Make Every Employee a Risk Manager

The trend is always as thus: The Chief Risk Officer convenes and facilitates a semi-annual executive risk workshop for business unit heads and the CEO.

At the workshop, each executive makes a presentation about his or her unit’s risk profile, followed by challenges and requests for clarifications. The meetings create visibility about when a risk reported by one business unit might also be experienced by others, sometimes in unexpected ways. Requiring busy executives to spend two days discussing risks sends a powerful signal about the importance of risk management—and line executives’ ownership and accountability for risks. After each executive risk workshop, the Chief Risk Officer prepares a report for the audit committee of the supervisory board, which it then shares and discusses with the entire board.

On the other hand, the employees are embedded in an environment where by the nature of their work, are risk takers. Their risk appetite is amplified by an urgency or impatience to “get the job done,”. A belief that they have all the information they need and therefore don’t need the assistance or interference of others.

Whereas the Chief Risk Officer and his Executives would successfully take the risk management function through an exercise in checking boxes at the board level, this approach can only yield the desired results if in addition to it, a bona fide management process that employees, managers and executives, all embrace risk management, as part of their everyday lives.

Companies ought to know and rapidly become aware of the new-age risks. Take an example. There are more threats emanating for cyber risk and geopolitical risks. How much do employees at our work places know about these?

“In India, knowledge about cybersecurity is increasing and cyber covers being asked for has increased manifold. Many companies are taking war risk cover amid rising geopolitical tensions. People are seeking cover against political risk where they have assets in other countries,” Alok Agarwal, Executive Director, ICICI Lombard General Insurance said at the ?eighth edition of the India Risk Management Awards (IRMA),April 2022.

Agarwal pointed out that in the last four to five years, requirements of industry have been changing dramatically. “Cyber may be the talk of town but things like climate change are affecting everybody. Geopolitical risk is there. We all know about the Saudi Aramco done attack. The tensions around Strait of Hormuz where there is heavy movement of oil tankers resulted in marine insurance cover increase by 50 times. In cyber, the next incident will be different from the previous one. So as in insurance company our product portfolio is definitely changing. In the long term the pace of change might be very fast,” he said. Or if we may ask, do our employees know about the effects of the Ukraine-Russia conflict? Have they bothered to find out about the ever-increasing prices of wheat? Or, have they envisaged the business risks that diseases like Covid-19 and Ebola pose to the business. What have climate change issues got to do with the businesses that employ us? Pondering questions these.

We are all in ?agreement ,certainly, that risk has two characteristics, these being: Uncertainty-an event may or may not happen and Loss- An event has unwanted consequences or losses.

It’s with this background that we need to stress the urge on creating awareness within the staff on risks. “Everybody who is doing something within the organization, for the organization, needs to be a risk manager. There are three things that need to be put in place: awareness, awareness and awareness. You have to make your people aware. The biggest risk-mitigation in place is constant awareness program,”.

Risks have to be written out, understood and formalized and signed off. List each risk and see whether there are mitigating controls. Risk management function should let employess use natural language, and not risk management jargon, that may require them to classify or set a priority for the problems they report or encounter.Let the Chief Risk Officer do the priotizing ,and let the frontline staff ,list the risks as they are.

We need to embrace a culture within the employees of knowing and understanding that Risk assessment should be an ongoing one. Let’s Erase your risk register every year and recreate fresh register. You have to see what the emerging risks are. We sometimes overestimate the pace of change but underestimate the impact of change. So, we need to do the balancing of the two and see what is coming, ahead of time.

While attending the BDO in East Africa Risk management series, in May 2022,Regional CEO ,Sandeep Kaphre, echoed that , “Risks emanating from usage of technology are not static though IT or solutions remains static for a while till new versions comes but the threat remains dynamic. You have to continuously monitor. You cannot prevent everything. The thing you need to do is how soon you can detect and once you detect, the response time to mitigate the risk."

He even added and advised that, employees in organizations, can also interest themselves in watching ?Risk and Fraud themed moves like the following; The Wolf Of Wall Street, Big Short,Inside Job,Noire Finance,How to Rob a Bank ,to mention but a few.This way,every employee would have a grasp of what risk in organisations is about, and pick interest in being a part of implementing the mitigating process.

Make everyone a Risk Manager.

[email protected]