In the RIMS 2012 report “The Evolving Role of the Risk Professional”, recommendations included that risk managers view risk in a new way that “builds internal alliances, and enhances the strategic decision-making capability”; this in turn would require “specialized communication and technical skills”. According to a Deloitte study, however, risk professionals are still perceived as working in silos, using limited skill sets. This post examines the risk manager’s required competencies.
The Definition of Risk
The definitions of risk given in the standards (e.g., ISO, COSO, AS/NZ) give the basis of my argument. They connect risk with organizational goals and objectives. These definitions imply the expansion of risk management beyond the conventional scope of corporate finance/audit and commercial insurance. New aspects of the risk management function — 6 specific roles — are discussed next.
1. Risk Manager as Planner
In this role, the risk manager’s first consideration is: what is the state of the organization’s planning practice? Formal planning practice might be altogether missing, or just not effective. We should look for clarity in corporate identity and mission statements. Are strategic goals and operational objectives actionable? Risk assessment is premature when program managers have not properly articulated their plans. Risk managers, therefore, become planning consultants by recommending the proper formulation of goals, objectives, and values. Use consistent definitions of these terms.
2. Risk Manager as Researcher
We should encourage a research process, to inform planning. This signifies environmental scan to identify not just general conditions, but trends specific to the lines of business. Unless plans are well informed, key risks regarding developments in other jurisdictions or among competitors will be missed.
3. Risk Manager as Facilitator
Risk professionals act as a shared resource to demonstrate the risk identification/assessment process, and to transfer those skills. Basic facilitation techniques can help. Risk leaders can also act as internal consultants to help analyze specific projects and initiatives. Identifying risk in policy that is highly contentious and emotionally charged will especially require training in facilitation.
4. Risk Manager as Innovator
Opportunity is significant, but not just as a novel condition to be exploited on an ad hoc basis. Rather, a structured program of innovation will seek out opportunity. Periodic risk assessment is part of a systematic approach to greenhouse and develop new ideas. The aim is to add value by obtaining efficiencies, process improvements, or new product and service combinations. Risk managers must therefore be familiar with the innovation process, which is already a well developed field.
5. Risk Manager as Scenario Builder
Scenario building answers the planning need when projects are extended out into the future, with high uncertainty and complexity. Together with research into trends, scenarios — distinct from forecasting — offer a way to deal with future unknown conditions. Risk managers need something in their tool kit that will answer the demand to analyze long term strategic and emerging risk. It is a matter not of conventional forecasting, but of an ordered method to check the resilience of plans against critical futures.
6. Risk Manager as Negotiator
A refined and comprehensive risk identification and assessment process, once it is demonstrated to solve complex business problems, will be in demand. It will have even more credibility in the eyes of session participants when it has the stamp of an international standard, such as ISO. This means that the risk process is an ideal negotiation tool. Contentious proposals, when properly prepared in joint context statements, can find workable solutions through the risk ID process. The crucial point is to have participants sign off on common goals and values. Good facilitation skills then enter the picture.
Negotiation is also required merely to coordinate existing risk management practices in separate domains (e.g., environmental; IT security; OHS). The aim here is to ensure that existing practices are aligned with corporate goals, and so working to a common purpose.
Risk managers, thanks to the advent of ERM and the necessity to participate in diverse planning and management settings, are now challenged to conceptualize more broadly their role. They can develop the requisite skills, first by testing and refining the core process: the risk ID and assessment procedure. Demonstrate unequivocally that the process helps to solve business problems. You can then build on that success.
In this post we have reviewed the risk professional’s new roles in corporate planning and research; innovation and process improvement; scenario building; facilitation; and negotiation.