During 13 years in risk management, Frédéric Desitter has gone from being perceived as a ‘messenger of doom’ to being an indispensable part of Aéroports de Paris’ operations

For a time, back in the 1990s and 2000s, Frédéric Desitter was something of a risk management missionary. Spearheading the 12-strong French risk management consulting team at UK-based Euro Log, it was his task to promote the discipline within many of France’s largest companies. “At that time, risk management in France was not as widespread as it was in the UK. It was something new, and promoting it within companies was quite a challenge, but also very interesting.”

To speak to Desitter now, it seems clear that the challenge has been overcome. Since 2008 he has been the chief risk officer of Aéroports de Paris, which owns and operates three Parisian airports: continental Europe’s number one hub, Charles de Gaulle; France’s number two airport, Orly; and the mainly business aviation centre, Le Bourget.

Far from the missionary days of the 1990s, risk management has become integral to the airport operator’s business model: Desitter was hired directly by Aéroports de Paris chief executive Pierre Graff and given a strong mandate from the top to put systems in place. But it has not been an overnight transformation. As Desitter says, risk management is “a step-by-step process”. Here, he talks us through some of the crucial steps he has taken on the way …

Man on a mission

“My background helps me,” says Desitter. “I’ve been directly involved in operations for many years and worked on some major international projects as a risk manager.” After graduating from France’s prestigious Essec business school in Paris with an MBA and starting his career in a number of operational jobs and corporate functions, Desitter spent seven years from 1997 as a consultant with Euro Log. There he worked with a range of businesses throughout France, including the nation’s railway (SNCF), oil multinational Total and energy giant EDF.

In all his 13 years in the field, the experience that has stuck with him most is when he was helping to develop offshore oil drilling platforms for Total in Angola. Desitter was responsible for putting in place risk management procedures to help secure several massive floating oil platforms off the coast of the south-central African country. Each project was worth upwards of $5bn (€3.67bn), with drills operating at sub-sea depths of 1,300m (BP’s disastrous Macondo oil well in the Gulf of Mexico operated at roughly the same depth). These projects, he says, were among the world’s first in such severe environments and the pioneering engineering work was shrouded in risk. Safety was obviously a serious concern, as was making sure the equipment could keep going.

But one of the biggest difficulties to be overcome, he recalls, was procuring the huge quantities of steel required to construct the oil pipes and platforms at a reasonable price. Then, just as today, a booming construction industry in China was fuelling a huge spike in steel prices, which meant that Total’s suppliers were breaching their contracts in order to sell at a much higher price elsewhere.

Desitter implemented risk management procedures that became the company standard and which were spun out to Total’s many contractors all over the world. “I made sure that the contractors on these projects, ranging from Norway to Korea, used the same risk management system. There was a lot of training involved and embedding the culture of risk management.”

Trying to formalise the procedures as part of the company culture was the most challenging part of it, he says. “At Total, they used to call me the messenger of doom.” But by the end of it, he says, “they looked forward to our meetings”. “I was able to show the businesses that proper risk management allowed them to control the project and fulfil their company’s objectives.”

Desitter also used Monte Carlo simulations to show that in the long term it was cheaper for the company to invest in maintenance rather than wait for something to go wrong. By linking risk management with real financials in this way, he was able to win support for it.

Landing at Aéroports de Paris

In 2008, following four years with the infrastructure company Alstom, where he worked on projects all over Paris, Desitter joined Aéroports de Paris. The organisation is responsible for developing and managing the airport installations in France’s capital city (but not air traffic control or the flights themselves).

“We are a single point in a very complex chain, which is the overall airport system. That’s a challenge,” he says. Airports are, of course, risky operations: there are all the huge operational challenges of moving thousands of people safely around the world every day (Charles de Gaulle handles more than 60 million passengers a year), combined with the serious technical issues related to the hi-tech equipment. And there’s the added pressure that airports are critical aspects of infrastructure, with international significance, which also happen to be the favoured targets of attention-grabbing terrorists.

And yet when Desitter came on board, even though risk management was an intrinsic part of the way Aéroports de Paris operated, the company had no dedicated risk management department. Desitter was hired by Graff to design a systematic and structured approach, or enterprise risk management (ERM) system. “It was the will of the chief executive to put in place an ERM system,” he says. “I designed and produced the first risk map and presented this to the chief executive and to the board. I am also responsible for developing the company’s risk culture.”

In all, Desitter leads a team of 25 people, who deal with: ERM (including the crisis management division and business continuity); information security; global security (reflecting the vital role that the airports play in France’s critical infrastructure); and fire prevention.

A change of approach

A few years into the job, Desitter is helping different business units to create their own risk maps. At the moment he is working on one for Charles de Gaulle airport. “We have moved from a top-down to a bottom-up approach,” he says. He has a network of 30 risk co-ordinators across the business who champion risk management at a grass-roots level and take ownership of it. “The risk owner is in charge of defining the risk and deciding on the right actions. My role as CRO is to facilitate that, along with the co-ordinators, and to make sure that things are done properly.”

“One of the keys to risk management is transparency,” he says. “You need to be able to explain how risk management will help the business to reach its operational or strategic objectives.”

The next step is to link risk management with the decision-making process. “When we work on a new investment, part of the process is to show what risks this new project will mitigate and what risks it will generate for the business. Then you invest most of your risk management efforts where the risk is highest.”

Even with a clear mandate from the top, you still have to sell risk management within your business, says Desitter, and how you do that depends on the audience you are communicating with. “You can sell it at the top by saying it gives a clear vision of the risks and issues at a strategic level. It helps the company’s decision-making process and it helps to anticipate problems before they arise, because it’s more easy to step back and see what the long-term risks are. It is a strong management tool to make sure the company fulfils its objectives.”

But it is tough to get people lower down the organisation to admit where the problems are within their area if they think they are going to get the blame. “That’s why you need to promote a blame-free culture on risk issues,” says Desitter. And, he adds, you need to find concrete examples to help you get people on side. “You have to be able to show people that the time and money they invest in risk management is actually worth it because it really will make their life easier and clients happier, which in our case means the passengers and airlines. You need to take a gradual approach.”

So what does he think others can learn from Aéroports de Paris? “Here we are very operational. We manage risks because we need to for security and it is a good thing to do for the business. I think the trick is to go from something that is centred around compliance to something more dynamic and operational, which is used to improve the overall performance of the company.” SR

Key to success

01: Always link risk management with the business’s strategic objectives

02: Make sure your company is not just doing risk management because it is told to do so by regulators

03: Even with a clear mandate from the top, you have to be able to sell the benefits of risk management at all levels of the business

04: Use concrete examples to help show how risk management makes life easier and clients happier

05: Risk management is a step-by-step process: don’t set your goals too high