Risk Management Makeover
It’s little wonder risk managers are accustomed to remaining behind the scenes. One need only look to Congress grilling Enron’s former risk manager about his role—or lack thereof—in the company’s out-of-control corruption to see that the spotlight can quickly become uncomfortable when it is pointed at risk management.
Yet risk managers are beginning to see light at the end of the C-suite tunnel. More complex financial and operational risks are weighing on senior management in ways that require risk management to become trusted advisors to the CEO and board. More senior executives are calling on risk management to become proactive partners in strategic planning efforts.
It had to happen sometime. Yet not all CEOs understand the value of having risk management as part of the planning team. Too often, risk management is brought in at the 11th hour as a form of necessary evil: the wet blanket thrown over the blush of project excitement. Can risk management shed its joy-killing image and emerge as a true partner in the strategic and operational planning phases of business growth? Many experts believe risk management not only can shed that image, but must enter the limelight for a company to reach its true earning potential.
The Status Quo
Historically, risk managers have been viewed as the gatekeepers, the detail people who prevent upper management from making expensive missteps. As the brakes of the operation more so than valued partners, risk management is part of an uneasy alliance executive management makes with addressing its exposures. While the role is slowly evolving, much of risk management’s involvement in decision making is advisory: the medicine that C-level managers are reluctant to take but know they have to.
Part of that image could be attributed to risk managers’ unwillingness to expose themselves to career dangers. Opportunity exists, but those in the risk management department don’t capitalize on it.
Craig Martin, a director at the Association for Financial Professionals, believes risk managers can make the most of their skills as part of the audit committee. Many are simply reluctant until their backs are against the wall. But thanks to an economic crisis coupled with more regulation around finance, reporting and operations, risk managers are moving toward the center of the operational strategy. “Recognition is being thrust upon them by what has happened,” said Martin. Risk managers, he said, shouldn’t “waste that opportunity to take on more responsibility and be seen and be heard.”
This recognition may come reluctantly, but given the many high-profile failures that underscore the consequences of not heeding risk management’s advice, like those of BP and MF Global, it is essential to any business wanting to compete and still fall within an acceptable level of risk exposure. In the case of Tony Hayward, BP’s former top boss, there was a (now-well-documented) culture of risk taking that defied any warnings to the contrary. In the case of former MF Global CEO John Corzine, the risks were reported, but Corzine acquired permission from his board to ignore those warnings. “In today’s volatility, it’s all about risk management,” said Martin. Yet even these lessons learned the hard way can be opportunities. As Martin puts it, “Never let a good crisis go to waste.”
That is not to say risk managers aren’t already taking a more central role in business operations. “Some of them are in the C-suite, showing their expertise as value to the corporation,” said Martin.
Still, the disconnect remains. Some see this stemming from a communications problem. According to Annie Searle, a principal at the risk consultancy group Annie Searle & Associates LLC, risk managers often fail to consider what their audience wants from them. “The biggest mistakes I still see people make are using highly technical jargon and uninterpretable maps and charts,” she said. “It often makes it easy for executives to dismiss them because they often think risk managers don’t have the right fix on the business.”
Sometimes, the message is fine, but the recipient isn’t willing to hear it. Far more dangerous is the risk manager facing down a CEO who won’t heed the warnings. When Searle was a senior vice president of enterprise risk services for Washington Mutual, she remembers the head of risk approaching the CEO with concerns regarding operations. When the CEO ignored the warnings, the head of risk went to a member of the board. The next day, he lost his job. “Stories like that, or seeing risk management pretty consistently ignored causes risk managers to be more conservative than perhaps they should be,” she said.
Is it changing? Searle, who works in the finance, energy and public health sectors, says, “Not that I can see.”
Missing: Soft Skills
The question then becomes why? Is it the fault of the top-level executives simply being blind towards the value that the risk managers bring them? Risk managers would like to think so. But in many cases, it is simply that risk managers cannot properly express themselves in a way that shows their value. In short, risk managers must improve their soft skills.
That, however, is an art not always found within risk management. Linda Henman, president of Henman Performance Group, is an expert on setting strategy, planning succession and developing talent. She says that the fundamental differences between the outlooks and communication methods of top executives and risk managers creates an oil-and-water effect. “Operations people tend to be fast-paced,” said Henman. “Risk managers tend to be slow-paced.”
She sees risk managers approaching the top brass armed with reams of data and charts—something that makes it easy for management to dismiss them as numbers people who are out of touch with what it takes to run a company. “They want to show off their work,” said Henman. “None of the operations people want to hear that. They don’t want to see three pages of calculations. They want your recommendations.”
The risk manager is often also unfairly labeled as someone who impedes progress. “‘We can’t do that’ is the mantra operations hears from risk management,” said Henman. “They are seen as roadblocks, not strategists.”
If you want to show that you are capable of that type of strategic thinking, it starts with knowing how to reach your audience. The author of Landing in the Executive Chair, Henman recommends starting with your punch line. “Lead with your recommendation,” she said. “If they have questions beyond that, they can ask them.”
Martin agrees. He sees risk managers as weak in areas that are integral to building a relationship with the C-suite. He advocates investing in negotiation, communication and public speaking training. “You have to be able to get in front of your audience and deliver your message,” said Martin.
That echoes Henman’s other contention with the typical approach: risk management adheres too closely to the Golden Rule. “They present information as they would want it presented to them,” she said. Instead, adopt what has become known as the Platinum Rule: treat others the way they like to be treated.
Searle agrees that risk management is not attuned to its audience. She says that “many risk managers are clueless” about the executives they’re reporting to. It is critical to know whether the executive is, for example, strategic-minded, arrogant or data driven. If you do not know what types of appeals will motivate the chief executive, you may as well be going into every meeting like it is a blind date. “I’ve seen more things go wrong on that basis than on any other,” said Searle.
Developing the Relationship
Risk managers must be able to deliver a focused message towards what Searle calls the three things executives will respond to: revenue, reputation and regulators. Recommendations concerning revenue, for obvious reasons, are the ones most CEOs are likely heed.
“Reputation is something they wave off,” said Searle. “If you have executives with a particular mind-set, such as being smarter than the competition, they’re not going to believe anything can happen to their reputation.”
Both Searle and Henman advocate risk management leveraging executive profile knowledge to become more a part of the strategic planning team. Historically, it has never been the norm for those in risk management to think of themselves as team participants, but it is a better fit than either they or their CEOs may realize. Yet, oftentimes risk managers, by the virtue of their own behavior, lump themselves into the category of overseers and wind up being viewed similarly to human resources and legal professionals: as consultants.
Henman coaches risk managers to break that type of thinking both internally and externally. She said risk management needs to get its seat at the table through strategic thinking. “You have to join the strategy team,” she said. “Instead of saying ‘We can’t do that’, say ‘We can do that if…’”
Another key move is breaking away from the image of risk managers being strictly insurance people. Henman believes that only then will risk management’s true value shine through.
One technique to prove your worth is to get involved at the start of a new construction project. “When going into a new area, the risk manager can say ‘OK, before we go forward, let’s find out what the land acquisition requirements are,’” said Henman. “That’s not insurance—that’s having information ahead of time.”
Becoming partners with various business unit heads is another great way to gain credibility. How do you do so? Just ask for the invitation. Head straight for the decision maker—not the project manager—and ask to be included at the onset of projects.
By approaching the decision maker and showing how the results could have been different on the last project, risk management can garner that coveted invitation in the beginning of the process.“It makes a big difference to be seen outside your area,” said Searle. “And adding value to a project is the easiest way to demonstrate the value of the risk management process or function. Not as a monitor, but as a participant.”
Searle suggests that risk managers set up sessions with various business unit directors and listen to their challenges concerning risks. From there, they will have more confidence in you to present something that represents the actual conditions in their business unit. “Risk management gets dismissed on a lot of reports,” said Searle, “because there’s a sense that risk management doesn’t know them [and] hasn’t been near the business.”
There is another way to impress the company’s decision makers: with your information. Sometimes the knowledge that has been collected by the risk management team has a business value as well as a risk value. Searle, for example, made a discovery in her last position that proved critical to the C-suite. The software Searle and her team had designed as a repository to hold all the business processes and detail their criticality was unique. Her superiors did not have any data approaching hers in terms of comprehensiveness. And it was only when she showed it to them that they realized how large of an asset it was. “We were holding the only business process inventory in the company,” said Searle.
The fact is that most executives are not used to thinking of risk management as having a value to the company. Risk managers tend to be painted as activity people who are inserting accountability only late in the game. The operations team gets locked in to its own process of winning the client, conducting the assessments and only bringing risk management in during the last inning. To them, risk management has always existed to help you check your work, not do it. “You’re up against the ‘We’ve always done it this way’ mentality,” said Henman.
Risk managers cannot expect that long-standing mind-set to change by itself. They have to change it. Henman believes the best way to rise to the top is to talk money. With risk management entrenched in the role of being the ones plugging the holes in the boat, it is a matter of switching perspective. “Change is key,” said Henman, adding that risk managers cannot increase their standing in the organization if they “forever stay a roadblock to success.” They need to focus on increasing revenue, not just protecting it.
“Risk management has been bottom-line oriented, and that’s their own fault,” said Henman. “The difference is they have to be top line. They have to be the growth strategists and only then will they get invited to the party.”
Benefits to Risk Management
For risk managers willing to extend into new areas and become participants in the planning stages, the benefits are worth it. Financial gain is probably the most attractive benefit. Everybody wants a raise.
But Henman suggests that it goes beyond that. She tells risk managers to examine prior initiatives in which their department was not involved and apply risk management principles throughout the projects’ life cycles. Showing how much revenue could have been saved or earned is a great way to justify one’s own financial bonus. Her suggestion: show how much the operations people are receiving as bonuses based on the results they bring in, and ask for the same.
“Right now, risk managers are getting paid for activity,” said Henman. “Activity is not results. When you get results and you play a role in the company making or saving money, you’re taken more seriously.”
Plus, by making oneself an invaluable asset, risk managers can position themselves as that one person whose role in the company is critical for success. “You make them money,” she said, “therefore you’re that unique risk manager they’ve not run into before who keeps a top-line orientation.”