“If there is one thing that is certain in business, it is uncertainty,” Stephen Covey once famously remarked. His words of wisdom are so correct, now more than ever before, amidst the current pandemic that rages on unabated. Entities are getting tested for their resilience and resolve to sustain. If there is one marker that has differentiated enterprises in the mission to survive and bounce back to normalcy, it is their risk management mindset and DNA.
The risk management DNA cannot be acquired or established in a rush after a crisis strikes. Neither can risk management be triggered as a response post a catastrophic event. Setting up a robust risk management framework takes time, and traversing this journey needs the stewardship of risk management professionals.
Enterprise Risk Management — the growing relevance
COSO defines risk as — “the possibility that events will occur and affect the achievement of strategy and business objectives.” Uncertainty is the state of not knowing how or if potential events might manifest. Therefore, the ability to anticipate possible uncertain event occurrences and be prepared with a suitable response creates the foundation for the risk management culture and framework for an entity.
The pandemic has served as a wake-up call to most business entities. Business models and the strategies that worked well in the past have got tested for resilience and relevance. The need for identifying inherent risks embedded within the business strategy and their impact on performance is now getting better understood by business managers. The role of ERM as a tool and framework to manage future strategic uncertainties has gained greater relevance. Therefore, a need is now being felt across organizations to hire or develop specialized risk managers who can steer and guide the journey of setting up or strengthening the ERM framework.
The role of a specialist risk professional
A fundamental tenet of ERM is enabling every business manager to acquire the knowledge of managing risks relating to business decisions and performance outcomes that they can influence. However, there is a need for a distinct role of a specialized and dedicated risk manager who can provide leadership and guidance to the risk governance processes. The job of a risk professional requires skills, which can be honed through experiential learnings and supplemented by undergoing a professional course. It is in this context that the qualification of IRM in Enterprise Risk Management provides a platform and formal knowledge and skill enhancement opportunities for budding risk management professionals.
Supplementing the live risk management experience, the IRM Levels 1 to 5 gives you a Certified Fellow status and takes a risk professional on a pathway towards the role of a Chief Risk Officer.
The evolving role of a Chief Risk Officer (CRO)
A senior leader in the organization, the CRO plays a vital role in shaping up its ERM philosophy, culture, policy, and practices. The CRO is essentially a business manager who specializes in risk management. Therefore, the CRO needs to develop an intricate understanding and appreciation of the mission, vision, and values of the company. A CRO must also demonstrate a deep understanding of the strategy, business model, and environmental aspects relating to their business. The knowledge of risk management concepts, frameworks, and theories are like essential ingredients in the kitchen of a CRO. Like a skilled chef, the CRO needs to know the right risk management ingredients and their correct proportions and toppings to use while integrating ERM with strategy and performance management in their organization.
In addition to the technical subject matter knowledge acquired through the IRM qualifications, the CRO needs to hone and strengthen certain behavioural competencies as well. These include courage and confidence, influence and impact, integrity, ethics and values, innovation and catalyst, building capability, collaborating, and partnering. The code of professional standards in risk management of IRM prescribes and guides the behavioural competency framework.
What do the Boards expect from a CRO?
The Board members of resilient organizations usually create a risk management structure either through a Risk Committee or directly under their oversight. It is in this context that CROs provide independent visibility and perspective on the effectiveness of risk management practices to the Board. The CRO is required to keep the Board informed about the inherent risk profile of the organization, across strategic, operational, and environmental aspects. The CRO is responsible for guiding Board level discussions to establish an appropriate risk appetite profile for their business.
The Board also needs to be kept appraised of the outcome of key risk indicators and the effectiveness of risk mitigation actions implemented by the organization. Developing a good understanding of the residual risk profile of the organization is also vital for the Board so that they can guide the strategy formulation appropriately.
These are sensitive and vital role aspects of any CRO.
The effectiveness of Boards, therefore, gets influenced by the ability of the CRO to drive the ERM agenda. A versatile and hands-on CRO can contribute tremendously to the strategic success of any enterprise. Like a skilled surgeon, the CRO must hone their technical subject matter knowledge by continuous learning and professional education. Risk management skills can get sharpened by learning to apply the concepts in a business environment. Therefore, a pragmatic CRO would focus on both — acquiring a specialized risk management qualification as well as take the lead in their organization to apply their learnings.
Risk management as a subject and concept is poised to gain rapid acceptance across a diverse set of business environments. The risk management profession is like safety seat belts or airbags in a car, whose indispensable utility gets recognized when it matters the most.
It is therefore imperative that the awareness around the role of a robust risk management framework is sufficiently percolated during certain times so that when uncertain times do crystalize, the ability of their organization to deliver on its vision and mission remains unblemished.
Submitted By: Neeraj Basur, FCA, ACS, CMIRM (IRM Level 4 qualified), Chief Financial Officer, Trent Limited