C-suite needs to take a fresh look at risk. Moreover, we need to stop using the term ‘Risk and Security Managers’ and call them what they are – Business leaders.
My message is that risk management is not just about nasty things, but also what business-people really want – opportunity, new markets, enterprise, but this message of ‘nasty’ has clearly been around for at least 24 years. It’s clear that it’s well past time for this to change, but has it got through to our colleagues, and above all to C-suite?
The frustrating truth for those who care passionately about the benefits of risk management is that the subject remains a turn-off for too many board members and other senior executives. Maybe we should look at changing the name, as Risk and Security Managers are and should strive to be Business Leaders. While the profile of risk management is probably higher than ever, it still has negative connotations.
If we are honest with ourselves, we are partly responsible for allowing this misleading perception to develop.
Our message is that a robust risk culture will nourish the entire organization, providing the board with vital information and creating the platform for it to be enterprising and innovative. We would describe this as building the Roads to Resilience; there is a clear link between sound enterprise-wide risk management and commercial success, including long-term profitability.
Business Leaders can be a unifying force, enabling an organization to achieve its ambitions. To be a strategic Risk Manager or a Business Leader is to be an accomplished networker and to have an overview of the enterprise. This means understanding its strengths, its weaknesses, its culture and its objectives. It means using risk management explicitly to support corporate strategy in a positive way and talking and behaving like a businessperson.
My point is this – an executive does not even have to have the words risk or security in their job title to be able to assess, see and manage risk or wellbeing of their teams, projects or board.
So, how do we address the problem of Risk and Security Managers? Is it as simple as changing their titles to Business Leaders? Will this help or improve understanding of risk?
At the heart of the problem is that “risk” is what my old English teacher used to call a lazy word, like “nice”. It is used in so many ways that it loses its power to improve understanding and to change perceptions. People need to make their message relevant and timely, new and nuanced. Simply using the word “risk”, without explaining where it fits into the value chain, can make the message sound old and tired.
I have seen that Risk Managers often shy away from talking about the value of their work because so much of what they do is prevention, rather than sales or investment or protecting wellbeing. The trick is to move beyond something that did not happen and that, in any event, colleagues would rather not think about. Talk instead about the trusted characteristics of a brand that build up over time.
Discussing objectives is a good first step and recognizing that risk and security managers are also business leaders is essential, but it goes even further than that.
These new Business Leaders must align their message with the purpose of the organization; its language, culture and objectives. Telling people that, in the worst-case scenario, the end of the world could be approaching does not win friends or gain you influence.
Young Business Leaders in particular are keen to embrace and indeed help shape the new business world.
We at Al Thuraya Consultancy are working with our customers and organizations like ASIS International to build on their already formidable technical skills, and to prepare for the most senior and strategic risk roles.
At the same time, it is very much in the interest of the C-suite to take a fresh look at risk and changing the perception of Risk and Security Managers to Business Leaders as it can and will become an even greater force for good.