Why you must get on board with risk management

07 June 2012 -

Risk management is crucial to firms’ health, yet risk managers themselves often struggle to get the ear of the board. Alex Plavsic shows you how to make them listen

If the objective of boards is to drive their businesses forward while managing risk and respecting stakeholders, why do so many of the people charged with managing risk struggle to get time on the boardroom agenda? Most recently, I came across the frustrated group financial controller of an international manufacturing company struggling to get boardroom time for the very real risks resulting from countries exiting the Eurozone, perhaps because the board saw this as an uncontrollable risk – a rare beast indeed (see box, bottom right). So how do we give ourselves – the risk “owners” if you will – the best chance of engaging the board?

Ask for direction

In my experience, simply stating that there is a risk that needs addressing is unlikely to persuade a board to act. Completing risk registers or directing internal audit to review the issue, will also not necessarily provoke attention. I suggest that the first place to start is asking some fundamental questions about risk management activities;

1. Do you have an accountable risk officer or champion who has direct access to the board or CEO?

2. Is the risk management process in your company clear, documented and organised?

Without these in place consistent board engagement could be problematic.

Risk champion

Put yourself in the shoes of your board. Almost everything they see has some degree of risk associated with it. The chief financial officer of a large construction and engineering company summed it up to me recently: “I think we are excellent at managing core project risk – tell me if we are not! Otherwise, articulate the gaps in risks and control processes; where, if we did better, the business would be substantially stronger.”

Designating what I will call a risk champion can equip the board to make informed fact based decisions concerning risk. A risk champion – not necessarily a full time role – acts as a focal point in scanning for risk internally and externally. They can define processes to enable the organisation to order risk priorities and assess the plans for mitigation. Multiple risk owners feeding into different board members on functional lines should not to be discouraged, but a risk champion brings independent challenge.

The risk champion can ensure the board is presented with an assessment of the risk, mitigation already in place, some recommendations on courses of action, and the cost benefit of any resources required. In other words, take care of the risk or define solutions – the board is expecting it.

Collective wisdom

The board can also do much more than react. Boards should be encouraged to bring their collective wisdom to the risk debate. The board of Royal Dutch Shell regularly meets and plays out disaster scenarios to test whether the organisation is best equipped to deal with them. After the financial crisis, analysis of so-called black swan events – high impact, low probability – is increasingly on the board agenda. Executives with other roles and non-executives will come to the fore with experience of what others are doing to control the ‘uncontrollable’.

In my experience boards will engage if they have confidence in the underlying processes for risk identification and management; being able to make decisions with the assistance of fact based analysis.

Uncontrollable risk? Unlikely

There is a tendency in some companies to treat risk as external and uncontrollable. Much can still be done. This could include revising customer and supplier contracts, reviewing the financial stability of counterparties and having worked through contingency plans.

Alex Plavsic is head of fraud services at KPMG Forensic UK