Dealing with the c-suite is becoming one of the most critical components of a risk manager’s job. And to play a bigger role in their companies, risk managers need to develop critical soft skills, says François Malan, chief risk officer at Nexity
The risk management profession is changing because companies are facing a lot of new and complex threats – cyber, climate change and other business interruption risks.
No longer can risk managers assume the role of ‘expert on risk and insurance’, this is important, but they must also develop the right soft skills. And how easy this is to do will depend on the personality of the risk manager and their willingness to adapt and learn.
One of the most important skills is the ability to oversee and manage various departments and finding ways to break down siloes and get teams working together.
There will often be several departments in one company who have some responsibility for dealing with these complex risks – from legal, compliance and health and safety to human resources.
Risk managers need to act as co-ordinators, bringing together several functions so that they can obtain a truly holistic view of the company’s risk profile.
Risk managers need to get an overarching view of the risks, co-ordinate the various teams, not just for the purpose of effective risk management, but so they can present one clear picture to the top management. It’s vital that risk managers create a risk aware culture throughout the business. And to successfully achieve this, goes back to my first point of developing the right soft skills.
Risk managers need to get better at marketing and communicating risks. They must find ways to convince stakeholders that they’re not just the owners of risk but are exist to improve risk management throughout the organisation.
Risk managers need to be courageous with this. They need to monitor and evaluate risks but also challenge stakeholders and top management.
Dealing with the c-suite is rapidly becoming one of the most critical components of a risk managers job, particularly given the high-profile of emerging risks.
So, risk managers need to be more strategic and to find ways to present granular risks in a way that’s holistic, relevant and useful to the board. They need to build a dashboards or create something simple, clear and then market and promote it in the right way.
Good key risk indicators could help. But risk managers can’t just follow other companies. They must adapt existing indicators to match the risk profile of their organisation and use them to develop and report on their risk management strategy.
And these top-level discussions need to happen regularly. It is not enough to meet with the board once a year.
Risks evolve rapidly and so risk managers should be updating senior executives at least quarterly to show the changing threats the business is facing.
For their part, the c-suite also need to consider risks more seriously because they are liable when something goes wrong.
And we’re starting to see this happen. Risk management is increasingly seen and discussed at board level. Senior management want to know how the organisation is dealing with these risks. They don’t want to go into all the details, but they need to have the reassurance that risks are being well managed. They’re asking questions about cyber risk, business continuity, and we can’t forget the old risks –fire, flood and other traditional risks.
Senior managers are more aware of the importance of risk management and want to be kept informed, partly because they understand the business costs if things go wrong.
Most of all, risk managers need to evolve to ensure they are ready for these questions and prepared to answer them in a way that makes sense at board level.