Being a Risk Manager is, by its definition, not an all-safe-and-stable job; there are many challenges to be handled and a variety of decisions to be made that will determine the future of the company. Alexander Larsen, President of Baldwin Global Risk Services Ltd., has a profound experience in risk management, and he was awarded “Risk Manager of the Year for Middle East and Africa” by a panel of risk experts on behalf of Strategic Risk and Global Reinsurance Magazines in October 2016. He will speak at ComRisk 2017.
In October 2016, you received the “Risk Manager of the Year for Middle East and Africa Award” by a panel of risk experts on behalf of Strategic Risk and Global Reinsurance Magazines. What would you consider as the core of your success?
It probably all comes down to being adaptable to each organisation; Risk Managers, and probably those on the panel, know that it is imperative to approach each organisation differently, because different organisations have, for example, different reporting lines and different departmental influences as well as different cultures.
I was working in Iraq, for a Russian company, where the cultural, linguistic, and political environment posed interesting and stressful challenges to me, both at a business, and at a personal level. Nevertheless, being flexible enough rendered me able to overcome these challenges and build an effective risk culture, reaching a point where my advice was being requested as opposed to me having to chase departments for information. As a result of the positive risk management being undertaken at the ground level and the efforts we put in to reporting, it was eventually embraced by top management who understood the value of understanding the risks and having the full picture for decision making.
“It probably all comes down to being adaptable to each organisation.”
I never go in to an organisation with a “this is how you do it”-attitude, I always try to understand the organisation, and build a risk culture around what is already in place, without having to add too many extra processes. It needs to be easy for people to adopt, they need to have input into the process and they need to see benefits.
How do you set up a risk culture from scratch?
First of all, a risk manager has to understand the uniqueness of each organisation and build on the basis of that. Different organisations have different levels of risk averseness; some of them are naturally risk-averse, others are risk takers. Therefore, a risk manager should look at the organisation as a start. Secondly, it would be useful to look at risk maturity and create a matrix of it. You could then create various categories that need to meet levels of maturity, and risk culture is one of those categories.
A risk Maturity matrix allows you to build your maturity over time and you can use it as a roadmap and even as a way to sell risk management to the board. Resource can also be included within the matrix to indicate what resources would be needed in order to meet various levels of maturity over a specific time period.
“The problem many organisations have is that they want to be risk mature overnight.”
The problem many organisations have is that they want to be risk mature overnight. Statoil are probably one of the most risk mature organisations in the world with an outstanding risk culture; some of the procedures, tools and technologies that are being talked about now, Statoil had been implemented back in the 80s. This culture took decades to build and they had the added advantage of the societal country-culture of Norway, the mother-country of Statoil, which promotes a socially-bonded and responsible way of living which already embraces risk management. It is therefore unrealistic for Organisations, who may only be starting out on their risk management journey, or who may have a business or societal culture that is more resistant to risk management, to expect to achieve Statoil level of maturity, at least not in a short period of time. It is therefore better to aim for levels or steps to achieving it.
The risk maturity matrix might include categories such as: risk governance, identification of risk, prioritisation of risk, (mitigating) actions, reporting, infrastructure, business continuity, risk culture, partnerships, and supply chain.
All of the above are the key categories, and then there can be anything from three to
five levels with labels such as:
1) you have nothing in place
2) very immature, but some arrangements are in place
3) risk management is established
4) risk management is embedded
Within each level for each category, there will be requirements needed to be met in order to step up to the next level.
Interested in staying up-to-date with the current market trends pertaining to the commodity industry? Join this year’s ComRisk 2017 and find out!
Book your FREE place as an end user here.
Register as a service provider here.