Gauntlet thrown down to risk professionals by IRM’s Andrew Keeling
It is getting faster, he continued, and events over and over again are occurring which suggest that organisations are not dealing particularly well with the new risks. Risk managers must step up to the plate, he urged.
The bottom line for risk professionals is how can they enable and inform discussion and decision making on risk and how can they influence strategy and the businesses planning process, he challenged delegates.
“I think we have got to take a long hard look at ourselves and say are we doing this in a way that is most optimum for our organisation? Do we have the authority and the ability to influence our organisation effectively? Indeed perhaps the measure of success is how effectively we can influence the strategy and business planning process,” said Mr. Keeling.
hide
“However, you can have the best risk management system in the world – the best quantitative and qualitative data and reporting system – but people make decisions,” he said. “And unless that is underpinned by cross-organisational ethics and integrity whatever we do will have little effect on our organisations’ overall decision making and direction,” he concluded.
These themes – the need for risk managers to develop in a manner which enables them to influence their organisations and the underlying importance of corporate culture, ethics and governance – remained high on the agenda throughout the conference.
And they were topics debated by the various risk experts gathered at Keele University, England, for the conference’s Question Time Panel: Challenges in Risk Management.
Panellist Bruce Hepburn, Chief Executive at specialist research firm Mactavish, stated that in certain cases risk management professionals are not penetrating organisations at the point in which they are making critical decisions. And, with risk increasing, there is the necessity for their greater involvement, he said.
“So that needs to change, whether that means a change in the type of people I suspect not. I think it probably needs risk people to do their jobs differently, under challenging conditions,” he explained.
Asked what changes were needed to facilitate this change and what advice they have for risk managers in order to help professionalise the industry, the panel agreed on the need to develop qualitative and consultative skills.
“I think most people have a level of technical excellence and I think you need that to progress, but, I think it is the qualitative skills that raise your game most quickly,” said Emma McConachie, an Executive Search Consultant at Talent2.
“So focusing on your gravitas,” she continued, “making yourself a more rounded individual to consult with your business rather than just focusing on the statistical side of things…improving your ability to link with the most senior stakeholders.”
“Technical skills are important, but, they do not make the difference between success and failure as a risk manager – it is down to your ability to influence people,” agreed Arnout van der Veer, Chief Risk Officer at Reed Elsevier in London. “It is crucial to train yourself once a year, as you would service a car, in presentation and negotiation skills,” he added.
The panel agreed that these skills are vital in order to ensure that risk managers are able to influence decisions, have dialogue with top management and ensure that their output is relevant to organisations and their boards.
They are also key to help avoid the risk management process becoming too bureaucratic, which is counter-productive to the profession as a whole and to be avoided, the panel argued.
“It is about adding value as a risk manager and going to the key people in your business and explaining what you can do to add value. Then bureaucracy goes out of the window, because people want to engage with you if they see that you are going to work with them to make the business better and their lives easier. So I think it is down to risk managers to change themselves,” said Ms. McConachie.
“It is in companies where top management is more engaged with risk professionals that the process tends to be less bureaucratic,” said Mr. Hepburn. “Where you see situations with a great deal of form filling and reporting, but little else, it tends to suggest that the risk function is not taken as seriously as it should be or has not been established,” he added.
Paul Moore, former Head of Group Regulatory Risk at HBOS, said that bureaucratic risk processes within organisations are more common than they are not. And he warned that there a lot of controls in the name of risk management which are not very well designed and hinder the influence of risk managers and make the process too dogmatic.
“If you have great risk management you can often reduce the complexity. And actually see the reduction in costs by the reduction in time of processes that we go over again and again in the name of risk management. But on balance I think we have quite a long way to go as a profession to get to that position,” he said.
When questioned about corporate culture and ethics and changes that he would like to see to the U.K. Corporate Governance Code, which is under review, Mr. Moore said that given the complexity and speed in which business operates he does not believe that the way boards are currently structured they can operate effectively.
“I don’t think yet there is an adequate separation and balance of power in the boardroom and the regulators should be focusing its efforts on supervising culture and ethics which they haven’t done. I don’t think we have gone far enough yet,” he argued.
On the corporate governance code Mr. Hepburn said that he would like to see the encouragement of organisations to focus on future risks rather than looking back at ones that have already occurred, which current corporate governance structures encourage.
“We found that companies pay a lot of attention to risks if they have happened before, to a competitor or a friend of a member of the board. What companies pay less attention to is low frequency high severity risk that has never happened before, they find that difficult. And I think the problem with a lot of corporate governance structures is that they embed that, because it is more risky for the chief executive to have a repeat of a similar thing to go wrong than it is for something new to go wrong. We have found that many of the risk management and governance approaches reinforce the focus on historic type of losses and do not encourage enough emphasis on the future,” he explained.
Richard Anderson, principal of Richard Anderson & Associates, a governance and risk management consultancy, who hosted the panel debate, argued that nothing will change until there is a ‘fundamental realignment of the legal duties underpinning the combined code’.
The fact that there is no potential penalty for non-compliance suggests that the less than professional approach, which has been adopted by many organisations towards the combined code, will continue to be adopted towards the U.K. Corporate Governance Code, he said.
“Until we see a paradigm changing duty of responsibility introduced for board directors to exercise due and diligent care in the discharge of their Corporate Governance duties, quite frankly tinkering with it will make next to no difference,” he added.