January 11, 2012 Posted by admin 5 Comments
Many organisations employ a person with the title, “Risk Manager”. The Risk Management Institution of Australasia (RMIA) often refers to people employed in organisations to support the risk management process as “Risk Managers”. It even has an annual award titled, “Risk Manager of the Year”, presented to persons employed in organisations to support the risk management function. This paper explores the relationship between the actual risk manager (the person who takes and manages risk) and the support roles assisting this function; i.e., “Risk Manager” and “Risk Adviser”. It also examines the role of the Risk Management Institution of Australasia in the discipline of risk management.
The “Risk Manager” role supports the actual risk takers in the business, i.e., those people in the organisation that are responsible for managing risk in the delivery of their business objectives. When organisations employ support functions and place the title of the role as “Risk Manager”, confusion reigns and a lack of clarity is generated around “who does what?”
Organisations are challenged due to the general understanding that a “Manager” of a process or function (i.e., finance; information technology; engineering; asset management; human resources etc.) is responsible for outcomes in the department or business processes for which they are accountable. When applying the title, “Risk Manager” to a role which supports risk management, this generates a false understanding that such people are actually responsible for managing business or organisational risk. The problem is compounded when there are many different combinations of words used to describe such support roles i.e., Manager Risk and Compliance, Security Risk Officer, Health and Safety Risk Officer, Chief Risk Officer etc.
The actual managers of risk are those people whose roles involve taking risks and adding value to their organisations, not the support roles which espouse the use of neat models, diagrams and processes to assist the risk takers. A person who has neither worked in a senior strategic management role, nor run a business or enterprise has very little experience in actual risk taking, and therefore “risk management”. This problem is compounded when the “Risk Manager” works in the public service or local government sector where often the tenure of their position is guaranteed (or at least secure) and where the person has no experience in business “risk-taking”.
Then there is the role of “Risk Adviser” who advises organisations on the risk management function, processes and activities. An adviser is normally a person with deeper knowledge in a specific area i.e. a specialist. A “Risk Adviser” may be an internal role or one who is contracted to the organisation to provide specialised skills and advice.
In the context of the external, independent “Adviser”, it is the specialised skills and impartiality that adds value to the client who pays for such advice. The person who fills this role is the consultant. A consultant is usually an expert or a professional in a specific field and has a wide knowledge of the subject matter (Pieter P. Tordoir (1995). The professional knowledge economy: the management and integration services in business organisations.). A consultant usually works for a consultancy firm or is self-employed, and engages with multiple clients.
The independent consultant is a true risk manager as they manage their own business with all the risks associated with the uncertainty of cashflow, management of resources to support the business, (time, capital, staff) and strategic decision-making to ensure their services meet market demand. This is carried out whilst considering market and competitive forces as well as monitoring trends to ensure relevance of their role in the broader risk management profession whilst also ensuring the success of their own enterprise or business.
The role of “Risk Adviser” (particularly consultant) is the most well-equipped to provide strategic risk management advice to business as they have the skills and experience in making such decisions. In addition, they are required to hold specialist risk management skills in order to “add value to their clients’ business” (one of the key principles of AS/NZS ISO 31000:2009, Risk management – Principles and guidelines). This role also assists the Board of a company to define and establish its risk appetite and risk tolerance position as the independent “Risk Adviser” performs this function in their own business. An employee in an organisation with the title “Risk Manager” actually knows very little about risk appetite as they generally are not involved in strategic decision-making and therefore do not risk their organisation’s financial capital. The advice they provide to their executive team or Board is based on their reading and understanding of the risk management literature (including the risk management Standard), formal education, skills acquired on the job and past experience.
Underpinning the support for practitioners of the discipline of risk management are professional bodies such as the Risk Management Institution of Australasia (RMIA). By its very nature, the role of RMIA is one of engendering cooperation and sharing a common purpose for its members. However, there is a myopic view within certain aspects of the RMIA membership and Board that “Risk Advisers” (consultants) are not part of the risk management profession and therefore do not share a common purpose with other members. This view divides the common purpose of the Institution, which paradoxically has a membership base comprising a significant number of risk management consultants (“Risk Advisers”).
In fact, “Risk Advisers” are generally more experienced in taking and managing risk than internal “Risk Managers”. They are generally more experienced in advising Boards and executive teams in establishing risk appetite and integrating risk management into the strategic decision-making processes in the business. Often such advice adds more value in a business than creating (risk management) processes which are often not applied by managers in organisations who do not fully understand risk management.
As the risk management discipline struggles with the growing pains of establishing its identity in organisations and developing recognition amongst its peers (i.e., accountants, actuaries, company secretaries, finance managers, solicitors etc) it is incumbent that the RMIA adopts a leadership role in the profession and not one of exclusiveness and divisiveness in protecting the interests of the “Risk Manager” while limiting the opportunities to promote risk management philosophies and principles as an essential element of good management practice.
The challenge for risk management to be recognised as a “profession” will be an ongoing one for risk management practitioners involved in playing a part in providing organisations with skills, knowledge, processes and support mechanisms to allow managers to take and manage risks in order to obtain appropriate returns for risk and to achieve organisational objectives. A broad rather than narrow view of the risk management profession is what is required to build recognition of all participants in the diverse activities of “risk management”.
The challenge for RMIA is to adopt an inclusive approach to the broad and valuable contribution made by all its members and to foster a cohesive and united approach to the development of “risk management”. The challenge for practitioners is to gain a greater understanding and acceptance of the respective roles described herein which all contribute towards effective risk management as a management discipline.