Developing Organizational Risk Competency

A risk management professional has many opportunities to engage, influence, and build organizational risk competencies in various decision-making environments. In this RIMS 2021 session, Dr. Joseph Milan from JA Milan and Associates LLC highlighted five ways to integrate risk management into multiple levels of the organization.

Develop Training
As a risk professional, it is important to lay out a plan to determine how to educate individuals in the organization about their responsibilities. Your audience could be executive leadership, a risk committee, risk champions and/or frontline managers. You will need to determine what type of curriculum you want to develop, what channel you are going to use to deliver your training and how often. This could vary by audience.

Steps to develop successful training include:

• Identify needs
• Identify existing training
• Determine how to leverage existing resources
• Create a gap analysis between needs and existing training
• Completing an audience analysis

Engage Your Organization’s Risk Network
Think about both formal and informal ways to reach out to leaders and risk champions in your company. You can draw a stakeholder analysis that determines the different functions with the organization. This analysis aggregates each stakeholder groups’ different perspectives towards process and procedure, and combines it into an enterprise risk management (ERM) approach. Start by identifying the stakeholder groups (i.e. audit services, compliance, risk management) then think about how to break down silos between them. Develop consistencies that include definitions, perceptions of risk, risk philosophy and risk appetite – all while focusing on the risk process and procedure that can help each of these functions within the organization.

Find Your Risk Champions
Coaching compliments training. It is one thing to create formal training, but we know that there are strong informal forces within our organizations that can influence the success of your initiatives. These risk champions can help advance your cause.

Identify these opportunities in your organization through the following steps:

• Identify needs
• Identify existing coaching
• Determine how to leverage existing relationships
• Perform a gap analysis between needs and existing coaching
• Complete a stakeholder analysis for internal and external / formal and informal coaches

Focus on Continuous Improvement
It is important to evaluate your efforts to measure success and identify program weaknesses. Complete regular self-assessments and focus on practical aspects of items like:

• Communication
• Consultation
• Executive sponsorship support
• Achieving expected outcomes within overall organizational objectives

Explain How to Integrate Risk Management
Educate on how risk management actually works using vision, mission, strategic objectives and measurements. For instance, is there a governance structure in place that helps decision makers determine if the organization’s risk philosophy (based on a formally defined risk appetite) is being incorporated into decisions? This is a specific thing that can be identified, measured, trained to and educated around. In addition, your strategic objectives are unique to your organization, but could include financial accomplishments, compliance, happy customers, talent management and organizational efficiency. You should be able to answer questions on how risk management can help each of these objectives. Next, you can move to tactical risk, answering how people can do things that align with the risk management process and how they can support this strategy. Take the items you learned from the previous steps and determine how to implement them into an organization.