The role of risk managers and risk management in general has evolved significantly over the past few years. For many years, strategic planning and risk management processes have been separate exercises carried out by different departments. The key to success and business growth is to have the sometimes difficult discussions needed to make strategic decisions, considering all the risks involved.
Historically, the risk manager has been viewed as the ‘owner’ of risk and the risk management process. To my mind, the real superpowers a super-hero risk manager should have include the following: the ability to get business to have the necessary difficult discussions and integrate the risk management process in all decision-making; to persuade business to take responsibility for the management of risk; and have leadership drive the right risk culture.
In order for risk managers to add value and play the role intended, risk management needs to shift from a ‘compliance tick-the-box’ exercise to an essential and integrated part of business in an organisation.
Protean Business Solutions asked Alicia Swart, Executive Manager: Governance, Monitoring and Assurance at Transnet, to share her insights regarding how risk managers can create intelligent links between expected certainty and undefined uncertainty.
Her view is as follows:
“While not all risk managers look like superheroes, they can provide a business filter that creates intelligent connections between uncertainties and objectives.
Although not everyone can be a superhero, if your organisation strives for a collaborative approach to risk management, you can develop the superpowers needed to create organisational success in an uncertain business environment. “
Today’s business platform is vastly different to how it was 50 years ago. Products and services are completely different as client profiles and preferences have changed. Our technology platforms are incomparable, as is our interpretation of success. In addition, the internal and external environment of organisations is changing faster than ever.
It is not all doom and gloom for those of us who are averse to change. Some things remain the same; we still need to grow business, optimise cost base and provide shareholder value. This means that executives need to adopt a systemic perspective in order to get to a predetermined goal without having sight of what the future solution looks like and within an environment that is changing as fast as one can allow one’s mind to comprehend. Simply put, executives need to know ‘what must happen’ and they need to navigate through ‘what might happen’ at the right time and place.
ISO 31 000 defines a risk as “the effect of uncertainty on objectives”. This definition implies that there are two key components to risk management: understanding and defining the objectives and core direction of the organisation on the one hand, and understanding uncertainties that matter on the other. I believe that these two elements should be equal partners and an integrated focus should be applied to support today’s executives on their journey to success.
What executives need is high-tech James Bond viewing glasses that create intelligent links between expected certainty and undefined uncertainty. They should provide an executive summary that indicates viable solutions, eliminating the less appropriate ones and suggesting the best way to succeed.
My question is: does risk management currently enhance your strategy?
This is not the case in most organisations. Risk is not integrated into the strategic process and is often carried out as an afterthought. It gets reported at the correct governance levels and all the correct boxes are checked, but no strategic benefits have been achieved. The solution required to create strategic benefits lies in the ability of executives and risk managers to reframe. Executives should create a platform to leverage from their risk managers’ skills and ensure that they are part of the strategic process from day one. If they are part of the ‘what must happen’ conversations, they will be better equipped to evaluate uncertainties that matter and create intelligent links aligned with the organisation’s direction.
Risk managers should evaluate the core principle of why they exist. Contrary to belief, it is not as an assurance afterthought or to be a very intelligent risk register administrator.
We exist to help management make proactive informed decisions.
I think that we sometimes lose sight of this principle and get stuck in establishing the risk framework. We hide behind being an assurance provider and do not take up the role as a strategic management partner. As risk managers, we have a unique set of skills to understand and connect uncertainty. Let’s make sure that this ability does not get lost in the columns of a risk register. Push yourself to create executive viewing glasses that add intelligence into a dynamic and uncertain strategic environment.
I have always liked the concept of Batman and Robin. Having a trusted risk management sidekick is never a bad thing.