The Enterprise Risk Manager's Path To Success

In the aftermath of Sarbanes/Oxley, the position of the Enterprise Risk Manager was created. Seemingly a thankless job, the enterprise risk manager is to oversee the entire institution's risk profile. The conflict with existing risk management and containment functions, such as credit administration, operations, fraud prevention, is apparent. These departments have existed for years, dealing hands-on with the management of a specific type of risk; what business does an enterprise risk manager have looking over their shoulder?

AS difficult as the job is, it is not a path to failure. Here are some thoughts from twenty or so risk managers who attended our Risk Management Forum on where the "win-win"s exist.

  1. The first order of business is to build personal relationships with division and department heads. Knowing each other is the best way to build credibility and jointly establish the rules of the road that will best serve everyone.
  2. Most risk managers participate in executive management meetings. They are best served if they act as corporate executives during these meetings, rather than "the risk czar". Putting their corporate executive hat on, they do not harp upon the risk aspect of every operation, but rather look at the enterprise like their peers do, with a clear business perspective. Risk-return tradeoffs are an integral part of that perspective, but not the only driver.
  3. Show how you can add value to your "clients". Most risk managers are experienced bank executives who functioned in other risk management roles or line positions in their past. They have much to offer many lines of business. By adding value, the risk manager can become an alley, not an enemy.
  4. Tone from the top always make a huge difference. It starts from the implicit support of the CEO through the position's placement among the executive management team. A seat at the table is a credibility winner.
  5. "We're from Corporate and we're here to help" isn't a winning line. One way to overcome the initial resistance and suspicion that naturally accompany seeing someone else poking around your business is to seek their advice as to how to make your position successful. Your biggest detractors can be most helpful in spelling out what is your best path to success. Mobilize them to your side by showing them that you don't have a direct line to God through asking them for advice and counsel.
  6. Empathize. Empathy doesn't imply agreement; it only means understanding and support. Everyone is short staffed these days, and the additional requirements of Sarbanes/Oxley and other compliance issues stretch most organizations. The risk manager's job puts additional strain on the entire organization, but it's a necessary and beneficial strain. Therefore, empathy is appropriate but not acquiescence. In addition, when the risk manager works very hard to help the various departments achieve the necessary compliance, the feeling of "we're in this together" emerges. Instead of you vs. them, this becomes a joint effort where the risk manager is an important and supportive resource.
  7. Take the business view and make the business case for your initiatives. Others within the company are subjected to such scrutiny; there is no reason why Risk Management shouldn't adopt the same decision making discipline in prioritizing and staffing its requirements.
  8. Show tangible benefits. There are many financial and other benefits to your work. Demonstrate them clearly and specifically to gain further acceptance and "earn your wings" as a value-add manager.
  9. Treat everyone as a customer. While you are a senior executive, it is still your job to "sell" your approach to risk management. Treat your peers and department heads as customers. Sell them like you would an external customer, and you all will gain from such approach.
  10. Provide positive feedback and recognize people with their supervisors. People are working very hard to help you achieve management's definition of an appropriate risk profile for the organization. Recognition goes a long way to reward the people who helped you, especially with their superiors.

    Enterprise risk management need not be purely a compliance function. It can add much value to the organization's bottom line, but only if the Risk manager is perceived as a true partner to both line and staff functions.