A structural and sustainable process

What is your take on risk management today and what could change or improve?

The reputation of risk management should be on the same level as other group functions. We are a big company of almost 80,000 employees in 80 countries and more than 400 individual entities. Our risk management approach is practical, hands-on and implemented across the group. My perception is that I have the same reputation as other group functions when I talk about insurance management. But when it comes to risk management, there is still some way to go.

If you had the power to change risk management, what would you do?

It’s about the level of awareness and identifying what falls under ‘risk management’. Management take a lot of decisions that are directly linked to risk management. But they may not be aware that risk management is part of what they’re doing. Risk information has unconsciously influenced their business or strategic decisions.

If you were to write a risk manifesto, what would be your number one point?

The top point would be the organisational positioning of risk management which should be clear and transparent and that roles and responsibilities should be clearly communicated. An important success factor in that regard is trustful efficient and effective communication and interlink with other risk management functions such as corporate safety, quality, compliance and IT. Existing policies and procedures are supporting this communication and are really playing an active part in influencing business decisions.

What is your view of risk management operating models?

They’re a good starting point to identify potential risks. But more important is lifting risk a bit higher within the corporate structure. I started with being responsible for corporate insurance management and risk management was added 10 years ago. We developed a good and efficient enterprise risk management process that suits well with our decentralized organizational structure.

Do board level executives underestimate the value of risk management?

No, I don’t think they underestimate the value, as they are always considering risks and risk management when making decisions. What’s sometimes missing is a structural and sustainable process. We have around 400 companies in the group. Most of them have their own risk inventory, with an assessment of the main risks, the amount and the measures in place. The risk manager is the owner of the process but not the owner of the risk inventories. The output of this risk reporting, needs to be used in order to support business decisions in a more structured way.

Would risk management benefit from a rebrand?

I don’t have an idea of what it could be rebranded to and maybe there is not really a need. If you are able to convince stakeholders with your actions, it doesn’t matter under what brand you do it. The challenge in our function is to make the additional business value more transparent. Where and in what way are we able to support the business to make more risk-based decisions in the structured and well reported way.

Would you like to change the name ‘risk manager’?

It’s not the job title, it’s whether you are a hinderer or an enabler in your organisation. Do you walk into the room and they say, ‘oh no, here’s the risk manager coming,’ or ‘thank goodness it’s the risk manager, he’s helping us,’? This is very important. What we have been able to achieve within our group is that whenever people and top management are talking about risk and insurance management they see us as a valuable resource.