Effective risk management cultures do these 4 things: A risk expert explains

Firefighter, investigator, diplomat, agony aunt. That’s how Bahare Heywood, the first ever Chief Risk Officer (CRO) at global law firm Clifford Chance, describes the role of Chief Risk Officer. (A senior colleague has even added “ghostbuster” to that list, telling her: “I don’t do anything without calling you first.”)

This role is designed to ensure companies have the systems, frameworks and culture in place to identify, assess and monitor big challenges ahead. It’s a function that’s become all the more important as emerging risks grow at “turbo speeds”, making the risk landscape ever more complex as leaders assess the impact of everything from he climate crisis to geopolitical instability.

Heywood spoke to the Forum this July for our Meet The Leader podcast, timed to the inaugural publication of the The World Economic Forum’s Global Chief Risk Officers Outlook. This mid-year check-in takes the pulse of risk officers around the world to better understand what businesses should worry most about in the next six months.

Of course, tackling those priorities is not possible without a company culture designed to manage risk. In these excerpts from the full interview, Heywoord shares her perspective on the ingredients all risk management cultures need to be successful.

Embrace structure – and a framework

Risk officers develop frameworks that can help you understand “what you care about and what you don’t care about”, Heywood says.

She advises CROs to “think about creating a mechanism, a methodology, a structure to help you most effectively identify, assess and manage your risks … but it doesn’t have to be fancy.

“What you do need is to really create something which allows you to be able to understand where the risks are in your business and actually what the impact is of those risks on your business,” she adds.

“A framework allows you to have a bit of structure around the methodology, if you will, around how you do this.”

At its most simplistic level, “risk management is basically an action plan, a shopping list of things that you really need to get done to address risk”.

Listen – and build a speak-up culture for effective risk management

Risk officers are often the go-to person when there’s a problem, says Heywood,

These problems could be strategic or something really small, but ensuring teams have someone to go with these issues, for steers and solutions, is critical. Such conversations, in fact, are often the lifeblood of Heywood’s work.

“Without knowing what’s going on,” said Heywood, “I can’t really advise my business. I don’t really understand the issues.

Giving people the space to have a “speak-up culture,” she says, will ensure you can tackle problems as they arise and get ahead of clouds on the horizon. “The key to getting insight into the organization is the information that comes to me and it’s usually unsolicited,”

This requires building trust throughout an organization by interacting with people, getting involved in conversations and understanding what’s going on in your business, said Heywood, “If you build the right kind of relationships within your organization, you can very quickly start to add value.”

She added: “When you start to see people coming to you, to help with solutions, you know you’re on the right track.”

Get teams engaged – and accountable

Effective risk management requires getting teams interested in educating themselves and others about potential threats and opportunities. This ensures buy-in for co-creating solutions and avoids situations where one person is talking at (and not with) the rest of the team.

Heywood helped boost engagement by making each member of their Executive Leadership Group (the equivalent of a board in other organizations) accountable and responsible for one of the global risks.

Each was assigned a risk and needed to present their risk to the rest of of the group. “And at this point, they started to pay attention,” said Heywood. “I was getting phone calls saying, ‘Should we meet up and talk about that risk?’

“Then I got them to challenge each other on the risks. It created a virtuous cycle of them being interested, because not only were they responsible, but they were actually presenting the risks themselves. They needed to know what they were talking about and colleagues were challenging them on what they were saying.”

“That for me was quite a critical moment,” says Heywood.

Staying informed, up-to-date, and proactive

Risk professionals must be proactive for successful risk management and key to that is keeping informed and up-to-date with your sector.

It’s important to dedicate time to keeping up with the shifts because “they are happening very, very quickly,” said Heywood.

She reads publications that give her a range of perspectives — both a broad sense of the economic and geopolitcal changes on the horizon, as well as publications specific to the legal profession.

Keeping up with how technologies are changing – and how they will impact your sector — is especially important.

The CROs surveyed for the Outlook report all considered the development and deployment of AI to be “outpacing” management of the ethical and regulatory risks it poses.

“As a risk professional, you cannot properly have an insight into the risks of your business if you don’t understand technology – everything we do is going to be led by technology.”

Don’t forget speaking to experts in person to get insights first hand. “Go away and talk to your CIO, talk to your IT colleagues, and really make sure you understand how technology works and how it impacts your business.”

Source: World Economic forum

Digiqole Ad