Risk management can be baked into operations, but cookie-cutter approach won't workReprints
SAN DIEGO — Chief risk officers are not for every business: The culture and structure of an organization should dictate the way its risk management is handled.
But however risk professionals are labeled, it's their job to help businesses succeed rather than just avoid risks, a panel of senior risk managers said.
There is no one right way to approach risk management, said Janice Ochenkowski, international director of global risk management at real estate services and investment firm Jones Lang LaSalle Inc. in Chicago.
Jones Lang LaSalle doesn't “dwell a lot on titles,” Ms. Ochenkowski said “we decided very early on we didn't want a chief risk officer.”
Rather, the company's global operating board, comprised of leaders from risk management, legal, finance, human resources and other departments, “has to think about what risk is and how it affects the company,” she said.
“That works for us,” but it wouldn't necessarily work for another organization, Ms. Ochenkowski said. “When you get too wrapped up in the process and how it's going to be packaged, you forget about what you're trying to accomplish and you lose a lot.”
Ms. Ochenkowski was among former Risk & Insurance Management Society Inc. presidents sharing their insights earlier this month during the RIMS annual conference in San Diego.
Rick Roberts, the 2015 RIMS president and director of risk management and employee benefits at Ensign-Bickford Industries Inc. in Simsbury, Connecticut, said he's “split” on the issue of whether the chief risk officer position should be as pervasive as the chief financial officer role.
In industries such as manufacturing, that role likely belongs to the CEO and the CFO, Mr. Roberts said. But a chief risk officer makes “perfect sense” in the finance industry, he said.
A chief risk officer might focus on the “aggregation of risk” in the finance sector, but risks are more clearly owned by business unit heads or the CEO in a manufacturing setting because of the nature of the business, Mr. Roberts added.
“I've seen insurance companies that have multiple (chief risk officers) and I don't understand that,” Mr. Roberts said. “People are starting to abuse it already. It's a title. At the end of the day, we as risk management people own our pieces.”
By focusing on devising a process to identify emerging, existing, operational and strategic risks that are important to the business, “you find the best way to do it within your organization,” Ms. Ochenkowski said.
Regardless, an effective risk manager will understand the risks and inner workings of his or her organization better than almost anyone else, said Scott Clark, risk and benefits officer of Miami-Dade County Public Schools.
It also helps to educate and manage workers “from the ground-up rather than the top-down,” Mr. Clark said.
When it comes to enterprise risk management, the former RIMS presidents said the effort should develop a culture that values working and living safely.
In an example from nearly 20 years ago, Mr. Roberts said he hired a firm to implement a safety program when several workers injured their backs on the job.
“The program had nothing to do with work and it had everything to do with, "Here's how you protect your back,' “ Mr. Roberts said. The safety firm used Cheez Whiz and “chicken bone” metaphors to train workers to move safely.
Even today, Mr. Robert said he “can go out on the shop floor and say, "Cheez Whiz' and they remember.”
Similarly, Ms. Ochenkowski urged risk managers to “ditch the jargon.”
“Don't talk about risks and risk identification and all of those things,” she said. “For example, sit down with the operating engineers,” identify actual losses or near misses and “ask them to help you avoid similar situations.”
At Jones Lang LaSalle, Ms. Ochenkowski said risk professionals identify with different business lines, such as corporate solutions and construction. That identification “allows that risk manager to, first of all, understand the business; secondly, have the business get to know them; and be seen as assistants in solving the business problems.”
Calling risk an “opportunity,” Ms. Ochenkowski said if a business is setting out to do something that's high-risk, “I bet it's because they think they're going to get some good financial reward for it.”
“Any idiot can say no. It takes somebody smarter to come up with a solution,” she said.
“You're not risk exterminators,” Ms. Ochenkowski said. “You're risk managers. If all you ever do is tell your business, "No,' they're going to stop coming to you ... They will not see you as part of the team and they will know that you absolutely don't understand the business. What my risk managers have to do is understand what the risks are and figure out how to make it happen anyway.”