Before a crisis breaks out, it’s always a good idea for the company’s risk manager or the risk management department (RMD) if one exists to review his or her role, or in case of the RMD, its role within an organization. In today’s environment, including COVID 19 virus issues, it is very important. A risk management department may have multiple reporting lines within an organization or may report to one department head. Are those reporting lines clear? If not, it is time to clarify them.
In order to understand the risk management department’s area of responsibility within an organization, I think it best to for the head of risk management to work with his supervisor in drafting corporate guidelines covering the risk management’s area or responsibility which can then be disseminated throughout the organization. No only should the RM or RMD’s are of responsibility be covered but each individual within the RMD should have his or her position and are of responsibility described in detail as well. It’s best to have everything outlined before the RMD has to contend with a crisis, especially a pandemic.
Areas of responsibility should include the purpose and policy of the RMD in the organization, the functions and execution points of the RMD (who does what, when, how, reporting lines, etc.) as well as a detailed outline of the procedures and processes of the RMD. Procedures and processes can include:
-conducting risk assessments of the organizations’ divisions and departments
-developing solutions for the various risk management issues
-coordination with various departments to assist with compliance issues
-oversee loss control concerns
-develop training for the organization’s employees covering various risk related areas of concern such as product safety, etc.
Besides managing risk, risk managers must also have a knack for good stakeholder management. In fact, in order to provide effective leadership in today’s corporate world, risk managers and those who have a risk management function, must understand the significance of good stakeholder management. Considering the high employee and investor turnover rates it is no wonder that risk managers must take the lead in providing risk management information to various stakeholders not only from a compliance perspective but from a profit/loss perspective as well.
Who are the various stakeholders that a risk manager must concern himself or herself with? Of course the more sophisticated a company, the more stakeholders there might be. Nonetheless, the main stakeholders of any company or organization usually include:
1. Employees
2. Upper Management including the Board
3. Customers
4. Suppliers
5. Regulators
6. Investors
7. Business partners; and
8. Credit Analysts
The first step in leadership for any risk manager when looking at stakeholders is to ask the hard questions such as: (I) Are you prepared to handle risk events relating to your stakeholders or not? (ii) In a crisis management event, such as a pandemic, are you ready to address your customers? (iii) In case of litigation, do you have the right information to communicate to your regulators? , and (iv) What are the risk management process to use in case you have major employment related issues?
Providing effective risk management leadership requires the risk manager to understand what his or her role within the organization is as well as who the major stakeholders really are and what risk management reporting processes actually exist or should exist.
Once a risk manager can answer the questions, the manager as well as the RMD itself is ready to provide effective risk management leadership.