Last Thursday I hosted a collaborative session with Alexander Larsen, Eamonn Cunningham and ten of our Members based in Australia, Asia, the Middle East and Europe.
One of many virtual meetings hosted by Risk Leadership Network each week, Thursday’s session was an opportunity for Members to share and benchmark how they are implementing and using internal risk champion networks to support their risk management programme. (Click here to see what other virtual meetings are coming up)
Risk champions remain a critical part of any risk management programme. As one Member explained, "risk champion networks are incredibly powerful and if done well can lead to greater insight right across and up and down the organisation, with the ability to respond more effectively to events. That said, they are tricky to set up and get right."
Like previous Risk Leadership Network sessions I’ve moderated, Members openly shared their success stories while candidly explaining what hadn’t gone well and where precisely improvements could be made.
Members can access the specific findings through our Member Portal where they can also read our latest Intelligence paper "How to build an effective risk champion network". We thought it would be useful to share a general summary of this with the wider risk community. These can be grouped into five main themes:
Why establish a risk champion network?
Everyone agreed that for risk management to be effective it needs to be embedded into the business and risk champions are a great way to achieve this. Members shared how they had used risk champions to:
- Augment the scarce resources that risk managers can call upon
- Achieve better buy-in to risk management at a divisional/department level
- Promote a strong risk culture and enhance risk awareness across an organisation.
- Build better capabilities to identify and report new threats
- Improve the quality of risk data that is kept up to date by those on the frontline
- Incorporate specific subject matter expertise into risk management analysis
Getting buy in
Participants agreed building a successful network starts with executive support:
- One Member explained the simplest way to get the leadership team on board is to mention risk champions in your risk procedure or risk policy document.
- Another approach is to try to drive it through the risk committee.
- One Member explained that if you’ve got extremely good relationships across the middle management team you may not need executive level support. This is often a good place to start.
Getting middle management support can be challenging as business unit managers may not want a member of their team to take on additional responsibilities:
- One Member suggested that if you can’t get senior management approval, you may be able to work with HR to embed risk management in senior managers’ job descriptions.
- Another Member said it can take time but if you can show middle management the benefits that a risk champion can bring to their department, then they will buy in.
Communication
Members agreed communication of the role, expectations and value of risk champions needs to be clearly articulated. Members discussed topics including:
- Setting a job description and reporting lines for your risk champion network and how it will vary depending on the risk maturity.
- How much time risk champions have and what percentage will need to be dedicated to risk management
- Who to select, what attributes do they need and how many risk champions are required to get going?
- How to work with HR to get their new responsibilities added into their job descriptions and appraisal systems.
- The need to communicate the importance of the role to the risk champions so they understand how they are adding value to the organisation. Members shared how they had done this in practice.
Rewarding commitment
Members discussed the need to spell out the rewards for committing to and succeeding with the risk champion role. Members gave examples such as:
- Opportunity to access to the C-suite – for example, having champions present risks to the board and CEO
- Career development – for example, certification or introducing risk requirements for partnerships or management roles
- Recognition – for example, awards
- Financial rewards including bonuses
Training
Members agreed training is critical and shared how they are:
- Supporting risk champions with regular targeted training. One Member explained how a good training programme might also be used as an incentive to take on a risk champion role, particularly if linked to HR and career progression.
- Using workshops to get risk champions familiar with identifying risk and working with experts in their departments to better understand and analyse risks is critical. One Member stressed it’s important to keep things simple but once the network is in place training could become more specific (i.e. focus on emerging risks/BCM)
- Building informal networks among risk champions to enable greater sharing and collaboration.
- Providing shadowing and support to risk champions.
If you are interested in setting up or improving a risk champion network, please feel free to get in touch. You can reach me on william.sanders@riskleadershipnetwork.com. We would love to hear your thoughts.
As background, we have also launched a quarterly check-in for Members who are starting to build a risk champion network or working to improve the effectiveness of an existing network. Sessions are limited to five participants and are an opportunity to discuss progress, share what’s worked and validate ideas with peers and other industry experts. If you are a Member of the Risk Leadership Network and would like to join our next cohort, contact kin.ly@riskleadershipnetwork.com.