Eamonn Cunningham, former chief risk officer at Scentre Group and Westfield, suggests that risk managers themselves are often to blame for a board’s indifference to them
Many risk managers can find the answer to the question of why they are being ignored by their board in one place: the mirror. It all starts with the risk manager taking a hard look on how they conduct themselves. If you feel you cannot change then you are probably in the wrong profession.
This lack of meaningful engagement means that something of great value is being left off the table. For those boards who are not listening to their risk managers, they are missing a major opportunity to bring in another dimension to the successful running of the organisation. If you simply put risk management in the same bucket with governance and compliance, then you are dumbing down the innate value to be derived from a risk management system. Even for those risk managers who have a more open dialogue with the board, if the underlying motivation is mere compliance box-ticking, then the quality of the conversation will invariably be stymied. Consequently, the real value that the risk manager can bring to the table is never explored, simply not factored into the conversation.
So how does a risk manager turn this situation around? It all starts with the language the risk manager uses and the alliances they form. They need to engineer those small wins as they will be the catalyst for greater opportunities for the risk manager to shine and demonstrate the value add they can bring to the organisation. They must seek out these opportunities and have a commercially focussed, mature level dialogue with board members – particularly the chairman of the board’s risk management committee, if there is one.
Risk managers have to manufacture ways they can get in front of the board. They can do this by seeking out those who are on-side about risk, perhaps even risk champions, within the board who will help them. Some of the board may well be predisposed to the concept of risk and the risk manager needs to be alert to pick-up on those signals. If the road block is the CEO or the CFO, you simply must speak their language i.e. commerce and convince them of the value you and the risk management system are able to bring to the table. In making an argument to the board, it must be done in a compelling way. I truly believe that if the board is convinced by the relevancy of a risk argument and the value the risk manager is talking about, then they will not ignore them. The smart CEO could also do worse than putting the risk manager, provided they have the ability to articulate a compelling case, in front of the board to begin with.
Fundamentally risk managers must change their language and not automatically use that infamous ‘no’ word when they are asked for their opinion and indeed support. They can start this process by engaging with colleagues and saying, “let’s figure out how we can make this work from a risk management point-of-view too”. Suddenly, those colleagues pick up that they are now listening to a different language from the risk manager, compared to what they have heard in the past. They will then go back to the CFO and say that the risk manager is really helping them bring something to market that will work, but will at the same time also have the downside protected. It might also enable that colleague to be braver about their venture. You need these types of referrals which echo risk management’s relevance and its ability to add value. These will demonstrate to senior management and ultimately get the attention of the board; the realisation of exactly what risk management can deliver for the benefit of the enterprise.
A risk manager might want to start this process in an operational area like occupational health and safety, as everyone will always give that airtime. Watch your language and get those initial quick wins. Then using enterprise risk management concepts, move into other risk areas. Repeatedly emphasise notions such as striving for that optimal balance between risk and reward. You then should get colleagues saying “tell me more about that” and suddenly you have a set of people keen to talk about risk. Overall, risk managers must change the view people have of them from control to value-add. This will open a pathway to a more constructive risk management related conversation with and within the board.