Risk managers may know the severity of certain threats, but can they convince the board those risks matter too?


Communication is a key tool in any risk manager’s armour. Often a risk professionals’ success or failure comes down to their ability to convince the board and other senior executives of the importance or severity of certain risks.

This might be for budgetary support or straightforward sign-off, but there are times when risk managers will need to ‘pitch’ the importance of risks to the c-suite.

“Risks are not things that can be conjured,” says Nicholas Tan, senior vice president, business development for Marsh Singapore.

“When risk managers wish to highlight specific risks to board members and senior management, there needs to be context and background.”

Tan says this might involve emerging risk issues that the industry has begun to examine, or even risks that have surfaced or been spoken about at operating levels.

“At the initial stages, the risk manager is not required to have an immediate solution to the risk,” he says.

“However, he or she has the responsibility to surface the risk, so that the board and senior management is aware of the organisation’s potential vulnerability, and begin thinking about these potential issues.”

Tan says risk managers should also bear in mind that board meetings may take place infrequently.

“By highlighting risks early, they are giving the board members adequate time to digest information and educate themselves about these issues,” he says.

“After these issues have been brought up over a few occasions, the message gets reinforced, and over time board members will begin to contextualise the issues, and be convinced of the merits of paying greater attention to them.”

Bruce Gordon, managing director, global & corporate, Aon Risk Solutions, says when pitching risk, it is important to separate form and substance.

“Form is about the importance of establishing context. So when formulating a pitch for a board, it is vital to be clear about context, which could be about the industry, it will certainly be about the entity the risk manager represents, and possibly about the business activities,” he says.

“It is also important to talk about the current state [of the situation] and what is the intended future or aspiration and make it easy for the audience, in this case the board, to contextualise what is about to be offered.”

Gordon says when it comes to the substance, or the content, it is a truism to say than when pitching to a board or C-Suite that this substance will need to be charactorised by numbers, and by data.

“However, some risks do not lend themselves to easy quantification and not everything that counts can be counted,” he warns.

David Ralph, head of risk management & compliance, PCCW Limited, says when meeting with the board and senior executives, he has found it most effective to first explain the potential impact of a specific risk.

“The initial focus should be on the possible regulatory risks, and especially any personal liability that may attach to either themselves or to employees of the company,” Ralph says.

“We would also make it clear the other strategic impacts such as possible implications to the company’s reputation, implications that will have a material balance sheet impact or affect the company’s sustainability.”

Ralph says this would be followed by explaining the extent to which the company may be currently exposed, and where available, any peer group events that may indicate the risk is not just theoretical.

“We would then explain the work currently being done to address the risks and finally focus on the outstanding actions and what if anything the either the board or senior management is requested to do in order to reduce the risk to an acceptable and manageable risk, including timeframes, costs, future reporting and potential roadblocks,” Ralph adds.

Preparation tips

So what preparation do risk managers need to do before such a meeting?

Tan says having a risk register that is regularly-updated usually helps with risk pitch preparation.

“It is incumbent on the risk manager to maintain a risk framework , where they list and tabulate key exposures, with details such as likelihood, potential severity and impact etc.,” he says.

“Presenting such a document regularly at board meetings is useful in keeping board members abreast of developments in the firm’s exposures.”

Gordon says when risk managers meet with the board or senior executives they have to treat it as if they were pitching to a prospect.

“That means you have to think through with a great deal of clarity about your audience,” he says.

“What do you want them to think? How do you want them to feel? And what do you want them to do? If you can answer those three questions as part of your preparation, it probably leads you to a much clearer path in terms of the content you should actually be presenting,” Gordon adds.