The message that risk management is not just about nasty things, but also what business people really want – opportunity, new markets, enterprise – has clearly been around for at least 24 years. However, has it got through to our colleagues and above all to the C-suite?
The frustrating truth for those who care passionately about the benefits of risk management is that the subject remains a turn-off for too many board members and other senior executives. While the profile of risk management is probably higher than ever, it still has negative connotations. In football parlance, we are seen as the defenders who stop goals rather than the creative mid-fielders who hold the team together or the strikers who set the crowd alight.
And, if we are honest with ourselves, we are partly responsible for allowing this misleading perception to develop.
Our message is that a robust risk culture will nourish the entire organisation, providing the board with vital information and creating the platform for it to be enterprising and innovative. Roads to Resilience, published by Airmic in 2014 and based on research by the Cranfield School of Management, established a clear link between sound enterprise-wide risk management and commercial success, including long-term profitability.
Risk managers can be a unifying force, enabling an organisation to achieve its ambitions. To be a strategic risk manager is to be an accomplished networker and to have an overview of the enterprise. This means understanding its strengths, its weaknesses, its culture and its objectives. It means using risk management explicitly to support corporate strategy in a positive way, and talking and behaving like a businessperson.
This type of executive does not even have to have the word “risk” in their job title, but for simplicity’s sake let’s call them the chief risk officer or CRO. Such a person should be the eyes and ears of the board, and a key support for the chief executive.
Non-financial CROs are extremely rare in the UK, though they are more common on the Continent and in North America. This deficit needs to be made good if risk management is to fulfil its true potential to help UK plc.
How, then, do we improve understanding of risk? At the heart of the problem is that “risk” is what my old English teacher used to call a lazy word, like “nice”. It is used in so many ways that it loses its power to improve understanding and to change perceptions. People need to make their message relevant, timely, new and nuanced. By simply using the word “risk”, without explaining where it fits into the value chain, it can sound old and tired.
Risk managers often shy away from talking about the value of their work because so much of what they do is to prevent things from happening. The trick is to move beyond something that did not happen and that, in any event, colleagues would rather not think about. Talk as well about the trusted characteristics of a brand that build up over time.
Discussing objectives is a good first step, but it goes further than that. Risk managers must align their message with the purpose of the organisation, its language, culture and objectives. Telling people that, in the worst-case scenario, the end of the world could be nigh does not win friends or gain you influence.
Young risk managers in particular are keen to embrace and indeed help shape the new business world. Airmic is working with its members to build on their already formidable technical skills, and to prepare for the most senior and strategic risk roles. At the same time, it is very much in the interest of the C-suite to take a fresh look at risk and how it can become an even greater force for good.
