Risk is often seen as a compliance chore, rather than a tool for strategic decision-making. At Risk-!n 2025, André Schneider and Philippe Hellich shared practical advice for risk managers looking to engage CEOs and boards more effectively.
What do CEOs really want from their risk functions – and how can risk professionals influence the top table when they’re not even in the room? These were the central questions explored during a StrategicRISK-chaired session at Risk-!n 2025.
The panel featured André Schneider, strategic consultant and former CEO of Geneva Airport, and Philippe Hellich, ESG governance expert at Risk & Trust. Drawing on their combined experience in executive leadership, infrastructure strategy, and board-level ESG integration, the two speakers offered a candid perspective on how risk managers can reposition themselves as strategic enablers rather than compliance gatekeepers.
Shift the mindset: from compliance to influence
For many risk managers, the most difficult barrier is not identifying risks but getting senior leadership to take them seriously. Schneider, whose background spans crisis management, aviation, and strategic consulting, argued that risk is often misunderstood at the top.
“Many of the CEOs look at it as a compliance exercise,” he said. “They just want to be sure when it goes to the board that there is little discussion and everything is waved through… They also want to be assured that they have no unwarranted surprises.”
This defensive stance limits the contribution of risk functions. Instead of being used to support better decision-making, risk becomes something to be ‘dealt with’ so it doesn’t interfere with business as usual. Schneider flipped that model. At Geneva Airport, he asked senior leaders to develop risk analyses for their own domains, in collaboration with the risk team, and present them to him directly.
“I wanted to have a discussion with them – what will actually influence in their strategy?” he said. The result wasn’t just improved risk visibility, but more thoughtful strategic planning. It also reinforced the principle that risk is not something that can be delegated.”
Reframe risk as a catalyst for strategic innovation
One of the most powerful roles a risk manager can play is to surface tensions that others would rather avoid. Schneider described the political and operational challenges Geneva Airport faced around aircraft noise and its licence to operate – a particularly sensitive issue given the airport’s public ownership and the growing pressure from environmental activists.
Rather than treating this risk as unmanageable, he used it to push for innovation. The airport introduced incentives for quieter aircraft and financial penalties for repeated late-night arrivals. Crucially, these changes were developed over time in collaboration with airlines and designed to reward behavioural change rather than simply punish non-compliance.
“It can inform and help you shape your future strategy in a much more intelligent way and actually addressing at the same time those risks, which actually going to be a challenge for your future existence,” he said.
Tailor your communication for executive impact
Even the best insights will fall flat if they are delivered in the wrong language. Risk professionals are often trained to think in terms of frameworks, registers, and heatmaps. But executives want clarity, not complexity. They are unlikely to engage with technical detail unless its relevance to strategy is clearly articulated.
Hellich, who has advised boards across sectors on ESG and enterprise risk, stressed the need to prioritise. “You need to come forward with the top priorities. It needs clarity. It needs to have foresight. So, you bring business insights, but you cannot to the CEO level or to the board, bring your list of 100 potential risks.”
Ground your work in business strategy
If risk teams want a seat at the strategy table, they need to demonstrate that they understand the business. But that can be difficult if the business itself is unclear about its priorities. Hellich recalled a previous role where there was no strategy department and only a vague company mission, making it hard to align risk work with broader goals.
“As surprising as it may be, I have the experience in one of the companies I worked for where the the strategy was not so clearly laid out,” he said. “There was no strategy department and the mission was not super clear. And it made my job very much more difficult to know what to pursue and what risks.”
Despite these challenges, risk professionals can often add value by identifying inconsistencies or blind spots in strategic planning.
For instance, at one company, Hellich used risk analysis to evaluate the availability of water resources across different regions. This led to differentiated strategies for bottled water brands – premium pricing for scarce sources and volume-based approaches where supply was more abundant.
Ensure risk has influence, not just presence
Positioning matters. Even when organisations say they value risk, that doesn’t always translate into influence. Schneider stressed that the reporting line for risk should reflect its strategic value.
“My approach was always for functions, which are important for the… strategic development of a company. I wanted to have them to report directly to me, because… they could input to me and I could guide them on what we are doing.”
Influence doesn’t always have to come from the top. In many organisations, particularly those with risk-averse or hierarchical cultures, it may be easier to start building momentum from elsewhere in the business. Risk teams can support operational leaders in surfacing difficult issues or securing resources for mitigation efforts.
“We help sometimes carry the bad news to the top management by helping operational teams to highlight risks that they may have. Some are not at ease to say that they don’t fully manage, and we can help them bring it forward… If they forget to speak to us, then they are also forgotten in the allocation of funds,” said Hellich.
Schneider also emphasised that risk ownership must remain with the business, not the risk team. “Too often I see risk management actually is also a transfer of ownership. You just say, actually it’s the risk manager’s job and he owns them and I don’t care anymore.”
Engage the board through relevance, not routine
Board oversight of risk is a regulatory requirement in many jurisdictions. But in practice, these discussions are often reduced to formalities. Housekeeping items crowd out more substantive questions. Directors may engage with the risk register once a year, but spend little time considering how risk informs long-term direction.
“When the board agendas are done, you have filled them up with all the compliance things and then you have no time for that. And that’s why my criticism to them is, why don’t you raise your questions saying, ‘I want to have a clear split of 30% compliance and 70% strategy discussions’?” said Schneider.
Ultimately, both speakers urged risk professionals to act as strategic partners, not passive functionaries, cautioning that they must co-own the process of managing risk, enabling better decisions, more resilient strategies and deeper organisational awareness.
No comments yet