Traditional Risk Management (TRM) is comparable to a very complex puzzle with many pieces that have many connections and relationships. The industry norm/tendency is to jump into the middle of the puzzle and start working.
The problem is that TRM is a complex but smaller puzzle that fits inside a larger “Enterprise Risk” puzzle. Many of the obstacles and struggles traditional risk managers face are due to other relevant and connected pieces of the larger enterprise puzzle that often do not get identified and/or appears to be out of their control.
Because of the complexities of the organizational risk puzzle (TRM & Enterprise Risk) and the relationships that exist between them, traditional risk managers can find value in first focusing on the foundation (edges) of the TRM puzzle that 1) puts structure and accountability to “their” process area (TRM) and 2) make broader and relevant enterprise connections.
Foundational pieces (edges of the puzzle) include 5 essential pieces that deal with “A Strategic Platform”. By starting with the strategic pieces first, other important pieces to both the TRM and larger Enterprise puzzle will start coming together.
The Edges – Essential Pieces
1 – Change the Dynamics -Transition from Overhead to a Business Function
How a company looks at Risk Management sets the tone for how a risk leader functions. The risk management process can be looked at as a “Business Function” which is instrumental to the mission of the organization or as “Overhead” which is a necessary expense. Most companies look at TRM as overhead. Overhead has the tendency to bring with it an overtone of less importance and less value which transitions into platforms that demand less accountability.
Risk leaders have the ability and responsibility to change the dynamics. A risk leader’s first step in creating a strategic platform is to take ownership to run their process area (TRM) as a “Business Function”. By making this move, they are committing to play by the same rules as other core business functions.
The rules dictate that you own results and find ways to be successful in spite of the obstacles. There are responsibilities, accountabilities and liabilities in owning a business function. There is a responsibility to understand broader organizational obstacles that are connected. There is accountability to be “Business Savvy” in cutting through these broader obstacles and there is liability if key metrics are not tracking in the right direction.
2 – Focus on Human Motivation
Organizations are complex. All Business Functions (sales, HR, production, etc.) have their own difficulties and challenges, but are required and accountable to meet their budget, objective and goals. The TRM challenge is typically no more or less difficult than other business process areas. It is simply different. As a Traditional Risk Manager, the challenge is moving people to action (safety) where there are multiple distractions, limited buy-in and siloed environments.
Moving people to action in complex environments requires tapping into “Human Motivation”. This is typically not on the radar or a focus in TRM. TRM (the industry) typically jumps to policies and compliance forcing and rewards, punishment and oversight which are non-sufficient motivators in complex environments.
A strategic platform requires leaders to put time into figuring out what true motivators look like. Although it may seem like a big mountain to climb, by simply focusing thoughts, resources and control activity on “Inclusion Platforms” as the base, leaders will be tapping into a strategic platform that then gets fueled by a new and different type of control activity.
3 – Create an “Identity” Founded in a Platform of Inclusion
Traditional Risk Managers can set the stage for a strategic platform by defining their identity. An essential part of operating strategically is making it clear where you are going and figuring out how to make stakeholders part of the process. Successful leaders put the multipliers in place by engaging and empowering stakeholders.
In an inclusive platform, the identity is a view of the risk leader’s plan to solicit support from all stakeholders, especially those closest to the front line. It sets a very different set of expectations. In an inclusive platform, what is stated in the identity statement will put structure to the process by driving stakeholder roles and responsibilities as well as controls and processes.
4 – Establish and Maintain the Baselines
If you are the leader of a business function, it is not acceptable for foundational metrics to be tracking in the wrong direction. Leaders of a “Business Function” are responsible for budgets that drive results. These budgets force annual projections that leaders are accountable to.
A strategic platform in the TRM space requires this type of focus and attention. The “Baselines” are the budget equivalent. There are essential components of a risk system that are foundational to getting better. These are items that need to be defined, tracked year over year and used to set goals and track success. Like the “Budget”, if they are not in place, there is no accountability to where you have been and where you are going.
For TRM, the essential baselines that need to be in place are a) company’s Total Cost of Risk of Risk , (b) Risk Culture and c) Control Activity. Establishing the baselines and defining & managing these areas with business savvy is an essential part of a strategic platform.
5 – Put Structure and Accountability to the Process
Strategic platforms require structure to accountability. An essential part of structure includes having a way to capture, organize and prioritize risk (a risk register). It includes having structure to a “Plan Process” that includes a plan description, the 3 Lines of Defense and how groups of people will operate, mitigation, a monitoring process, incident management, workflow management and change management.
The structure needs to be supported by an effective rating process that supports logic to decision making in the midst of limited time & resources.
By focusing on the “Strategic Platform” (foundation edges) first, the Traditional Risk Manager will be setting a vision that holds value, motivating stakeholders and establishing structure to risk continuous improvement and continuity.