Being a Risk Manager is, by its definition, not an all-safe-and-stable job; there are many challenges to be handled and a variety of decisions to be made that will determine the future of the company. Alexander Larsen, President of Baldwin Global Risk Services Ltd., has a profound experience in risk management, and he was awarded “Risk Manager of the Year for Middle East and Africa” by a panel of risk experts on behalf of Strategic Risk and Global Reinsurance Magazines in October 2016. He will speak at ComRisk 2017.
With a tighter climate of compliance/regulation as well as volatile environmental factors, risk managers are more pressed for time than ever -- Why is it important to stay up-to-date with the industry if so?
Staying up to date with the industry is, first of all, staying up to date with the regulations, in order to avoid fines and to keep your reputation intact. More importantly, though, staying up to date with risk management processes and new approaches can often lead to very significant improvements in your risk management programme. For example, technologies such as the cloud and social media, may allow you to build more effective business continuity plans or risk management programmes. As an example, such technologies allow you to have an internal social media tool, which paves the way for transparency. I recommend that you watch the film Deep Water Horizon , which is about the Gulf of Mexico oil spill. In this film, risk management failed because, although they identified the risk, there was no transparent way for people to escalate that risk: to report that risk to people of higher level or to independent parties within the company.
“When you see where people are at, you might be able to see new and more appropriate practices that are being adopted and are more effective, and you could be able to apply them to your organisation.”
This communication gap applies to everything: from the supply chain to banks and the financial crisis. When there is no join-up approach, you end up doing risk management in silos. So that’s the real perk of keeping up with the industry: when you see where people are at, you might be able to see new and more appropriate practices that are being adopted and are more effective, and you could be able to apply them to your organisation. Risk management is still in its infancy, it is not well-established yet, compared to the health and safety profession which have been around for two hundred years for example. It is therefore only natural that we should be sharing knowledge and experiences both internally (in order to build a risk culture and communicate risk across the organisation) and externally (in order to share your best practices or new approaches with other risk managers).
At ComRisk 2017 you will participate in a panel regarding ways to develop an effective risk and compliance corporate culture. Could you please give us a brief summary of the points that you will raise?
When it comes to compliance, what is usually implied is a “stick” approach which can often lead to a “tick box exercise”, translated into “you must do this”. In my view, we should focus more on the fact that we get some major benefits from undertaking risk management, and this just happens to comply with regulations. For example, regarding ISO 31000 standard on risk management: people like to say that they follow it. That’s something very good to do and a useful starting tool. Nevertheless, most successful risk management organisations implement their own risk management approach which just so happens to not only meet, but to exceed the ISO 31000 regulations. ISO regulations are, indeed, a tool, but a very diluted tool, because people from different nations wanted to come to a consensus regarding them and therefore it should only be looked upon as a starting point rather than an end target.
“Companies weak on risk procedures and policies but strong on risk culture will usually outperform in effectiveness, companies that are strong in risk procedures but weak in risk culture.”
Going back to the benefits of risk management, one of the many examples I like to use is Dell computers turning risk into opportunity. They had identified a port strike risk, and when the strike happened, whilst rivals floundered and were unable to meet orders, Dell were prepared and continued their business as usual. As a result their reputation soared and overnight they became one of the largest computer manufacturers in the world.
Risk management, therefore, should not be a static process, but part of the company culture. When a new project or initiative is proposed or launched, its risk should be identified and reported to the manager, in order for better decisions to be made and for opportunities to be maximised. Companies weak on risk procedures and policies but strong on risk culture will usually outperform in effectiveness, companies that are strong in risk procedures but weak in risk culture. Compliance is important but focusing on it will switch people off. An effective culture will only be built when value is created and communicated. “what's in it for us”.
Interested in staying up-to-date with the current market trends pertaining to the commodity industry? Join this year’s ComRisk 2017 and find out!
Book your FREE place as an end user here.
Register as a service provider here.