Our industry is still misunderstood, says Risk-!n co-founder Stéphane Martin. We need to push the ‘manage’ into risk management

Risk management has been wrongly sold for far too long, according to Stéphane Martin, CEO of Smart Risk Consulting and Co-Founder of Risk-!n.

This is because most risk managers don’t actually manage risks, they report them and this is at the heart of the profession’s struggle to receive and maintain attention.

“I personally feel that the reason we are still not at the right level on risk management is because, globally, risk management is a job and not a competence,” he says. “It has been wrongly sold for decades and seen as compliance exercise.

“Many of the risk managers that we know are in fact risk reporting managers.”

He offers a handful of examples of well-known risk professionals who have the ear of the board of directors, but notes these are few and far between.

The problem is that most senior executives are not trained in risk management and so there is too much of a disconnect, says Martin. Moreover, the risk management function is still seen as cost centre by many organisations’ decision makers.

“I know very few risk managers who have access to the highest level of the organisation. That’s because it is a job and not a competency.

“You are requested to report risk, but what you want is managers to be trained so that they can act. We want risk managers to be operational people.”

Learning by doing

Like most risk professionals, Martin fell into risk management. The first eight years of his career were in sales and marketing, and then by chance he was hired as a risk manager for steel producer Arcelor’s business.

“At the time I knew nothing about risk management, but this organisation was looking for a practical guy,” he explains. “I started then to train myself by doing IRM courses and learning by doing.”

He was later sent to Arcelors headquarters in Luxembourg to take on a more sizable chunk of the organisation’s risk management. In 2006, when the firm was bought out by Mittal Steel and - becoming Arcelor Mittal - Martin’s job survived the acquisition process and he went from strength to strength. 

In 2009 he was headhunted to work for agricultural science and technology firm Syngenta, based in Basel, Switzerland. Here he held three different roles: corporate risk manager, European risk manager and latterly, head of production and supply risk management.

In 2015, Martin decided it was time to take the plunge and pursue an independent career in risk management consulting.

He has since advised an impressive array of global organisations, including pharmaceutical giants Roche, Novartis, Takeda, Ferring, Swiss construction firm Implenia AG and the International Trade Centre.

Within the risk management community, he is perhaps best known for co-founding the Risk-!n conference in 2018 with friend and associate Antoine Lacombe.

He is extremely proud of his role in creating one of the biggest highlights in the calendars of European risk managers.

Bridge, don’t break silos

Risk-!n’s mantra is all about “bridging”, rather than breaking down, silos. It is this positive, collaborative energy that has been missing from risk management for too long, thinks Martin.

Bridging the gap requires certain skillsets, including the ability to listen and communicate. It also requires budget to be put towards training managers across the organisation so that “every manager is a risk manager”.

“We need to hire people who are able to facilitate both the risk analysis and the continuity and resilience aspects. It’s about connecting with IT, legal, communications and HR among others.

”That’s why at Risk-!N we talk about resilience, insurance and risk? Whether you are the head of IT, head of insurance or the head of legal, all these guys need to be talking together. You need to understand what your neighbour is doing, in order to better help him manage his risks.”

Too many organisations have got five different risk tools in use by different departments that are not talking to one another, he explains.

Changing this and understanding that risk management, business continuity and resilience are all part of the same chain is critical to tackling some of business and society’s biggest challenges.

Perhaps controversially, Martin does not think the risk landscape has fundamentally changed. As he points out, wars and natural catastrophes occur in different parts of the globe every year. It’s just that sometimes they happen closer to home or are more noticeable in the size of the impact.

Even pandemic was on the risk register for many years and it doesn’t wash when people say, ‘But that was COVID’. For Martin, all it tells him is that the organisation in question, wasn’t adequately prepared.

Tackling risk in a digital age

In a more digital and interconnected world, cyber risk remains a perennial challenge.

“This year at Risk-!n we looked at the evolution of hacking mechanisms and the increased target base. Security processes are not yet fully coordinated with their neighbouring IT processes. We see a number of organisations still splitting risk mechanisms this way.”

“All four aspects - the security of people, products, information and assets - need to be looked at from different lenses, and one of those is IT. So cyber security will still be a hot topic because we still don’t really understand it and it’s very diverse.”

Resilience was a natural segue on from the discussions about cyber risk and security at Risk-!n. Here Martin is starting to see encouraging signs that organisations are approaching the topic with a greater level of maturity.

“It is far more proactive than in the past, we talk about company resilience, process resilience and people resilience. The distinction with crisis management still has to be reinforced but it is progressing in the right direction,” he says.

The profile will be published in full in the Q2 2022 edition of StrategicRISK