Tag Archives: risk leader

10 Building Blocks for Risk Leaders (Part 3)

Important things in life are not easily reduced to 10 easy steps. Nevertheless, this series provides a list of 10 building blocks to achieving long-term success in risk management from someone who has spent more than 25 years striving to carve out the most satisfying career possible, while never losing sight of the attributes attached to the bigger picture. Part 1 is here, and Part 2 is here. This is Part 3 in the series:

5. Racking Up Points with Senior Managers

The points that risk managers offer up are not always creditable “points” in the eyes of senior managers. To be so, they should be tied to the things that matter most to the organization and that can be traced, at least indirectly, to mission accomplishment. In other words, what matters most is contributing to the success of the enterprise—not just reducing the cost of risk, which is the longstanding focus of many traditional risk managers. That is not to say that reducing the cost of risk is not important or that it doesn’t contribute to organizational success. It does, especially where the total cost of risk (TCOR) is a material factor in total expense. Yet, to be recognized as making a significant contribution to the success of the enterprise, risk management practitioners must find a way to connect more directly to the successful delivery of strategic priorities, by supporting the objectives that underlie them. It’s about putting the right points on the board and, as a result, being seen as more relevant to strategic imperatives.

This is often easier said than done. Among the challenges are questions about whether the risk management employee has the qualifications and expertise to successfully contribute. The risk management employee often faces retorts like these: “Don’t we already account for risk (often called business challenges by planners) when we set the plans?” “This risk input is not translatable for purposes of plan development and is therefore not helpful.” “There is no time to conduct the assessments and measurements of relevant risks that would allow risk inputs to be properly considered.” “Our C-Suite sees no substantive reason to open the process up to more contributors when time is often of the essence and the dialogue is reserved for only the true strategists in the enterprise.”


The chart above, from The Global CFO Study 2008: Balancing Risk and Performance Within an Integrated Finance Organization, reflects that risk managers, even chief risk officers, are perceived by chief financial officers as more tactical in mindset than strategic.

Never fear: Perceptions can be changed .

This article is not intended to provide all the answers to barriers to entry and success in collaborating with planning. However, it is intended to emphasize the importance of this collaboration and the critical need for all risk leaders who aspire to true relevance and influence to spend the political capital necessary to knock these barriers down or at least minimize them. The bottom line is that the only reason corporate goals and objectives are not met is that one or more risks have not been properly identified and managed. That makes risk management a critical component of organizational success.

6. Establishing Yourself as Essential to Others’ Success

Risk management stakeholders can’t succeed without the right risk strategy and, most particularly, the right risk leader who understands their priorities and knows how to build relationships of mutual benefit. And, risk leaders can’t succeed without successful stakeholders. Unfortunately, relationship-building has not generally been a strong suit of many risk managers, myself included (early in my career). Risk employees who move out of their comfort zone will discover this is the key tactic to use in building these relationships. Staying in traditional roles is ultimately a strategy doomed to keep you in a rut.

Even when dealing with hazard or traditional risks, it is no longer possible to do the job with excellence while staying in that comfort zone. All the many forces of culture and the challenges of the business will eventually shine a bright light on risk management personnel and their contributions, or lack thereof, to the organiza- tion’s success.

While reducing the cost of risk and bringing home expense reductions is important to most competitive enterprises, it is less important for those that are flush with profits and cash. So, it is important not to get myopic about the cost of risk as a key measure of success. Consider what others things define and drive organizational success, and figure out how to connect to them.

It is only through collaborating with risk stakeholders and showing them the value that risk leaders bring to the table that long-term success will be achieved. Spend the time to reach out to stakeholders, learn their exposures and gain sufficient knowledge about how they manage these exposures and their priorities. That way, risk leaders learn when to challenge an assessment that doesn’t look quite right and can do so with the risk intelligence and personal gravitas necessary to earn confidence. By helping owners effectively manage the risks that directly affect their own success, risk personnel will be welcomed to the team as their “street cred” is established and acknowledged.

10 Building Blocks for Risk Leaders (Part 1)

Important things in life are not easily reduced to 10 easy steps. Nevertheless, this series provides a list of 10 building blocks to achieving long-term success in risk management from someone who has spent more than 25 years striving to carve out the most satisfying career possible, while never losing sight of the attributes attached to the bigger picture.

1. Many Good Places to Start

Over the years, many people have asked me how they can break into risk management. They see the potential from a distance and have a sense that risk management just might be a better career. Oftentimes, these folks are working within the insurance industry: in claims, loss control, underwriting or brokerage. Interestingly, many in the insurance industry believe that transferring their skills to risk management for a company in a particular industry would be difficult at best. And there has been a parallel mindset within some industries that risk managers should have a background in their particular industry to be successful.

The belief that any risk leader, especially a risk manager, must come from within the industry has been most common in the manufacturing and healthcare sectors. Proponents of this belief argue that their industry is just too special to have a mid-to-senior-level manager come from another industry, that they should not have to train such a manager or even that their industry could not be learned by those coming from other industries. Needless to say, I disagree vehemently with this position. Happily, in the last five years, a few progressive leaders in certain industries, such as healthcare, are beginning to revise their strategies toward actually requiring the new eyes, ears and perspectives that come from a diversity of experiences.

There are many good places to start a career in the field of risk management. Risk leaders come from all stripes, with a large variety of different starting points. Ultimately, they succeed or fail for reasons that go far beyond where they got their start.

2. Educational Strategy

Conversations with my team members about their development have frequently revolved around understanding precisely what educational credentials were necessary to “get the boss’s job.” There are as many answers to this question as there are aspirants to risk leadership positions. I know of no two colleagues whose preparatory or continuing educational profiles are exactly the same—and that’s a good thing . Nevertheless, the question of what educational strategy should be followed to achieve leadership roles in risk management is a valid one.

The first challenge in answering this question is the fact that the risk management function may be part of different departments in different organizations. While reporting patterns have shifted over the years, the risk management function sits most often in the finance area, whether in public, private or nonprofit companies or even governmental and educational entities. The next most common reporting structure has typically been the legal department. From there, the risk management function can and does end up reporting just about anywhere—often because the firm’s management does not understand enough about it to know where it rightly belongs. In some cases, placement of the risk management function is (wrongly, in my opinion) tied to the organization’s risk profile. For example, a real estate company with a large property exposure may place risk management in the property acquisition department. Risk management practitioners may land in any number of odd places as a result.

Where the risk management function is placed in the organizational structure naturally influences the educational requirements imposed in the hiring process, as well as the expectations of hiring managers. For example, if risk management sits in the finance department, there may be subtle to obvious pressures for that applicant to have a similar educational background to the rest of the finance team. This would include a business undergraduate degree and finance-focused master of business administration (MBA), as well as continuing education that might include becoming a certified public accountant (CPA), chartered financial analyst (CFA), etc.

It is generally desirable for risk management employees to continue to report to the finance department over time, especially if they aspire to move out of risk management and into the treasurer, controller or chief financial officer positions. Risk management personnel who find themselves situated in the legal department may find their future opportunities limited and sometimes stifled completely. (Those lawyers can be quite a clubby group.)

Unfortunately, it’s highly unlikely risk management employees will be able to predict who’ll they’ll be reporting to next year, let alone five years from now. So, this factor should not drive educational strategies. On the one hand, risk is so heavily influenced by and intertwined with financial aspects of enterprises that having a financial educational background will usually prove helpful to the employee’s—and the department’s—future effectiveness. And, while a general counsel who has risk management reporting to her may prefer a lawyer for all areas of responsibility, the smarter ones will know that a broader skill set—including financial savvy—will be helpful to the department as a whole.

On the other hand, an argument can be made for going the legal education route. A significant part of a risk manager’s responsibility is tied to civil legal matters. People often confuse experienced risk management practitioners with lawyers, as they’ve had to learn so much about the law to succeed. And certain risk management roles, especially in the claims management area, are so involved with legal tasks that legal education is highly valued.

So, what is the best long-term educational strategy? Consider what group of skills and knowledge make risk managers successful. In my experience, those skills include various levels of acumen in finance, law, audit, compliance and operations. This is not to say that education in other specialties would not be helpful, because some risk exposure emanates from every part of an organization. A broad business management education tends to be the most useful for long-term success. And don’t neglect continuing education as a lifelong pursuit. Acquiring specialist designations deepens the knowledge base needed to excel, and these are always worth pursuing .