'What I wish I knew when I started in risk’

It’s unlikely that 70s band the Faces had risk management in mind when they crooned: “I wish that I knew what I know now, when I was younger.”

It is a valid point for people of most walks of life though, risk managers included. The best education available can only prepare for a proportion of what will be thrown at risk managers during their careers.

This learning curve is exuberated as new regulations, technological developments and corporate practices evolve and, quite often, expand.

With this in mind, StrategicRISK spoke with four risk managers to ask what they wish they knew when they started out in risk.

“That changes every single day,” says Kevin Bates (pictured), group head of risk and insurance, Lendlease and RIMS Australasia president. “It is like asking for your top five movies of all time!

“It will change depending on your mood, situation, problems of the day, although one or two always remain in that top five.”

Bates says his first piece of advice is to remove any ‘anchoring bias’ for what you think is right at any given time.

“Recognise that the surrounding environment will always throw something at you which gives your instincts a challenge. Your core beliefs may remain, but other aspects can and will change,” he says.

“When I consider the most valuable lesson I learned in risk, it is very simply appreciating that when you have multiple stakeholders all with a vested interest in a project or outcome, recognising that 2+2 = 4, but so does 5-1.”

What Bates means by this is that it is important to understand and appreciate different perspectives as that is key to being a measured and well-respected risk professional.

“There is seldom one correct answer, and even if there is, there will always be a vast number of ways to get to that answer,” he says.

Bates says such answers are underpinned by some key attributes that he holds dear.

“Never compromise on quality. My first boss told me that using the phrase ‘that will do’ is a great way to fail. Always give your very best, and never compromise on quality, nor your integrity.

“Ultimately, risk professionals make hard decisions or are asked for advise by the senior most of executives. If you have compromised your integrity or quality along the journey, you will never be in a position to be asked those questions, or if you are, the value of your answers won’t be worth a great deal,” adds Bates.

Gordon Song, head, group risk and internal audit, Lazada Group, says risk management is as much about managing ‘heart-ware’ – such as people, social and cultural norms and bias, emotions – as it is about managing ‘hardware’ – the tangible components such as policies, process, technology and data.

“Risk managers tend to place too much emphasis on the latter (hardware), and that comes as no surprise, because it’s often what you can ‘touch and feel’ that gives comfort, and also often what you get rewarded for,” Song says.

“Risk managers tend to be borne of ‘technical’ disciplines such as finance or engineering, which arguably also result in some skew.”

But Song says there are many examples to show that risk management failures are a direct or indirect result of people failures rather than process failures.

“A classic example that I like to quote is the massive data breach at Target – this is a company that spared no expense in building a world-class security infrastructure and organisation, yet when a threat was detected by the company’s security system, it was this very organisation that failed to respond expediently and effectively to the warning signs,” Song says.

Franck Baron, group general manager risk management and insurance, International SOS and chairman of the Pan-Asia Risk and Insurance Management Association (Parima), says he would have loved to be trained better at soft skills, human dimension and inter-cultural aspects of things when he started out in risk.

“Too much focus is on the hard-core of ERM, such as techniques, stats, frameworks, standards, but not enough on cultures, behaviours and human interactions,” he says.

“I am still fascinating by the prime importance of personal values and cognitive biases when it comes to decision making and the thought process of leaders regarding risks.

“Hence it is critical to risk managers to develop their coaching and mentoring skills,” adds Baron.

Steve Tunstall, chief executive of Inzsure and general secretary of Parima, says that when he considers what he wishes he knew when starting out in risk, he suggests it is useful to know to always put forward three potential options to solve any risk problem to your chief executive or key decision maker.

“One of the solutions should almost always be ‘do nothing’, with the likely consequences of this choice. Don’t have personal ‘skin in the game’ on the outcome of the decision-making process,” adds Tunstall.