A new executive report from RIMS can help risk managers gain the ear of the CEO, and the trust of the board, and ultimately ensure that their risk management programs are strategic 

 A misalignment between culture and strategy is the biggest barrier to effective risk management, according to a new executive report from RIMS.

The report explores opportunities for risk leaders to overcome hurdles and build a strategic risk function that addresses both internal and external threats.

RIMS report

“When it comes to managing risks, time is of the essence and attitude is everything,” the report states. “With the right mindset and through effective collaboration and due diligence, risk leaders will be able to keep pace with the changing dynamics of business environments. 

”These improved synergies will allow organisations to sharpen their focus on risk and resilience, build a robust risk culture and transform their traditional risk function into a strategic risk function.”

The report includes a case study shared by Max Life Insurance’s risk management team and is broken into three sections that cover:

1) Assessing the disposition of the CEO toward risk management

The authors argue that risk transformation will never be fully successful if the CRO does not have the ear of the CEO.

This means CROs need to work toward forging an excellent working relationship with the CEO so that their views about risks get adequate attention.

RIMS recommends four strategies to help strengthen this relationship, each of which is detailed with examples within the report. The key areas are:

  1. Communicating through practical and relevant content
  2. Embarking on an “Awareness to Action” journey
  3. Addressing tail risks, for instance through workshops
  4. Fostering transparency with the board

2) Assessing the disposition of the board and executive management toward risk management

It is often assumed that once an organisation adopts an enterprise-wide risk management program and fosters a risk-aware culture, issues will be resolved on their own.

However, CROs will need to work with the board and the executive management team to effectively implement the program.

RIMS says CROs can play a big role here and “serve as a bridge to build the right risk culture within an organisation and enhance risk management appreciation across the company”. 

The associations’s key questions to ask include:

  • Do you want to build a risk management department or a risk monitoring department?
  • Which areas in your business require CRO involvement?
  • What is being done to manage key strategic risks?
  • How is senior management rewarded for performance?
  • What is the budgetary outlay to achieve the objective of transforming the risk function as it has implications of staffing?

3) Practical insights on how to transform the risk function

After assessing the disposition of the CEO, the executive leaders and the board and examining the associated challenges, RIMS recommends essential steps for transforming the risk function into a strategic risk function.

These include:

  • how to achieve integration and collaboration across key risk areas
  • strategies for transitioning from reactive to proactive risk management
  • appreciation and implementation of risk metrics
  • how to build a favorable risk culture with the right talent

The report concludes: “The COVID-19 pandemic underlined the importance of having a robust risk culture to deal with emerging risks and changing work practices. The accelerated adoption of technology has further necessitated an evolved approach to risk management.

“Risk leaders need to respond quickly and effectively in this highly volatile business environment. While understanding the purpose of the risk function, they need to look into various other related aspects to address the unique challenges of risk management.

”They need to ensure effective decision-making at the C-level to enable enterprise-wide resilience.

”It is unfair to put the burden of developing a comprehensive view of risk exposure on CROs alone. It is imperative for business functions to engage with the corporate risk function and collaborate to offer the required strategic and operational support.

“Effective integration of risk assessments is the key to ensuring efficiencies and control improvements in a complex business ecosystem.”

The “Building a Strategic Risk Function” is exclusively available to RIMS members for the next 60 days at the RIMS Risk Knowledge library.