Elevating Risk Management within the Organization

Article excerpt

[ILLUSTRATION OMITTED]

Risk management plays a critical role in many organizations. As a result, the department must be aligned with corporate objectives and direction.

To that end, the risk management function should be part of the strategic decision-making team. This means that it should play an essential role in merger and acquisition due diligence, and be engaged in any decisions regarding investments in technology platforms, expansion, plant upgrades, facility closures, workforce reductions and supply chain management. The following questions can help you develop strategies to increase the profile of risk management in order to make this a reality.

Does risk management need a rainmaker'?

Who will champion risk management at your organization among your firm's senior leadership? Does the function have to be led by a chief risk officer (CRO) for that to happen, or will it work if risk management is under the direction of the CFO, treasurer or general counsel? Your champion must be a member of the senior leadership team who recognizes the value the risk management function can deliver to the organization. Many organizations do not have CROs, so risk management should report to the person with the most power and influence.

What will it take to raise the profile of risk management?

How will risk management distinguish itself to senior leadership? What activities are critical for risk management to perform to protect the enterprise? If risk managers cannot speak the language of accounting and finance to communicate benefits they bring in purely financial terms, they will not gain top leadership's recognition and respect. Equally important, if they cannot communicate with business operations in a way that demonstrates a deep knowledge of what makes the business tick, they won't be taken seriously by company leadership. A risk manager's job is not to say "no" to risk taking, but to find ways to measure, mitigate or transfer risk so that businesses can be successful.

Who else is managing risk?

Is your department in the loop? What risk management activities are currently being led by other parts of the company? Should risk management be involved? If risk management is not forming strong partnerships with internal audit, legal, marketing, sourcing and other key internal stakeholders, it will be viewed solely as an insurance-purchasing department--and not a business partner. Often, being a risk management evangelist is a key to success.

Are there any black holes? Where are the potential gaps in risk management that leadership is overlooking? These may be areas outside the purview of the risk management function, but not addressed by other areas of the company. For example, in a rapidly expanding global organization, significant blind spots may exist around new operations outside the United States that lack the benefit of risk management oversight. Blind spots also often lurk in IT organizations, a primary reason why many firms are still without cyber-risk insurance.

Is leadership engaged in the risk management function?

Is there agreement with leadership on the objectives and deliverables of the risk management department? Where else can risk management add value to the organization? If risk managers are not having these discussions with leadership then there may be a significant disconnect, particularly in the aftermath of a major loss or crisis. …