By Berenice Francis, IRMSA EXCO, Second Vice President
In a previous column, a colleague spoke about the difference between managing risk and being a risk manager, and the remarks that managers make when asked if and how they are managing risk. A couple of thoughts immediately came to mind. One of the biggest and the most frustrating in my experience is how often I hear a risk manager saying “I only manage the process and the risk management is the business role.” My response to that would be that whilst I agree that a core function of a risk manger is the establishment of a framework, process and communication of business risks I also believe that this very statement lies in the heart of why we as a profession find it difficult to get management buy in to the processes we are responsible for.
How often do we see risk registers that are only looked at by management once a year, or risk registers with continuous red residual risks highlighted, or risk managers so intent on completing their processes that they are isolated from operations or kept as a purely compliance function.
Do we as risk managers ever have actual conversations with line managers outside of risk workshops or risk committees, or are our interactions more along the lines of a quick in and out to get the register complete.
Ask yourself a couple of questions:
- How well do you understand your current business model?
- Are there particular market forces or dependencies which impact your business’ success?
- How do you keep abreast of the strategic thrust and operational heartbeat of your business?
- Have you established adequate communication channels to pick up business changes or emerging trends?
A big part of the process we are so proud of and sometimes hide behind is ensuring that as a risk managers we are in a position to question and steer management to ensure that the output of our processes make sense. This lends to the credibility of all the stakeholders involved, including our CEO, risk committee, board, accounting officers, etc. Risk registers are often in danger of being used as a political tool by those who shout the loudest about needing the most resources and not as the uncertainties radar screen it was intended.
Understanding the core of your business, it’s key drivers and the ability to speak on a strategic and operational level establishes your credibility to management. This philosophy can be adopted to all the environments we operate in whether it’s a big conglomerate, small family operation or government.
It also ensures that whilst you may not be the manager accountable for risk, you are a risk manager who understands what it takes to manage the risk and successfully meet business objectives.
This post has not been tagged.