To keep communication channels open, risk managers must learn to speak the board’s language

Risk management

In today’s world, risk managers need to be able to do much more than understand the technical aspects of measuring, monitoring and mitigating risk in their organisation. They must be effective communicators, able to see the bigger picture so they can provide the right information at a senior level. And they must be able to talk to the chief executive and board in a language they understand.

“It seems to me that those risk managers who are so deep in their own technical world can be very expert in their field but ultimately fail the test of being relevant
to senior management, because they’re not talking the language of the business,” says Patrick Smith, director of risk and claims management (Europe, MiddleEast and Africa & Asia Pacific) for Hertz International.

Across the spectrum of industry, governance, risk and compliance issues have continued to move up the boardroom agenda. Economic turmoil, political upheavals and natural disasters, all combined with advancing globalisation and rapid technological development, are creating a new era of risk for businesses and causing a fundamental shift in risk management, according to Risk in Review, a report from PwC that surveys over 1,000 executives and risk management leaders.

The proactive offensive era
Forward-looking companies are responding by shifting their risk management focus in several fundamental ways: from internal to external, from operational to strategic, and from bottom-up to top-down. The growing prominence of the chief risk officer role is one way of putting risk management on the “proactive offensive” instead of “reactive defensive” by making it easier to effect senior decision-making, according to PwC.

A key aspect of this “new era of risk” is ensuring organisations’ strategy and risk appetite is aligned. And this is where the risk manager comes in.
Ultimately, the basic charter of any risk management department is to protect the assets of the company through effective risk assessment and control. Risk managers therefore need to be strategic in their thinking - able to weigh up short-term pressures with longer-term goals and objectives. The better top management understands, supports and buys into these risk management goals, the more success an organisation will have.

“What we term ERM is far more embedded in organisations these days,” Smith says. “My observation among corporations is that they are risk-savvy and risk is on the agenda in the different disciplines within organisations. So certainly the channels of communication are there, but you have to exploit those channels with expert communication. The risk manager who communicates poorly is more exposed if there are more channels of communication.

Understanding the organisation
“The risk manager who is most valued will be the one that understands the organisation they work for, the trading environment, will look at competitor activity and potential macro factors, as well as the short-term objectives that need to be delivered, and continually look to benchmark those things under the risk manager’s responsibility,” he adds.

The next step is being able to summarise all the moving parts - including key risk indicators and the main operational risks - in a way that is relevant to senior management. For Smith, this means cutting out the jargon and demonstrating that you understand the business, both operationally and financially.

“There is no harm in being very technical, because the devil is in the detail, but the board typically won’t get past the first page of A4 or the first three slides,” he warns.

“What they’re looking for is the aligned relevant commercial summary, potentially with a recommendation, with the ability to dive deep should they so wish, which is where the detail comes in.”

Keep it simple
“I’m not suggesting risk managers should be less technical, but being too technical in how one communicates doesn’t really help the business,” he adds. “The way I approach it is to avoid paralysis by analysis, especially as generally it’s a simple point you’re trying to make. Translate financial impacts into the currency of the business: if your business delivers milk, convert the financial impact into pints of milk.

“That gets attention and it shows that you’re aligned to the business. It moves you out of the technical black box and you’ll be listened to because they can understand what you’re talking about in their currency.”

The need to provide a holistic view of risk will continue to grow in today’s interconnected world. New and emerging risks, globalisation, economic pressures and increasing regulation will ensure risk management remains high on the boardroom agenda. The board needs to understand the sources of uncertainty that could impair its ongoing operations or prevent it from achieving its goals. Armed with the right information, it will be best placed to make the right decisions.

And in what is arguably a riskier world, risk professionals will continue to have an important role in shaping these senior decisions. For the individual risk professional, the ability to communicate on the different levels within an organisation, bringing together different disciplines, will continue to be an important skill.


Expert view: Neil Habgood,Associate Partner, IBM Global Business Services

At its heart and if executed well, Enterprise Risk Management (ERM) can effectively support an organisation in achieving and exceeding its commercial objectives. If a company takes too much risk it can quickly become swamped and may falter. If it takes too little it can easily “miss the wave” and fall behind the competition. The trick is getting this balance right…

To be effective a good ERM programme needs to meet a number of different criteria. Firstly, it often needs to work across a number of different silos to drive consistency.
Additionally, the correct behaviour needs to be properly embedded in the business with the tone set from the top and risk managers acting as a guiding hand.

It can be difficult to achieve the delicate balance between cost of control and the actual risk exposure. Sometimes it’s easy to “over mitigate”, or even prevent the organisation undertaking a specific course of action, thus risking degrees of paralysis or unnecessary cost burdens to the business. For that reason, commercial pragmatism should underpin all ERM efforts. Risk managers will only gain the confidence of the business by demonstrating this awareness along with a firm grasp of the complexity of the organisation’s ever-evolving risk landscape. This is not about curtailing risky decisions - after all these drive value - but ensuring they are properly informed ones.

In addition, risk managers need to understand the limitations of modelling. Models cannot predict events, merely the potential impact of a given scenario. Organisations should invest appropriately in “preparing for the unexpected”, look out for the real “value-killers” (remembering the compounding effect of multiple risks can suddenly creep up on the unaware) and build resiliency into their organisations.

Furthermore, the potential upside of risk needs appropriate attention and organisations should avoid getting bogged down in exhaustive mitigation activities. Loss of “corporate memory” and reward cultures can also favour short term upside decisions at the expense of longer term risk.

In summary, if it’s positioned correctly, ERM can help the business achieve its ambitions. For its part, technology can be a key enabler of ERM. But it is far from being a panacea in its
own right. While judgement must remain at the heart of good risk management, appropriate risk analytics and integrated enterprise wide solutions can make a real dif erence by driving improved synergies, consistency, root cause analysis, understanding of risk exposure and thus, ultimately, decision making.


The top five communication tips for
risk managers

  1. Speak up. Establish an ongoing dialogue with your board with regular briefings to back-up in-depth annual reports.
  2. Be relevant. Demonstrate you understand the commercial objectives and goals of the organisation. Show you have synthesised and researched ideas and inputs from a number of sources.
  3. Be decisive. Don’t put your desire for perfection ahead of the need for decisive action and advice.
  4. Avoid the jargon. Summarise the more technical aspects of risk management in a language that your senior management understand.
  5. Use the balanced scorecard approach. Make sure that all the factors that shape decision-making are laid out on the table.


How risk managers can respond in a crisis

Being decisive and communicating well is never more important than during a crisis. Those organisations in the best position to survive major disruption - whether external or internal - are the ones that get sound risk advice at a senior level.

“It’s not so much what happens in an organisation, it’s how you respond to what happens that matters,” says former Airmic chief executive Alan Fleming. “If things go wrong it’s important that there’s the right communication, because if you can’t get the right people together or the right information through, then chances are that mistakes will be made.”

Fleming has a career in risk management that spans more than 30 years, including roles at chemical giant ICI, Guinness plc, Diageo, Railtrack, Aon and the Guernsey Financial Services Commission. It was during his time with Railtrack, when the company had three of its biggest losses, and at ICI in particular, that his worth as a risk practitioner was tested.

Get the message through

Getting the right messages through to senior management during a crisis is often difficult, particularly if the board is under pressure to respond to what is happening.

Where insurance companies are involved, it is essential to follow correct procedures. Responsibility falls to the risk manager to ensure insurance arrangements are not compromised by knee-jerk reactions at a senior management level.

When an ICI explosives truck exploded in Peterborough in 1989, injuring 80 people and killing a fireman, the company was keen to accept liability and do what it could to compensate those affected. But a process needed to be followed, says Fleming.

“There was a condition in the insurance policy that you couldn’t admit liability unless you got the agreement of the insurers,” he explains.

“That was the big issue. The chairman was desperate to admit liability and sort everything out and we had to say, ‘Wait, you can’t do that’. We quickly pulled together a meeting with the insurers and got the agreement to do that and then we got on with sorting it out. That mitigated the situation substantially.”

Voice of reason

Fleming was once again a voice of reason following the Ladbroke Grove and Hatfield rail crashes in 1999 and 2000.

After Hatfield, there was a lot of pressure on the Railtrack board, which responded by imposing speed restrictions around the country.

Fleming recalls: “I was luckily in the office that morning and I said, ‘I don’t think that’s covered by insurance.’

“Because when you take a decision like that, it is way outside the normal consequences of what would be expected and so would not be covered by consequential loss insurance. I had to get that message through right at the start and they accepted the position.”