From apprenticeships and qualifications to professional development and employability skills. Supporting learners, partners, and centres with tools to deliver, assess, and grow.
Join a professional community committed to excellence in management and leadership. Access exclusive resources, and recognition pathways including Chartered Manager.
Connect, celebrate, and lead with CMI’s vibrant community. From events and awards to networks and campaigns, get involved and help shape the future of management.
Stay informed with expert insights, thought leadership, and the latest in management. From in-depth features to practical guidance, explore the ideas shaping today’s workplace.
Learn about CMI’s mission, values, and impact. From our Royal Charter to governance, careers, and sustainability commitments, discover who we are and what drives us.
07 June 2012 -
If the objective of boards is to drive their businesses forward while managing risk and respecting stakeholders, why do so many of the people charged with managing risk struggle to get time on the boardroom agenda? Most recently, I came across the frustrated group financial controller of an international manufacturing company struggling to get boardroom time for the very real risks resulting from countries exiting the Eurozone, perhaps because the board saw this as an uncontrollable risk – a rare beast indeed (see box, bottom right). So how do we give ourselves – the risk “owners” if you will – the best chance of engaging the board?
In my experience, simply stating that there is a risk that needs addressing is unlikely to persuade a board to act. Completing risk registers or directing internal audit to review the issue, will also not necessarily provoke attention. I suggest that the first place to start is asking some fundamental questions about risk management activities;
1. Do you have an accountable risk officer or champion who has direct access to the board or CEO?
2. Is the risk management process in your company clear, documented and organised?
Without these in place consistent board engagement could be problematic.
Put yourself in the shoes of your board. Almost everything they see has some degree of risk associated with it. The chief financial officer of a large construction and engineering company summed it up to me recently: “I think we are excellent at managing core project risk – tell me if we are not! Otherwise, articulate the gaps in risks and control processes; where, if we did better, the business would be substantially stronger.”
Designating what I will call a risk champion can equip the board to make informed fact based decisions concerning risk. A risk champion – not necessarily a full time role – acts as a focal point in scanning for risk internally and externally. They can define processes to enable the organisation to order risk priorities and assess the plans for mitigation. Multiple risk owners feeding into different board members on functional lines should not to be discouraged, but a risk champion brings independent challenge.
The risk champion can ensure the board is presented with an assessment of the risk, mitigation already in place, some recommendations on courses of action, and the cost benefit of any resources required. In other words, take care of the risk or define solutions – the board is expecting it.
The board can also do much more than react. Boards should be encouraged to bring their collective wisdom to the risk debate. The board of Royal Dutch Shell regularly meets and plays out disaster scenarios to test whether the organisation is best equipped to deal with them. After the financial crisis, analysis of so-called black swan events – high impact, low probability – is increasingly on the board agenda. Executives with other roles and non-executives will come to the fore with experience of what others are doing to control the ‘uncontrollable’.
In my experience boards will engage if they have confidence in the underlying processes for risk identification and management; being able to make decisions with the assistance of fact based analysis.
There is a tendency in some companies to treat risk as external and uncontrollable. Much can still be done. This could include revising customer and supplier contracts, reviewing the financial stability of counterparties and having worked through contingency plans.
Alex Plavsic is head of fraud services at KPMG Forensic UK
› The persistence of presenteeism and other nuanced nonsense
› A new age of vulnerability: why inclusive leadership matters more than ever
› Ask yourself: "How do I make my employees feel?"
› Finance and the Diversity Dividend
For more information or to request interviews, contact CMI's Press Team on 020 7421 2705 or email press.office@managers.org.uk
› The 5 Greatest Examples of Change Management in Business History
› Four companies that failed spectacularly, and the lessons of their premature demise
› 6 companies that get employee engagement – and what they do right
› 4 Signs That Racism May Be An Issue In Your Workplace
› How to build an Effective Team: focus on just 3 things