Bridging the risk management gap

Lene Ritz, corporate enterprise risk and insurance manager, legal and risk at Danish shoemaker ECCO, is an eager proponent of enterprise risk management (ERM). But is there confusion around what ERM is?

“It general it is not misunderstood,” she says. However it is typically based on a framework as opposed to an exact definition that leaves no room for interpretation. Ritz argues that this flexibility is important even if it means the definition and terminology are not the same across businesses. “This is as it should be,” says Ritz. “Every business and every company has different needs.”

That said, Ritz does concede that more could be done within the risk management community to clearly define all the different roles of risk professionals. “Maybe within our own profession, we could communicate more clearly what area we are working within. We use our titles inconsistently – we have risk managers, insurance managers and enterprise risk managers. Maybe we need to work on a consistent use of titles.”

As a board member at the European risk management association Ferma, Ritz sees her mission to challenge and develop the perception of ERM. She is eager to promote a common terminology around ERM, something she is also doing through the promotion of the RIMAP certification.

Ritz is also looking to develop more awareness of ERM and its benefits throughout the risk management community. For example, insurance buying can be informed by the input of the ERM function, while the ERM function relies on the input of all other departments, from the IT team to internal audit.

“You have to look at the total control environment,” says Ritz. “It is about different parts of the business learning from each other in terms of how they see risk and how it is managed. It is crucial to have the involvement of functions beyond the ERM team. Personally, I am very keen to learn from the audit side.

“You always need the commitment of the senior management to have success with the work with ERM, which really demands perseverance. ERM is also much more effective in managing the company’s exposure but if you want it to be successful, it also has to make sense to the whole company – your colleagues.

Perception gap

“And we really need to bridge the perception gap between ERM and insurance,” says Ritz. “It is important to develop an efficient process for data gathering to be used for both functions instead of separate processes. ERM has a broader remit than insurance buying. However, that is exactly why it matters!”

As an ERM specialist, you have to make sure you define efficient and valuable processes in order to prevent the function turning into a reporting monster, says Ritz. “This means for example, ensuring no duplication of paperwork or risk reporting so that no one is being asked to provide the same information twice to two different parties,” she said.

Ritz was the proud recipient of Ferma’s Public Sector Risk Manager of the Year award in 2020 while chief risk officer and team lead at Energinet, where she set up an ERM framework for the Danish state-owned energy transmission operator. Before that, she was recognised with the Risk Manager of the Year award from Danish risk and insurance management association Darim.

She is now looking to challenge herself in her new role with Danish shoe retailer and manufacturer ECCO. “I am ambitious and it takes time to do it well. It is not the process that is challenging, it is the change management – the people perception. We are all human,” said Ritz.

Working with ERM requires persistence, relentless work and constant engagement, says Ritz. “I can take my experience from previous jobs with me but it is a different business, with different colleagues and governance. Communication is my top priority. I will focus on what both ERM and insurance specialists do, and will be working as always to see what can be done to create an optimal hybrid of the two roles,” said Ritz.

Public to private sector

Her move to the new position has also taken Ritz from the public sector to the private sector. Are there any differences in terms of risk management between the two? “Everybody has to follow the law, regardless of whatever industry they are in. But in the public sector, there are more audit steps to follow in terms of both internal and external audit plus other gates, and there is presumably in general a higher demand for documentation,” says Ritz.

The higher bar in the public sector due to also legislation around compliance may also lead to a difference in the prioritisation of – and support for – risk management between private and public companies, says Ritz. There may also be a difference in risk appetite, with public companies more likely to seek 100% internal and external compliance even if it comes at a financial cost.

However, Ritz also hopes that the introduction of the new non-financial risk directive will bring public and private sector risk management close together. “In general, non-financial risks are prioritised more in the public sector, maybe assessed on a different scale and it is generally more tightly regulated, but the alignment over time will get closer and one way is with directives.”

There are also differences in terms of insurance buying. “Public companies need to follow the EU procurement rules in the public sector but not on the private side,” says Ritz. “It is a completely valid process but it needs to be modified, defining more closely the rules around specific details when buying insurance in the public sector. For a public company buying complex insurance when there are 20 companies involved, the rules are not necessarily clear.”

Another objective for Ritz is to improve the age diversity in the risk management industry and to attract a younger generation, at a time when risk management has never been more important. “In the EU, we are in a critical state,” says Ritz. “There is a higher demand for risk and insurance managers, so we need to be prepared and to have the necessary competencies. The need for new talent in the profession will continue for years to come, so it is up to us in the profession and the organisations such as Darim to get younger people into the industry,” says Ritz.

To address the age diversity issue, Ferma has taken the initiative by inviting a number of young students and risk professionals to attend its 2022 Risk Forum, which will be held in Copenhagen in October.