From RAG to ERM: Why RAFM Pros Should Become Chief Risk Officers

I recently attended the Summer RAG conference in London, and was compelled to write up a few of my thoughts regarding the adoption and implementation of Enterprise Risk Management (ERM) across the telecommunications industry. I have to say the RAG was the only conference I have attended that really discussed the risks and challenges that face us both now and in the future.

To start the conference off, there was nothing more poignant than Tony Poulos’ excellent key note presentation, where he simply characterised the existential risks facing the telecommunications industry by presenting two vastly different pictures. The first picture showed a park bench with several senior citizens sat around discussing amongst themselves. The second picture (see above) showed some young, funky, and cool looking teenagers all fully connected to each other via their smartphones, sharing information, music, and pictures through applications. My interpretation of these pictures can be summarised as follows: the first picture portrayed the telecommunications industry in the present day, notably out of date, living in a different era, and completely out of touch with their customer’s needs. While the second picture is where the telcommunications industry actually needs to be: far more innovative, dynamic, and taking on many more risks than they currently do, if they want to survive the next few years.

And it isn’t just Tony Poulos and myself who are saying telcommunications Companies need to take on more risks. There are plenty of industry reports already out there that have been saying the same thing for quite a while now.

So, whilst I was listening to the exceptional presenters and panel guests at this Summer’s RAG, I asked myself three simple questions.

Is there a need for increased investment in ERM?

This seems straight forward. If telecommunications companies want to survive the next few years then they will have to be more innovative and take on more risks. Naturally, if they decide to take on more risks, then they will of course need to invest more in ERM. And for the majority of telecommunications companies, ERM will be something entirely new to them.

There are both negative and positive reasons to increase investment in ERM. For the negative reasons, we have seen how customer data security breaches at TalkTalk, and regulatory non-compliance at MTN Nigeria caused their shareprices to plummet 15-20%, as soon as the news was announced to the markets. For the positive reasons to invest in ERM, a study by Mark Farrell and Ronan Gallagher from Queen’s University Management School in Belfast found the implications of having a high ERM RIMS maturity score increased the valuation of a company by up to 25%.

So the business case to invest in ERM is very clear; having an effective enterprise-wide risk management system can have a major impact on a company’s share price and valuation.

Do telcos need to change where ERM sits in the organisation to give it more authority?

From experience, we generally find that ERM tends to evolve in either Finance, Strategy, or sometimes in Internal Audit because all of these departments collate risks. However, often these teams are working in silos and the overall ERM process is not established or formalized across the organization. As the ERM process matures and is formalized across the organization, then the ERM team needs to have complete independence, and not be part of a function that is also an owner of risk. So, ultimately that means we need to have a Chief Risk Officer (CRO) who reports to the CEO and also directly to the Audit and Risk Committee.

Can ERM be a source of career progression for RAFM professionals?

I believe that ERM can provide the career progression required, as there’s a lot of cross-over skills. Most RAFM professionals also have a very good understanding and exposure to the entire end-to-end business processes in the telco domain. So, this also gives them an extra advantage too. Most of my former line managers and peers have all struggled to progress to the C-level after working in RAFM, because there is not much flexibility in the organization to accommodate them. So, if there is a CRO position available then it could provide that progression for RAFM professionals looking to further their careers.

Lee Scargall
Lee Scargall
Lee is a senior risk management professional. He has extensive experience of managing both ERM and RAFM teams in telcos around the world, having worked for Ooredoo Group, Cable & Wireless and T‑Mobile UK.

Lee earned a PhD in Electrical and Electronic Engineering from the University of Newcastle upon Tyne, UK, for advanced research in to 3G video-telephony.