A recent article in StrategicRISK asks “Why are some risk managers being ignored by their board?” Written by Eamonn Cunningham, former Chief Risk Officer at Scentre Group and Westfield, the piece lays plenty of blame on the risk managers themselves:
It all starts with the language the risk manager uses and the alliances they form. They need to engineer those small wins as they will be the catalyst for greater opportunities for the risk manager to shine and demonstrate the value add they can bring to the organisation. They must seek out these opportunities and have a commercially focussed, mature level dialogue with board members – particularly the chairman of the board’s risk management committee, if there is one.
This sounds a lot like my experience of building the case for risk management in telcos. Instead of trying to address every risk, it is more effective to accumulate a track record of success, even if it means concentrating on winning small victories in the beginning, and ignoring some of the bigger issues that the business has. Every time risk managers prove their worth, even if it involves a minor gain, they demonstrate they are a benefit to their fellow managers. Being wanted by your peers in the management team is far better than relying on the bugbear of ‘compliance’ to force yourself upon them.
Per Cunningham’s arguments, operational risk areas like revenue assurance are ideally placed to following his advice:
…get those initial quick wins. Then using enterprise risk management concepts, move into other risk areas.
But do we want to move into those other risk areas? I fear some of us do not. Having found a niche, we may prefer the comfort of remaining within it. That is easier than taking on the stress associated with different challenges. The same stress can also help us to grow as individuals, and make us more valuable because we are more adaptable.
Ultimately the choice is between the risk of making a big noise, or keeping quiet. Those who are ignored may be allowed to continue their work in peace, until somebody questions if it is necessary. Those who draw attention to themselves risk highlighting their failings. The difference depends on confidence. Excessive confidence can lead to risky behavior, so it is understandable that risk managers should be conservative in their estimation of their abilities. On the other hand, a risk manager who lacks confidence in their own abilities is a risk to themselves. Those who have little confidence in themselves, and so avoid the limelight, are unlikely to inspire confidence in others.