When you hear the title Risk Manager, who comes to mind? Typically, it’s the person who procures the corporate insurance program, leads health and safety training, manages claims, or administers IT/cybersecurity protocols, training, and threat responses.
The risk manager’s office has evolved exponentially over the past 20 years. It’s more sophisticated, accountable, and able to provide solutions for businesses facing mounting complexities in a long list of things including employment compliance, workplace safety, data privacy, and financial regulations as well as supply-chain interdependencies, business-continuity planning, technology adoption, third-party liabilities, and social, economic, and political changes. As such, the proactive risk manager leads with both incredibly broad and keen perspectives to identify enterprise-wide risks, then analyze and prioritize them within the context of their own organizations and people.
The person in this position was never intended to act as a lone ranger or be the sole gatekeeper of risk-related knowledge, quantification methods, and mitigation solutions. Siloed risk leadership is a great risk exposure unto itself because the responsibilities are too numerous and complex, and the function depends on diversity and inclusion. Therefore, the most impactful risk managers are those who recognize and work to align organizations with this mantra: “Every manager is a risk manager.” Say it with me!
If your organization has a formal enterprise risk management (ERM) committee, it’s likely that the risk and EHS (environmental health and safety) managers, CFO, CIO, facilities/security manager, and various attorneys are among its members. It’s time to broaden the perspective of who exactly the risk managers are in your organization. Human resources, marketing and public relations, and operations leaders are today’s most prominent risk-management leaders even without standard professional certifications. But they do offer valuable, real-time perspectives and expertise on emerging business opportunities and threats, making them best suited for risk identification, mitigation design, and control.
The proactive risk manager has a unique opportunity to identify, engage, and leverage deeper alignment with other leaders across the organization in a handful of practical and meaningful ways.
Rethink who’s on your team and the risks you’re measuring
As the leader of the ERM function and committee, it is time to formally welcome HR, marketing/PR, and operations leaders to the table and incorporate more relevant exposure data in your risk studies. With HR leaders decidedly at the helm of organizations’ COVID-19 response strategy, compliant 50-state hiring, equitable compensation, benefits structuring, and fair employment practices, their work is clearly more than just a series of inputs on the annual risk register. HR’s prominence is further heightened by the recent sharp rise of investments in DE&I initiatives, consultants, permanent personnel, and programs that are the direct result of decades of global social justice, civil rights, and economic pressures.
Amid mounting unrest, companies both large and small faced criticism and brand damage for apparent and perceived lack of inclusion at all levels, tone-deaf diversity statements, and policies without meaningful enforcement that left inappropriate behaviors and microaggressions unchecked in the workplace. However, with HR leaders not being historically viewed as risk managers, some organizations missed opportunities to fully identify and quantify the associated risks and take action before the damage occurred.
The same can be said of risks arising from the marketing/PR functions. The sheer number of social media and advertising faux pas that have gone viral in recent years (and the ensuing reputational damage) often left employees, customers, and investors wondering who was at the table when “that decision” was made. The proactive risk manager can’t afford to wait to be invited to that table; bring those leaders to yours.
Recognizing HR and marketing leaders as risk managers can bring greater visibility to the quantitative and qualitative results of culture, employee engagement, and DEI surveys; EEO-1 reports; compensation and promotion parity studies; social media scrubbing; consumer reviews; and public relations crises.
Rescore and reassess risks
A direct benefit of bringing more of the right people to the table is the opportunity to reassess your past risk registers. Proactive risk managers don’t operate in bubbles, so it’s very likely that you have already engaged HR, marketing/PR, and operations leaders to identify key risks such as workforce diversity, succession planning, talent shortages, millennial and Gen Z engagement, and supply-chain disruption, but it’s time for a refresh. More deeply engaged function-specific risk managers can help properly quantify and prioritize those exposures in the context of today’s social climate, labor market, and global supply chains. This could mean the difference between meaningful updates to your road map, policies, and mitigation solutions or huge oversights that damage your organization financially and relationally.
Pull insights more than you push policies
Operations is where all risk strategies either fly or die, and nothing impacts a well-laid plan more than the frontline ops managers who have to drive them. Ops leaders are the first to learn from your employees, customers, and partners which processes, products, technologies, and culture-change initiatives are working; which communications are boosting engagement and clarity; and whether your business-continuity plans are realistic and effective . . . or not. Simply, they know what is working and what is not a lot sooner than most other leaders. The viability of your ERM programs relies heavily on ops leaders’ knowledge and willful conduct, so they too are among the most important risk managers.
Their primary focus will rightfully be on running the business, so the proactive risk manager must support practical risk cross-training, the creation of centralized repositories for FAQs and recurring issues, and the inclusion of ops leaders in tabletop exercise design (as opposed to having them merely participate in exercises). Linking ops leaders’ compensation and incentives in part to relevant risk-performance metrics will be key to their long-term success and the success of the ERM program overall. The proactive risk manager will continue to serve a critical role in educating your colleagues on the use of traditional risk identification, scoring, and prioritization methods to enhance all operational areas.
Improve organizational knowledge and behaviors
Leaders across your organization can benefit from the adoption of a platform that digitally links all departments to streamline critical risk-management processes and report and manage incidents. Whether your organization is centralized or decentralized, platforms can optimize HR system integration, safety and OSHA reporting, claims and legal document management, COVID-19 tracking, and return-to-work processes. Do your research and, again, ensure that you bring the right stakeholders to the table when you identify functionality needs.
Lean into diversity and inclusion
The bottom-line financial impact of workplace diversity is well documented, so imagine the potential impact of such on the risk manager’s office. Formally elevating new perspectives and voices to the risk-management space not only drives knowledge and accountability but increases the reach and impact of ERM programs. When it’s time to justify the costs of your program or make a business case for investments, you’ll have a new host of expert allies and metrics to support those needs.
The evolving roles of risk managers seem limitless. Targeting and engaging risk leaders across the organization who can proactively identify and quantify problems, develop meaningful solutions, drive organizational alignment and visibility around incidents, and lead strategically will only serve to enhance companies’ decision-making, talent engagement, and performance overall.
Say it with me: Every manager is a risk manager!
Princess Castleberry is the interim head of People & Wellness at Aclaimant, and owner and principal consultant at Castle Risk & HR Consulting.