"Your brand is created out of customer contact and the experience your customers have of you" - Stelios Haji-Ioannou, Chairman, EasyGroup
The risk management departments are sometimes perceived in negative light due to their role in the organization. The business operation teams view the risk management departments as office police, watch dogs, critics and messengers of bad news. The basic job function of the risk management departments is to:
- Conduct audits and reviews of business operations and identify weaknesses, non-compliance and non-adherence issues. This generally negatively impacts the business operation teams as their work is under review and shortcomings are identified.
- Ensure compliance to all statutory and legal requirements. This activity sometimes results in business operation team needing to adopt a longer process with more controls and/or sacrifice a specific strategy of earning profits because it contravenes laws. Here risk managers advise sacrificing profits to maintain ethics and laws, which again negates the activities of business operation teams.
The negative image causes a lot of damage to the department and team members. The following reactions of business operation teams are sometimes observed:
- Lack of transparency or hiding facts from risk management team.
- Obstructing risk management team’s participation in critical meetings and discussions.
- Creating political scenarios where risk management teams credibility is put in question.
- Ganging up or retaliating against the risk management team at a personal level.
These reactions are driven by emotions of the business operation teams. It is a scenario where the messenger of bad news gets shot. As one senior manager said to me when I was responsible for fraud investigations - “Sonia, your presence in my office indicates to me big time trouble, so I can’t say I am happy to see you. However, as there is trouble and I know it is you who is handling it, it gives me a level of confidence that it will be handled efficiently.” This statement basically indicates the sentiments of most professionals when they see a risk manager in their office. Sometimes the views are so clouded that a risk manager’s professional job and personal personality are considered one, and they are viewed as being critical, ruthless, rude, etc. in personal life.
These negative emotions build resistance to the risk management department and their work is made more difficult. The need of the hour is for the risk management department to focus on building a positive brand image. The following process should be adopted for building a brand of the risk management department.
1) Vision & Mission of Risk Management Department
The risk management department needs to position themselves such, that stakeholders and customers view them as value adding agents. The vision and mission statement should be communicated to all the stakeholders and customers to ensure that same message is received by all. This can be done by putting up on the company intranet in text and video. Mass newsletters and emails can be used to convey the message.
2) Understand customer requirements
The risk management department should do some internal selling to build awareness that business operation teams will benefit from associating and involving them. Organization surveys, group forums and one-to-one in-depth interviews should be conducted of the business operation teams. The purpose should be to understand their requirements from the risk management teams, and their positive/ negative emotions regarding various aspects of risk management. The business strategies and operations should be understood along with personal aspirations of the team.
With this information the risk management team should conceptualize and discuss a method by which they can hand hold the business operation teams in achieving their goals with complete compliance to legal requirements.
3) Build trust and credibility
The risk management department at some level is viewed with fear and apprehension by the business operation teams. The perception is that the negative points highlighted in the reports will be used as political ammunition to harm the business operation managers. This creates an environment of distrust.
In a risk management department trust is the key component of its reputation. A risk management department perceived as unethical, political and self-serving can damage not only the department but also the organization.
The risk management team needs to first focus on building a non-political independent image which is for the benefit of the organization. Few aspects need to be ensured:
- Reports issued focus on process shortcomings and are not person specific.
- CXO’s and other managers do not use the reports to settle their personal political agendas.
- Develop relationships at all levels of the organization to address employee concerns regarding the reports and their impact.
- Ensure transparency in the process and obtain buy-in of the business operation teams on the recommendations and way forward.
In nutshell, the department should always be perceived as following the high moral ground and using ethical means to manage issues.
4) Focus on the bigger picture
The image of risk managers is that they are focused on nitpicking and make mountains out of mole hills. The other aspect is that they do not appear at the CXO radar since the observations are immaterial from the CXO’s standpoint of business. This image is basically formed as the risk management departments are focused on transaction audits.
The risk management department needs to develop a strategic focus and understanding of the business. They need to involve themselves at the point of strategy formation and provide viewpoints for increasing shareholder value while minimizing risks.
The present day organizational challenge is to build a healthy work culture. Risk managers can be key drivers for building an ethical and constructive work culture. They need to develop the core values of the organization and work with organization behavior change management team with human resources department to build a uniform culture throughout the organization.
5) Reward and recognize accomplishments
The next negative viewpoint of the risk management department is that it is viewed as a department which dishes out the punishments with a stick in hand. People suffer emotionally from the criticism and the management actions taken for implementing the recommendations.
Here the risk management department needs to bring an attitudinal shift in business operation teams. The good things about their operations and positive compliance should be recognized and rewarded.
The risk management department can initiate a formal recognition and reward system with the help of human resources department. The criteria for achieving the key performance indicators should be communicated to the operations team. In some manner a competition can also be set up to check on the awareness of risk management practices and adherence to the same.
Last but not the least, the reports submitted should provide a balanced view. For example, if 20 internal controls checks have been done, and 5 are considered weak. The report should indicate that 15 internal controls are good and only 5 are weak.
To summarize, risk management department to build a positive image needs to ensure that the business operation team experiences with them are favorable and perceived in positive light. They should take care that they are not perceived as selling negative services.
Welcome your opinion on building a positive brand.
Visit me at http://www.soniajaspal.worpress.com
Comments
Thanks for reading the post. I agree with you that the perspectiveof the post is more from an audit angle. In my view under the perview of risk management department, we have governance, risk management and compliance functions. On an overal basis presenting in a rather simplisitic manner the governance function is more strategic in nature, the risk management is preventive and compliance is detective.However, the business managers do not view and/or understand the subtle differences as all come under the overall umbrella of Risk Management Department. There is, if any, only one position in the board for it. Hence, all functions get viewed in one light.
I absolutely appreciate your viewpoint that we should embrace self assessment, as it is more friendly and proactive. I have covered this angle of invovling business users in risk management function in another topic on my blog titled "Applying COllective Intelligence for Risk Management". It might interest you.
Once again thank you for sharing your views and making this an active discussion. :)
Kind regards,
Sonia
Instead, as Risk professionals, we need to involve everybody in the Risk Management process thereby having everybody in the institution own up the risks with in their operational jurisdictions. We need to embrace self assessment, at least 70%.