“Senior management hate surprises... even good ones!”

Bob Sweeney knows a thing or two about assessing and mitigating risk. He’s been doing just that for global luxury goods retailer DFS Group for more than two decades. During most of that time he has been based in the US, but since late 2012 he has been working out of the company’s Hong Kong headquarters.

With its global shared-services centre and information technology department in Singapore, and with operating divisions across the region, DFS is a truly Asian entity. This means that, as the company’s vice president for risk management, Sweeney has to be cognisant of a host of potential threats and disruptions to his company’s business, in a wide variety of operating environments. He has chosen to deal with this responsibility by looking beyond insurance. “I work with internal audit and internal control to try to better understand what concerns they have with our operations, and a lot of times those concerns really don’t have much to do with insurance,” he says. “But there is risk and, I think fortunately for me in DFS, if the word risk is mentioned, I get drawn into it.

“A lot of the things that are being done have nothing to do with insurance, but have everything to do with mitigating risk.”

“Sometimes I don’t think I know any more than anybody else sitting at that table discussing that particular topic, however, I’m there because somewhere in the body of the description the word risk is mentioned. It’s involved me in some things that are much broader than I would have ever thought I’d be dealing with.” Sweeney says that this has exposed him to “a lot more people within the company, a lot broader risk and a lot of the things that are being done have nothing to do with insurance, but have everything to do with mitigating risk”.

On the level

According to Sweeney, it’s all about taking it to a strategic level. “I’m not just managing the insurance level – my associate risk manager often has more to do with managing the insurance programme on a daily basis. I’m trying to work with others to determine what can really go wrong and how can we address it,” he says. “And it’s not always tangible assets and business interruption. It could be related to security, information or reputation.”

This is central to Sweeney’s view of risk management as a three-tiered entity. “There’s the transaction level, which a lot of people are locked into around the world; there’s the effective, trying to take it from being transactional to operational; then there’s taking it from that level to strategic.” From Sweeney’s perspective, that’s about looking beyond insurance. “Yes, there are a number of things that insurance can address, but the main function of a risk manager besides identifying and assessing risks, is trying to determine how to mitigate that risk and communicating its existence to management so that they’re not caught by surprise. Senior management hate surprises – even good ones – because they figure if they’re learning about a good one there are probably some negative ones out there as well.”

At DFS, that means getting educated about as many processes within the company as possible – from inventory and cash handling, to IT and HR. The trick, as Sweeney sees it, is examining the risks and key controls that are inherent to these processes. “This has allowed me to see how the body of the company works, rather than just one component,” he says. “Initially, trying to get beyond insurance was a pain. It was definitely getting me outside my comfort zone, but it has given me a broader view of the risks of the company, so I think that enables me to be a bit more strategic.”

Strategic perspective

According to Sweeney, effective results come from sitting down with others to determine the disruptive risks that threaten a company’s business, then working out whether there is an insurance solution for these risks. “Maybe there is, maybe there isn’t,” he says. “But I think most important is identifying the things that may happen and then having dialogues with senior management and others who may be able to shed light on issues and allow you to have a more strategic perspective.”

Sweeney firmly believes that every organisation can benefit from investing in developing a good business continuity plan for operations. “That can go a long way towards mitigating the impact [of an event] and enabling a company to be back up and running as quickly as possible,” he explains. “So, while the event itself is a negative, ultimately it could [for a properly prepared company] be turned into a positive, because that company is likely to be the first one back up and operating among all its competitors.”

Regional strength

It’s this kind of strategic planning that Sweeney believes needs to be embraced by more of Asia’s risk-management professionals if they are going to raise the level of value that they’re creating for their companies. “Our business is largely Asia-centric, and from what I’ve seen, risk management is largely transactional [in the region] at this point,” he says. Sweeney is a vice president of the Pan-Asia Risk and Insurance Management Association (Parima), a new organisation that he believes can strengthen the risk-management profession in the region. “That’s really the reason for Parima: to do whatever we can to help the risk-management community to better understand what tools they have and how they can apply that knowledge – and to try to share as much of our knowledge as we can.”

Sweeney also hopes Parima will quickly grow in both size and influence, in tandem with the dynamic growth of Asia. “This is where the economy is really booming and this is where there’s going to be strong, continuing economic development,” he says. “Asia really needs a skilled risk-management community to help it grow.”

Click here to read the second part of our interview with Bob Sweeney