“I look after strategic risk and you look after operational risk”. When you place risk management into categories, you stop performing ERM and prevent yourself from helping the board make risk-intelligent decisions. Here’s Sarah Gordon’s (chief executive of Satarla) take on #ChangingRisk and influencing decision-making
In what way does risk management need to change?
Sarah Gordon, CEO, Satarla
Lots of risk management processes are focused on identifying risks, rather than understanding the context in which those risks exist. This is one of the biggest things that needs to change.
Traditional ERM uses lots of categories, for example, “principal risks”, but everything is interlinked and the most salient risks change depending on what’s going on in the broader world. Viewing risks as being an interconnected network rather than a series of silos or buckets, that’s a transition that is quite vital.
And the chief risk officer needs to be able push back against the CEO every so often, so it’s important to make sure they really do have that platform.
If the most senior risk person is buried somewhere within, say finance or sustainability or if there are areas of risk that are ringfenced, that then inhibits their ability to make true organisation-wide, risk-based decisions. They are always going to miss something if they don’t have that full remit.
What challenges that make it difficult for risk managers to make the transition you describe?
In many industries there is still a huge emphasis on compliance and lots of regulations that need to be met. Due to breaches of these areas of compliance potentially leading to fines or a loss of license to operate, they are generally done first, rather than stepping back and challenging a series of objectives.
Another challenge is that lots of people have an expectation around what risk management is, and sometimes the risk managers are forced into those boxes. That can hold the risk manager back, rather than enabling them to evolve within the organisation or mature.
The final challenge is the silo mentality. Lots of organisations still have people who say: “well I look after strategic risk, and somebody else looks after operational risk”. As soon as you start putting those categories in place, you are not doing enterprise risk management.
For us to truly manage risk, we need to transcend that categorisation and be nimble and dynamic and see the world for the kind of interconnected series of scenarios that it really is.
How can risk management can help leadership teams make better decisions?
Risk management is all about balancing opportunities and threats, especially at C-Suite level, and it becomes especially important when the world becomes even more uncertain.
Organisations need to be able to say: “okay, we don’t have all of the data, but we need to make a decision in order to move forward, bearing in mind that even deciding to do nothing is a decision.”
For example, if you’re a construction or a mining company your most important value is probably something to do with safety. But one of your objectives is probably going to be along the lines of making money for shareholders.
You need to balance those and there will be situations where the values and objectives are in direct conflict and you need to choose which is more important. Risk management allows you to step back and get to that decision point more quickly.
What can risk managers do to help the board make risk-intelligent decisions?
The simple way of doing it is to make those senior decision makers think it’s all their idea. You don’t need to say to them that they are doing risk management, in fact you don’t use any risk terminology.
If you’re in an organisation where risk management is mature and people understand it’s there to aid decision making as a whole, then it’s much easier, because you can just use normal risk terminology.
In an organisation where maturity levels are low then it’s a case of examining what language people are using when they are trying to make these kinds of decisions, and what techniques they use normally use.
Those techniques or terminology might not be called ‘risk management’ but you can use them to get people into that decision-making state and that’s a shortcut to influencing those senior leaders.
It can be tough because people think risk management is just about health and safety, or financial risks and regulations. In those organisations you need to find other avenues, and a way of doing that is by picking up a case study or something that happened to a competitor and asking what could impact on us here.
You’re conducting a training session on decision-making. What can risk managers get from your session that they won’t get elsewhere?
Everybody talks about dynamic risk management but it’s really difficult to do.
When risks change, you need to know how to a) recognise that shift, and then b) influence the decisions so that you can take advantage of opportunities that have opened up or try and proactively manage threats.
It’s the dynamic recognition of changing risks but then also the ability to instigate decision making as fast as possible so that you truly get that competitor advantage ahead of people in your market space.
Using risk management to influence decisions
Sarah Gordon will be leading a training session on influencing decision-making
The standard approach to risk management has evolved in recent years, with the use of modern computing power to help us challenge our human-based assumptions, together with concepts such as risk appetite and tolerance to help drive the risk culture we desire within our organisations.
This workshop explores the latest developments in key aspects of risk management required by a senior leader.
- · How to challenge your organisation’s risk profile: what should you expect from the risk committee meeting?
- · What is risk appetite and tolerance: how do you get it to be meaningful within your organisation?
- · Building a risk culture: how does this differ from an organisational culture?
- · Range of relevant case studies from sectors such as aerospace, construction, charities, governments, natural resources and finance.
WHEN: Thursday 26 September, 9:00-17:00
WHERE: 52 Horseferry Rd, Westminster, London SW1P 2AF