Becoming a Valuable Risk

Manager

SECRET RECIPE FOR RISK

MANAGERS

Alex Sidorenko, Elena Demidenko

A good book

With a not so great cover

A cover like this could have been better

Most employees are not fully aware of what is the value of Risk
Management

 until it is too late and they have to learn it in a Motivational Speech

Risks would not come knocking to our door asking to be managed:

It is of our responsibility to make other employees

aware of the value of risk management.

Risk Management should target three objectives:

Drive risk culture

2. Help integrate risk management into business
3. Become a trusted advisor
1.

1. Drive risk culture

a) Define the overall risk profile
b) Help set the tone at the top
c) Help define risk management roles and

responsibilities
d) Remember to keep it simple

1. Drive risk culture

a) Define the overall risk profile
)Create culture that:

Supports proactive risk management

Encourages intelligent risk taking
This requires developing (or getting to know) the risk profile of the organization

)Get to know senior management expectations for a risk profile and from risk

management
)Select a risk analysis methodology
)Analyse top risk vulnerabilities

Shelf data review: CRITICAL

Historic losses or incidents
Pre-existing risk assessments
Insurance coverage and claims history
External reports on the company
Reports on peers
Interviews with selected senior managers

1. Drive risk culture

a) Define the overall risk profile
)Prioritize identified risks
)Manage most significant risks

Transfer risks
Reduce risk by adopting alternative approaches
Accept the risk and develop contingency plans
Identify and monitor the interdependencies
Allocate ownership fortop risk vulnerabilities
Check how effectively risks arebeing controlled

1. Drive risk culture

b) Help set the tone at the top
) Facilitate the assessment and communication of the companys risk appetite
) Employees come from different backgrounds, will have different perceptions of what

levels of risk should be tolerated. Therefore, break risks in:

Zero tolerance risks
) Should be communicated across every level of the organization
) Health and safety
) Fraud
Tolerable if it creates value and is measurable
) FX Risk
) Quantifiable measures should be put into place
Tolerable if it creates value but is difficult to measure
) Reputational risk

All should have controls to be monitored

1. Drive risk culture

c) Help define risk management roles and responsibilities

Frontline or business:
Executives, business unit management, and staff are responsible for timely risk
)
)
)

Risk-management functions: Risk- management teams are responsible for:

)
)
)
)

identification
management
and reporting.
methodology development
facilitation
Education
guidance, and support.

Teams may also play a role of quality control and aggregation of risk information.
Independent bodies like the internal audit team and the board provide an independent
oversight that the organizations risk-management is in fact working as documented in
the policies and procedures, and key corporate risks are being managed.

1. Drive risk culture

d) Remember to keep it simple
) Golden rule
) Risk management initiatives should be clear to everyone and easy to embed to normal

business activities
) Talk accepted business language instead of risk management terminology

Talking VAR, EAR and so on is appropiate when talking with risk team, CFO or other financial officers
Might be a turn-off to the marketing director or corporate lawyers

2. Help integrate risk management into business

a) Involve staff as much as possible
b) Integrate risk analysis into decision making
c) Create network of risk champions
d) Provide risk management training
e) Assist management in evaluating projects and

opportunities using risk analysis

f) Facilitate open communication

2. Help integrate risk management into business

a) Involve staff as much as possible
Success of risk management depends of corporate culture
Involve people in the process since the beginning
Make sure important risk-management messages from the board or
senior executive team are communicated throughout the company.
Where particular risks affect several business units, facilitate
collaboration.
Good practice:
)
)

Risk manager does preliminary risk research

Comes up with suggestions for potential vulnerabilities and risk
management strategies
Then brings management and staff to actualize risk assessment,
identification and mitigation

2. Help integrate risk management into business

a) Involve staff as much as possible
Success of risk management depends of corporate culture
Involve people in the process since the beginning
Make sure important risk-management messages from the board or
senior executive team are communicated throughout the company.
Where particular risks affect several business units, facilitate
collaboration.
Good practice:
)
)

Risk manager does preliminary risk research

Comes up with suggestions for potential vulnerabilities and risk
management strategies
Then brings management and staff to actualize risk assessment,
identification and mitigation

2. Help integrate risk management into business

a) Involve staff as much as possible
Success of risk management depends of corporate culture
Involve people in the process since the beginning
Make sure important risk-management messages from the board or
senior executive team are communicated throughout the company.
Where particular risks affect several business units, facilitate
collaboration.
Good practice:
)
)

Risk manager does preliminary risk research

Comes up with suggestions for potential vulnerabilities and risk
management strategies
Then brings management and staff to actualize risk assessment,
identification and mitigation

2. Help integrate risk management into business

e) Assist management in evaluating projects and

opportunities using risk analysis

Analyses should be comprehensive, yet easy to read and

understand
Include:
)
)
)
)

Financial implications
Reputational
Enviromental
Safety

Document key external drivers that can impact the project

2. Help integrate risk management into business

e) Facilitate open communication
Speak the business language
Identify all stakeholders you need to influence
)
)

Always best to get senior managements buy in first (when

possible)
Identify main motivators, hobbies and interests

Risk management is very untangible, make your best effort to

make it tangible to your audience
)
)

Tell a story to engage people A single death is a tragedy, a million

deaths is a statistic
Relate to the motivators hobbies and interests of your target
audience

2. Help integrate risk management into business

e) Facilitate open communication
Share information about key risks between divisions
)
)
)

Distribute corporate risk reports to all company stuff (discuss?)

Post all significant risk communications on the intranet
Share key lessons learned from realized risks between divisions

3. Become a trusted advisor

a) Scan the horizon often, and remember to challenge
b)
c)
d)
e)

assumptions
Inform management about emerging risks
Conduct risk research upon managements request
Have a network of risk managers from peer
companies
Fine tune your own risk-management skills

3. Become a trusted advisor

a) Scan the horizon often and remember to challenge

assumptions

Two recent studies by Corporate Executive Board and Deloitte

Touche Tohmatsu:
)
)

Over 65% of the time, most damaging are external strategic risks
that cause more damages to the companies
Much more than from financial risks or operational failures

3. Become a trusted advisor

a) Scan the horizon often and remember to challenge

assumptions

Two recent studies by Corporate Executive Board and Deloitte

Touche Tohmatsu:
)
)

Over 65% of the time, most damaging are external strategic risks
that cause more damages to the companies
Much more than from financial risks or operational failures

Conclussions
Risk management is about:

Tools and techniques, as much as,

Cultural change and the mindset of employees

Very important NOT to position risk management as

a separate and independent activity

Should help integrate risk management into business

Risk Managers should aim to become a trusted

advisor

Enjoy the Ride

But stay firm in rejecting zero tolerance risks