Why do C-Level executives fail to align risk management with their corporate objectives? Part 2

Written by Chizubel Egwudo

Part 1 of this article discussed the limitations of many companies not giving sufficient consideration to risk management when embarking on major initiatives. The first 3 research findings were discussed in detailed and summarized here as follows

  1. Limited understanding of the subject matter, risk management.
  2. Misalignment or non-alignment of Corporate Objectives to risk.
  3. Spend to resolve.

The fourth finding, a’ heavy reliance on bottom up led risk management’, is discussed in detail below.

4. Company executive’s heavy reliance on bottom up led risk management but unable to provide top down direction for risk management. This is the case of putting the ‘cart before the horse’. Who should be leading the organization’s directive on risk management? Certainly not the risk managers or the risk function! Every executive and board level or senior leadership team member should have an adequate knowledge and experience of risk management in order to help their organization thrive with fewer shocks that could have an impact on the business goals, revenue or profit.

In addition, C-Level executives are responsible, with the help of the Chief Risk Officer who also sits at that level, for defining and establishing the risk appetite for the organization. This can be achieved more accurately when senior executives understand their risk profile. With the support of the Chief Risk Officer or Risk Director, he or she would be able to influence their peers to ensure that the corporate strategy/objectives of the business will be aligned with the risk management framework, as long as he or she remains independent of the board while carrying out board level duties.

These challenges can be easily turned around to positive outcomes that are measurable. Company executives need to start thinking ‘outside of the box’ and not stick with age old tradition that risk management is just another piece of work that needs to be done by someone else in the organization to tick that box of due diligence.  Far from that! Companies are meant to deliver value to its staff, clients, customers, the community, the economy if it is all rolled up (aggregation of risk), not create economic disruption in any of these capacities due to poor performance of risk management or lack of alignment to its objectives. As with building a house, every brick plays a vital part in ensuring the house is solid, right from the ones laid in the foundation to the ones at roof level.

 A set of well-defined and realistic objectives set by a company will not produce the  benefits required without an implementable risk management framework.

Risk management is a vital set of bricks and cement responsible for the solidity of every SMLE (Small Medium Large Enterprise) When done properly, risk management creates measurable benefits. So:

  1. Work with risk practitioners who will help shape the strategy of your business by keeping risk management in focus. Risk Practitioners have better experience at delivering the benefits risk management should far better than ‘big’ consultancy firms. This will reduce cost as one risk practitioner or two in most cases will deliver measurable benefits of ‘multitudes of headcount’ put on client sites by most consultancy firms. As part of the research we conducted, we found that benefits delivered by large consultancy firms is in most cases far less than the cost paid to recruit these consultancy firms, if of course the benefits can be measured in the first place.
  2. Trust the judgement of your risk practitioner if you have one. If you don’t have one, find one not just a risk manager. There is a difference between a risk practitioner and a risk manager. As me later…
  3. Ensure risk management objective is clearly mapped out at the beginning of each financial year and it is aligned with the overall objectives and strategy of the company at all tiers of the business.
  4. Ensure the CRO, Director of Risk, Head of Risk has complete oversight of the business and acts in that capability. When heads of risks lose independence and are drawn into bureaucratic activities, they lose the ability to direct the business and inform the board objectively.
  5. Keep it simple! Risk Management is not rocket science. It is actually fun and easy but you need to know how to use it just like any toy to derive the benefit or joy it gives.

A set of well-defined and realistic objectives set by a company will not produce the  benefits required without an implementable risk management framework.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s