Risk Management at the “C” level

Corporate entities whether a small start-up seeking its first round of seed capital or a company celebrating its centennial, risk management matters. The leadership is where risk management starts with any organization, for profit or not for profit. If a mid-level manager doesn’t have the support of senior leadership, he or she is hard pressed to enforce safety in operations and fiscal discipline. Some companies follow a bottom up approach (versus top down) to risk management, making it the responsibility of every employee to take some level of ownership.

If the organization is bottom up, it is still dependent on the executive team to build the risk management program and most important, enforce it. It is similar to rule of law in nation-states. There are some laws if violated carry a severe punishment, that said the most severe punishment a corporation might inflict is termination and/or criminal prosecution. Then there are laws that if broken may result in a notation on an employee file, like jaywalking is a common civic code. Most of us do it knowing it is technically illegal.

What can a board of directors or CEO do to enforce their risk management regulations? The majority of senior executives meet periodically throughout the year, perhaps on a corporate retreat. During these congregations, is the opportune time to add time for establishment or review of the risk management program. Prior to the conference, the various “C” level execs require their management team to report activity with respect to adherence to the risk management program. An example, the CFO is requiring his finance team to report on the financial well-being of the organization. The CMO requires his managers to report on the effectiveness of campaigns executed by the company.

Most organizations are already conducting reporting measures from their subordinates to review and then present to the board of directors on multiple data points. A real-world risk management tie-in is best measured at regular intervals, requiring a group discussion or a report generated for review. During the discussion groups for example the marketing team may review the analytics of the digital advertising impact on revenue. While reviewing the data, the risk management element may include who has authorization to sign off on a campaign, then enforce a cap on expense per project. If the organization is overspending on marketing, then the risk management program (think of it as open source) can adjust to close loop holes by who has access and authority to spend the company’s hard-earned revenue.

There are seemingly limitless approaches to construction and enforcement of a risk management program. Each industry sector may have similarities however; a risk management framework is designed to address specific concerns to businesses around the globe.

More business stories and insights @ www.clarastellabc.com