems according to business departments or risk departments. Hence, the business executives become resistant to suggestions of risk managers as they don’t give business solutions.
2. Deliver unique creativity
Seth Godin – Unique creativity requires domain knowledge, a position of trust and the generosity to actually contribute.
Most risk managers have the domain knowledge, however may lack the other two aspects for unique creativity. Gaining trust of business executives is difficult especially if risk managers are not handholding them through tricky business situations. Secondly, risk managers focus on going by the rulebook, audit programs and manuals. They may hardly indulge in creative thinking to provide competitive advantage.
3. Manage a situation or organization of great complexity
Seth Godin – Linchpins make their own maps and thus allow the organization to navigate more quickly.
With globalization and technological advancement, organization complexity has increased. Risk managers need to address – financial, operational, legal, reputation, political, business, strategic, market, credit, liquidity and emerging risks. Since risks are inter-connected, working in silos results in unaddressed risks. Old approaches are redundant and new maps are needed to address risks in a more holistic, integrated and strategic manner. GRC functions need to be integrated under a Chief Risk Officer.
4. Lead customers
Seth Godin- As markets fragment and audiences spread, consumers are seeking connection more than ever.
Risk managers stakeholder demands are increasing and they are facing challenges due to lack of internal selling capability. The compliance mindset with tick in the box mentality is restricting them from providing strategic guidance to Board/ CEO/ CXOs. They are waiting to take orders from senior management instead of influencing them by presenting good business cases. Hence, risk managers are failing to connect with senior management.
5. Inspire staff
Seth Godin – Understanding that your job is to make something happen changes what you do all day. If you can cajole, not force, if you can lead, not push, then you make different choices.
Risk managers are relying on bureaucracy to get their job done. With the old mindset of an auditor, they wish business executives to comply. They don’t realize that business executives cannot comply when they don’t know what to do next. With new products, markets and technology, risks are forever changing and new ones appearing. Risk management is no longer a cut and dried checklist driven task. Hence, risk managers fail to build a risk culture within the organization.
6. Provide deep domain knowledge
Seth Godin – Mapmakers often have the confidence to draw maps because they understand their subject so deeply.
The complex economic environment requires a deeper understanding of systemic and emerging risks. The financial crisis has shown that financial institutions failed as they launched products with inadequate understanding of risk components. Domain knowledge coupled with strategic direction gives business team great advantage. The superficial regulatory compliance adds limited business value.
7. Possess unique talent.
Seth Godin – When you meet someone, you need a superpower. The ‘super” part and ‘power” parts come not from something you’re born with but something you choose to do and, more important, from something you choose to give.
Risk management is a fast changing discipline. Twenty, ten and fiver year old qualifications, procedures and knowledge are passé. Those relying on excel worksheets and out-dated software will fail. It is a world of analytics, data mining, risk business intelligence reporting, software solutions etc. Upgrading skills and domain knowledge is a necessity to address current day risks. Without the talent, knowledge and insight, there are no takers for risk manager’s advice.
In nutshell, while the best practices for risk management functions are known, quite a few risk managers are failing to meet the required performance level. Hence, take a deeper look to assess the reasons for failure and decide whether different soft strategic approaches will benefit the organization more.
So, can you become a Linchpin risk manager? Up to you.