Culture change is at the heart of successful risk management, but it's a hard
sell for some, says Andrew Smith, author of the article: Add a mantra to your
Risk management has exploded into everyday life. What was previously an obscure
discipline has crept into the mainstream. And whilst the average person in the
street may not be able to nail a definition of risk management to the wall,
from the six o'clock news bulletins they know that business isn't managing it
well, and recent events have not served to improve their perceptions.
If it's your role to tackle risk within your organisation, you, like Mao
Tse-Tung, know that cultural change isn't easy. How do you convince an
organisation running leaner and faster than ever to buy into a whole new
paradigm that comes complete with a raft of new must do's? How do you tell
managers that greater structure and form won't reduce flexibility and slow
their business? That a new method of reporting control performance doesn't
create another layer of bureaucracy?
The reality is that the principles that underpin an effective risk management
campaign are the same as any other project, with all the key elements for
success drawn from the playbook of the talented contemporary manager.
However, to date the focus on risk management has been far more on the
technical side of risk management. The application of the standard, the
identification of the risks and their associated treatments has been the focus
whilst many of the other facets of introducing change to an organisation has
been neglected. Unfortunately engagement with the business has been less
important than risk assessment. The reality is that introducing effective risk
management into an organisation is no different to any other significant change
event in the life of a business. In fact you could argue that it's a little bit
harder. Trying to sell the introduction of better risk management with an
enhanced control framework including a carefully monitored performance
mechanism is not easy, particularly in a climate of dwindling resources and higher levels of
However we need to be honest about our backgrounds and the skills of the risk
and compliance manager. These disciplines until recently have not been part of
the cut and thrust of operational business unit management. Usually the career
trajectories of risk and compliance management have followed developing greater
expertise around their specific disciplines. The more generic skill sets of
general management have simply not been that relevant.
But that is changing. The reality of the new age risk manager is that you are a
change agent. Your role is not one of simply bolting in a more effective
assessment of risk and the improvement of the controls around those risks. The
proficient risk manager is now a leader, a change agent skilled in planning,
communication, empowerment, situational leadership and well versed in the
science of risk management.
AplusA-online.de - Source: SAI Global