A common challenge for risk managers is to motivate business managers to continuously identify and mitigate risks. This is particularly demanding in organizations were risk awareness and risk culture is immature.
Most risk managers agree that without the commitment of senior management all efforts are in vain hence the “top-down” approach is a favored method when building risk culture. However combined with monetary incentives on business unit level an even higher rate of change towards a risk mature organization can be achieved. Business units are always seeking to increase margin by lowering costs hence a “penalty” for not following guidelines is always unwanted and generates commitment. Insurance premium allocation is one monetary tool that is commonly used for this.
Risks that aren’t quantified are hard to “sell” to senior management for obvious reasons. Just as business units their delivery is measured on the bottom line of the company’s profit and loss statement. Although not all risk areas are tangible enough to be quantifiable, operational risks typically are. For example a stand still at a sole supplier can cause ripple effects downstream creating substantial internal business interruption. Quantifying the loss of gross profit from that event will give a powerful tool to convince senior management of risk mitigating investments.
A “softer” argument for attracting attention to this important process is to remind business managers of their business goals and that an embedded risk management process helps to protect those business plans. It should be a natural part of the core business processes to take all reasonable actions in order to safeguard promises made to customers.
Risk managers need to have a great deal of patience when building risk culture however as mentioned in this article there are effective tools to be considered as part of these efforts.