Risk Management

Talking about risk management differently

How to reframe risk management discussions.
article cover

3 min read

Getting executives to talk about risk management can be like convincing little ones to eat their vegetables. The key—according to Mark Beasley, a professor at the Poole College of Management at North Carolina State University and director of its enterprise risk management initiative—is to frame risk in the context of strategy discussion.

Beasley, who recently spoke with CFO Brew about AICPA’s newest State of Risk Oversight Report, of which he is a co-author, also shared insight on how to get the C-suite thinking more proactively about risk. (Beasley also discussed the growing pressure for leaders to be more involved in risk oversight and how to better monitor risks on management dashboards.)

This interview has been edited for length and clarity.

What are some key steps that companies can take to be more proactive in tying risk management in with strategic planning?

My observation is, so many executives, when they talk about strategies…they don’t really want to go through and say, “Well, what must go right, and what could emerge and derail that?”...They may be making some assumptions underlying the strategy, but they don’t recognize they’ve made an assumption. The example I like to give—which is getting dated, but it resonates—if you go back to 2006–2007 and look at what was happening in financial services, a lot of those business models were based on products that, [an] underlying key factor was real estate prices would stay stable or go up. I think in a lot of cases, it was treated as a fact…Well, we now know it was not a fact; it was an assumption that was really bad.

It’s not that assumptions are bad. It’s just I need to recognize where I’m having to assume something about the future, and then I need to keep an eye on that assumption. That’s another example of how you could integrate [risk management with strategy]. So, we’re really not telling an executive, “Let’s talk about risk today.” Rather, we’re saying, “Let’s talk about where our assumptions are.” You’re really talking about the risk, so it’s sort of “stealth” risk management.

News built for finance pros

CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.

I like that. That’s a good term.

Some executives, when you say, “Okay, I’m here to talk about risk,” they’re like, “Boring. You’re the naysayer.” Part of what [I’m] trying to do as a risk leader is, I’m not even going to use that term. I’m going to say, “Tell me about what we are assuming, and how confident are we in that assumption, and what if we’re not correct?” I haven’t even used the word [that starts] with “R” yet, and that gets people more willing to talk.

Anything to get people explicitly talking about risk in the context of the business and having a robust conversation—that’s ultimately the value…The technique is more the “how,” but what my goal is to really get an explicit, organized conversation around risk.

As a parent of two young children, I think of getting these executives to talk about risk willingly and openly is like hiding vegetables in the kids’ dishes to get them to eat their vegetables without knowing they’re doing it.

Exactly. Unfortunately, risk is sort of [viewed as], ‘You’re all the reason why we can’t do something. [You’re] the naysayer.” No, I’m here to talk about what could derail our success, so let’s talk about it so we can be successful.

Enterprise risk management is not [just] risk mitigation. We’re not here to get rid of risk; we’re here to just manage it, and that sometimes may mean…we need to take [more risks]. But unfortunately, people don’t see risk management that way yet. They see it as risk mitigation.

News built for finance pros

CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.

C
B