Understanding and communication key to board engagement

Like many risk specialists, Daniel San Millán del Rio (pictured), risk manager at Spanish infrastructure giant Ferrovial, is in no doubt about the most important step to making an organisation risk-aware and resilient. “You have to convince the board first,” he says. “If you go down to the shop floor without enough support from the board, you are dead.”

But the process of persuading the top table to take risk management seriously is often far from straightforward. Attempts to engage with hostile board members can be frustrating – seemingly almost impossible. This is often a result of the board’s suspicions about what is, in many cases, a relatively new function in many businesses. 

Further, the situation is frequently made worse by fundamental differences in outlook between the two sides.

“There certainly is a problem between the board and the risk function,” says Michael Mainelli, executive chairman of commercial thinktank Z/Yen and emeritus professor of commerce at Gresham College, London. 

“The board is dominated by the financial statements. Two characteristics of the financial statements are that they are backward-looking and they use discrete, single numbers. Risk is forward-looking and deals with clouds of probabilities. Within firms, there is almost always a similar tension between the finance function and sales. Sales people look to the future and can accept the uncertainty of wide ranges of possible outcomes. Finance wants a single confirmed number.”

This tension can be exacerbated by the way risk managers talk to the board. International corporate governance and board development consultant and visiting professor at Cass Business School Bob Garratt says: “Risk managers tend to try and make their reports more serious by using a lot of mathematics. They are getting themselves into the unfortunate situation that many economists have got themselves in: an over-reliance on maths at the expense of looking at the irrational, human aspects of their business.

“You can begin to convince yourself that risk management is a science and it’s not. There are no irrefutable laws. It’s all about interpretation – and this can change. The world changes.” 

Common purpose

In a shifting and often confusing economic landscape, finding a common purpose is essential. Boards need to understand that risk management is an essential ally, both in defining strategy and the business model. If the risk management team and the board members are doing their jobs properly, their functions should be closely aligned. 

Problems often arise when the board is not aware about how useful risk managers can be in developing strategy and interrogating the business model or when risk managers let themselves get bogged down in operational detail and fail to make themselves accessible to the board. 

“A lot of the risk problems companies have can be summarised as a lack of understanding by boards and a lack of communication by risk managers,” says Charles Baden-Fuller, centenary professor of strategy at Cass Business School.

This lack of understanding does not just make for a less efficient, less dynamic firm. It can have catastrophic ramifications. “Look at the banking crisis,” says Baden-Fuller. “Most people assumed the banks were doing commercial lending, but they were, to all intents and purposes, running hedge funds. 

“Before the crisis, most of the risk management functions of banks were designed to deal with commercial lending, not running a hedge fund and engaging in speculative activity. 

“This is a classic example of boards getting involved in a business model they didn’t understand, with risks that they didn’t understand and not communicating any of this to the risk management function.”

Another big problem is that board members are highly reluctant to get involved in operational details. So, if risk managers bring too much detail to board meetings, they risk alienating their superiors. 

“One of the cardinal rules for a board is that you don’t micromanage the executive from the boardroom table, and a lot of boards resent risk [managers] because they are always – or at least always seem to – drag the board members into detailed managerial decisions that are not their role,” says Garratt. This leads to a feeling of resentment towards risk management, which is perhaps one of the most consistent problems in Europe when it comes to securing board-level engagement with the profession. 

Although risk managers have developed their practice – and it is rare to find anyone in a corporate risk environment who doesn’t understand the importance of communicating their value upwards – that message is not always getting through.

Colin Coulson-Thomas, professor at the University of Greenwich and a director and member of ACCA’s governance, risk and performance global forum, sums up the problem. “Many risk managers are just seen as negative and an overhead cost – people who are risk-averse, people who hold things up, people who report problems and bring bad news,” he says. 

“In some circles they have a terrible reputation. But by becoming more active, risk managers can become much more vital to an organisation. By putting together solutions, they could change how they are perceived.” 

Getting noticed

To get the attention of the board, risk managers need to make sure that what they are doing is not just about processes and checklists; it is about what’s going on in particular areas, as well as on the frontline. 

“This doesn’t mean top-down micro management. It just means giving people the right tools and helping them,” says Coulson-Thomas. “It’s what I call ‘new leadership’ – getting away from the top-down planning and putting more emphasis on bottom-up support.”

More important, however, the board must understand that just having a risk management function in place should not amount to the totality of their approach to risk. They need to fully engage and use the talent they have and risk managers need to communicate this.

“There’s a danger that by creating a risk management function and having people with the job titles and responsibilities,  [the board] can take its eye off the ball and think things are covered,” says Coulson-Thomas. “What you really need is everyone in the company thinking about risk – particularly those on the frontline and in certain work groups.”

It is the responsibility of the risk management team to make sure this takes place.

“So much is happening so fast and our job is to make sense of it all and to put it into a form that will enable managers to make decisions,” says Adrian Clements, general manager for asset risk management at multinational steel manufacturer ArcelorMittal. 

“We need to create the point of conversation and negotiation between everyone in the business, so that we can respond to risk together,” he adds. “All too often, the gap between the boardroom and the shopfloor is getting wider and wider. We need to close that gap.”

Coulson-Thomas says: “Risk management needs to detach itself from reporting and attach itself to ways of helping their organisation to respond in a flash. Potentially, this is a massive opportunity. Risk managers have a strategic opportunity to put themselves into a great position.”