As the adage goes, it takes years to build a reputation and minutes to ruin it. Just look at the catastrophic damage to reputation experienced by companies such as HSBC and FIFA, or VW following its emissions scandal. With firms facing unprecedented regulatory and compliance challenges, Chief Risk Officers are playing an increasingly valuable role in identifying, understanding and managing environmental, social or governance (ESG) risks. But how do they get others within the organisation to develop the right attitude to risk?
In a paper written for the Harvard Business Review writers Anette Mikes, Matthew Hall and Yuval Millo discuss the relative success rates of two CRO’s in their ability to influence their respective UK Financial Service organisations. Through their analysis they identified four key competences or ‘Ts’ that can help CRO’s gain influence.
- finding new opportunities to use expertise
A key role for the CRO is to single out uncertainties and convert them into manageable risks. Central to this approach is understanding the company’s strategy and business operations at a granular level so that internal and external factors of risk can be exposed. The CRO can achieve this via multiple routes: by forging closer working relationships with internal staff; intimately understanding the companies’ products, industries and countries of operation; and attendance at relevant committee and board meetings. This also gives the CRO the opportunity to give a risk management perspective in the discussion of important decisions.
- developing and deploying tools that embody and spread expertise
Identifying perceived risk factors is just the first step. The CRO also needs to produce tools in an accessible language and format that enable others to analyse and interpret issues of concern. This might be a quarterly risk report or future-oriented reporting, such as scenario planning templates, and early warning indicators that alert to potential risk.
- using personal interaction to take in others’ expertise and convince people of the relevance of your own
Producing tools should be a team effort. One approach could be to co-opt people into collaborating on the development or improvement of tools, inviting feedback and incorporating that into the design. The managers can then review the tools with senior staff, offer feedback and influence the final templates. Engaging others in the process encourages staff advocacy and makes them more willing to adopt and adapt to new ideas.
- personally helping decision makers understand complex content
In order to be useful and actionable, reporting tools and results need to be translated into a language that speaks to its audience. To facilitate this, CROs and officers could work alongside board members and business managers when considering their tools and outputs. The business benefit? Better visibility that encourages organisational debate and decision-making by keeping everyone engaged and informed.
The role of Risk Management Systems
To achieve these four steps requires a new approach by risk teams and new generation of risk management systems that can support them to:
- Increase efficiency to release resources to focus on these four areas
- Enable staff across the business to engage in the process of data entry and Incident reporting
- Facilitate more collaboration
- Produce flexible reports and dashboards that can be tailored to the target audience