Risk managers warned not to lose focus as ERM gains ground

The role of the risk manager in Sweden has matured in recent years, with Enterprise Risk Management (ERM) now used in most large companies. But, risk managers must be wary of taking on too much responsibility so that they do not lose focus, concluded a workshop at the Swedish Risk Management Association’s (SWERMA) recent annual Risk Forum.

When surveyed in a questionnaire initiated by Complete Risk Control before the workshop, however, Swedish risk managers expressed concern over areas such as the definition of the responsibilities of risk managers and the way in which risks are measured.

And, the workshop concluded that risk managers should not have to prove the added value that ERM brings to a company. The value of risk management should, instead, be accepted as good practice in any mature organisation, participants concluded.

hide

EMBEDDED

The workshop was led by Ulf Jonsson, Managing Director at UHJ Management and Partner at Complete Risk Control, and considered how well ERM has penetrated companies in Sweden. The discussion during the workshop and the results from the survey suggested that the outlook is ‘very positive’, Mr. Jonsson told Commercial Risk Europe in an interview.

The survey showed that Swedish risk managers believe that the ERM process is well known throughout companies, that the risk landscape is well known, that developments in risk management process can be monitored by most employees, that risk assessments take place before changes take place in organisations and that policies and guidelines are regularly reviewed and updated, he told CRE.

“ERM is well developed and the risk management process has developed in a positive direction. SWERMA has tried to support our members in achieving a better status and the role has moved on. Maybe not as far as we would like to see, as sometimes people call themselves risk managers when really they are just insurance buyers. But, it is more generally accepted now in larger organisations that there should be an ERM function,” said Mr. Jonsson.

“At board meetings nowadays there is nearly always a risk item on the agenda and that is definitely another positive step, although risk managers quite rarely appear themselves – it is usually the Chief Financial Officer or company lawyer who now regularly presents the risk situation,” he added.

The role of the risk manager may have developed positively in Sweden, but, the survey did reveal some areas of concern amongst its respondents.

Some 40% stated that risks are not measured in a consistent format, 34% claimed that risks are not objectively measured and only 30% said they have any information technology support to track dependencies.

It also appears that the definition of responsibilities and mandates for risk managers is unclear and that that there are still a lot of areas of responsibility that are not included in the risk mapping process, explained Mr. Jonsson.

The workshop concluded that risk managers should not over-complicate their role and responsibilities and should maintain focus on their key objectives and disciplines.

This position was initially expressed by Gustaf Hamilton, a Member of Honour at SWERMA and former risk manager at Statsforetag, during the opening of the workshop. He challenged the audience with his view that ERM can comprise too many functions.

“So whilst the role of the risk manager is going in the right direction maybe we are not doing ourselves a favour in trying to assume too many responsibilities, such as corporate social responsibility and ethics and the more exotic areas, and need to concentrate our focus more,” Mr. Jonsson said.

“So do not overcomplicate things. Identify risk processes that will actually help you identify, quantify and prioritise your risks and then stop there,” he added.

The workshop also concluded that risk managers do not necessarily need to prove the ‘value added’ of ERM to an organisation.

ACCEPTED

“We don’t need to make a business case. It is accepted that it is a good thing to have an ERM function,” said Mr. Jonsson. “For a mature company it should be taken for granted to have that risk management function, similar to treasury, legal and internal audit for example,” he added.

Mr. Jonsson gave two pieces of key advice for organisations that hope to ensure that risk managers gain traction within organisations and that the risk function is upheld.

One element is the need to have a key person in top management responsible for risk. Risk managers need to have someone who is prepared to defend them and make their case at the highest level, he said. To drive the process, risk managers must themselves ensure that their output is relevant to the board, he added.

The survey, carried out prior to the workshop, consisted of 319 respondents from various backgrounds. These included risk and insurance managers, chief financial officers, process safety managers, human resources managers, environmental managers and those responsible for ethics.

Back to top button