British Petroleum was recently fined US $ 4.5 billion for the Deep-water Horizon disaster in April 2010. The highest ever fine till date. The verdict implicated two employees for negligence. Similar news is coming of regulators charging huge fines to banks for their wrong doings. Regulators and law enforcement agencies change in approach sends a clear message – regulators won’t tolerate lax attitude towards risk management. Organizations will have to pay through their nose if caught contravening laws and regulations. Therefore, risk managers have to pull up their socks and gear themselves for tougher times.
It is apparent that risk management approaches and practices that worked until 2011, will not work by 2015. Frequently, risk managers focused on self-preservation by blaming the top management for lack of support. They continued the silo approach and turf wars with other risk management departments at the expense of the organization. They escaped majority of the blame for the debacles, as business was responsible for the risk management decisions. Risk managers role was recommendatory and supportive in nature; hence, the ball was never in their court.
1. New demands from business heads
In my view, business heads will not allow this type of smooth sailing to risk managers now. They will hold risk managers accountable and responsible for the level of risk within the organization and for failure to prevent risk management disasters. In the current environment, risk managers need to focus on the following.
a) Build risk awareness across the organization and spread the message to every employee of the organization.
b) Maintain a risk register that captures internal and external risks at strategic, tactical and operational level.
c) Ensure decisions are taken after giving due regard to risk versus reward parameters. Organization risks remain within the risk appetite.
d) Guarantee complete compliance to all legal and regulatory requirements at a global level.
e) Make risk management departments efficient and effective by managing costs and working with limited resources.
2. Change in leadership style
Hence, it is crucial for risk managers to change their leadership style and take a deep look on the management practices they have followed until date. I know you would think that isn’t a big issue. I also thought on the same lines before I read Lisa Wiseman’s views on multiplier effect of leadership. She is the author of the book – Multipliers: How the Best Leaders Make Everyone Smarter. I must say it is a revelation. She has divided leaders in two major categories – diminishers and multipliers. Multipliers use and amplify intelligence of others that results in a 2X effect. Unfortunately, diminishers use less than half the intelligence of those around them. Diminishers have the attitude that they are the smartest in the room, and hence do not leverage on the intelligence of others. On the other hand, multipliers create an environment where best thinkers grow. See the chart below to understand the ten sub categories.
3. Risk managers diminish business teams
I understand that our first reaction is to believe that we are a multiplier leader. However, you will change your opinion on reading the details in the paper or on taking the accidental diminisher quiz (links below). Majority of us are somewhere between the spectrum on multiplier to diminisher. Here are some of the instances where risk managers show diminishing behavior:
a) As risk managers sometimes we have focused on building large departments to show importance rather than deliver value. We do so at the expense of other risk management departments who might be requiring the resources desperately.
b) We use our positions politically to create a fearful environment among business teams. They believe all shortcomings and failures will be reported to senior managers and their jobs will be at risk.
c) We use our limited knowledge of business operations to give advice to business teams without considering their viewpoints and thoughts on the same.
d) We roll out risk management plans and initiatives without having any discussions with the business teams and people at lower levels that have to execute the plans.
e) We believe without our personal involvement business teams cannot manage risks. Instead of training and educating business teams, we get involved in every small aspect.
Though, if you read the top five things risk managers have to do at the top of the page, we need to cultivate multiplier behavior patterns. Nothing can be better than using twice the brainpower of a resource at the cost of one. Moreover, the multiplier effect will facilitate using the knowledge residing with business teams. It is only when business teams start thinking about risk management on their own that organizations will avoid disasters.
In the present environment, risk managers have to meet new demands with insufficient resources and knowledge. Do you think becoming a multiplier will address some of the problems? According to you what alternative approaches should be followed?