Effective risk management cultures do these 4 things: A risk expert explains
In these excerpts from the full interview, Heywoord shares her perspective on the ingredients all risk management cultures need to be successful. Image: Photo by JESHOOTS.COM on Unsplash
Listen to the article
- “Upheavals at a global scale” are ahead, according to The World Economic Forum’s Global Chief Risk Officers Outlook.
- Bahare Heywood, the first ever CRO at global law firm Clifford Chance, spoke to podcast Meet The Leader about effective risk management and what it requires.
- From the importance of a risk framework to staying up to speed with technology, Heywood explains what every successful risk management culture needs.
Firefighter, investigator, diplomat, agony aunt. That’s how Bahare Heywood, the first ever Chief Risk Officer (CRO) at global law firm Clifford Chance, describes the role of Chief Risk Officer. (A senior colleague has even added “ghostbuster” to that list, telling her: “I don't do anything without calling you first.”)
This role is designed to ensure companies have the systems, frameworks and culture in place to identify, assess and monitor big challenges ahead. It's a function that's become all the more important as emerging risks grow at "turbo speeds", making the risk landscape ever more complex as leaders assess the impact of everything from he climate crisis to geopolitical instability.
Heywood spoke to the Forum this July for our Meet The Leader podcast, timed to the inaugural publication of the The World Economic Forum’s Global Chief Risk Officers Outlook. This mid-year check-in takes the pulse of risk officers around the world to better understand what businesses should worry most about in the next six months.
Of course, tackling those priorities is not possible without a company culture designed to manage risk. In these excerpts from the full interview, Heywoord shares her perspective on the ingredients all risk management cultures need to be successful.
Embrace structure – and a framework
Risk officers develop frameworks that can help you understand “what you care about and what you don't care about”, Heywood says.
She advises CROs to “think about creating a mechanism, a methodology, a structure to help you most effectively identify, assess and manage your risks … but it doesn’t have to be fancy.
“What you do need is to really create something which allows you to be able to understand where the risks are in your business and actually what the impact is of those risks on your business,” she adds.
“A framework allows you to have a bit of structure around the methodology, if you will, around how you do this.”
At its most simplistic level, “risk management is basically an action plan, a shopping list of things that you really need to get done to address risk”.
Listen – and build a speak-up culture for effective risk management
Risk officers are often the go-to person when there’s a problem, says Heywood,
These problems could be strategic or something really small, but ensuring teams have someone to go with these issues, for steers and solutions, is critical. Such conversations, in fact, are often the lifeblood of Heywood's work.
“Without knowing what's going on," said Heywood, "I can't really advise my business. I don't really understand the issues.
Giving people the space to have a "speak-up culture," she says, will ensure you can tackle problems as they arise and get ahead of clouds on the horizon. “The key to getting insight into the organization is the information that comes to me and it's usually unsolicited,"
This requires building trust throughout an organization by interacting with people, getting involved in conversations and understanding what's going on in your business, said Heywood, "If you build the right kind of relationships within your organization, you can very quickly start to add value.”
She added: “When you start to see people coming to you, to help with solutions, you know you're on the right track.”
Get teams engaged – and accountable
Effective risk management requires getting teams interested in educating themselves and others about potential threats and opportunities. This ensures buy-in for co-creating solutions and avoids situations where one person is talking at (and not with) the rest of the team.
Heywood helped boost engagement by making each member of their Executive Leadership Group (the equivalent of a board in other organizations) accountable and responsible for one of the global risks.
Each was assigned a risk and needed to present their risk to the rest of of the group. "And at this point, they started to pay attention," said Heywood. "I was getting phone calls saying, ‘Should we meet up and talk about that risk?’
“Then I got them to challenge each other on the risks. It created a virtuous cycle of them being interested, because not only were they responsible, but they were actually presenting the risks themselves. They needed to know what they were talking about and colleagues were challenging them on what they were saying.”
“That for me was quite a critical moment,” says Heywood.
Staying informed, up-to-date, and proactive
Risk professionals must be proactive for successful risk management and key to that is keeping informed and up-to-date with your sector.
It's important to dedicate time to keeping up with the shifts because "they are happening very, very quickly," said Heywood.
She reads publications that give her a range of perspectives -- both a broad sense of the economic and geopolitcal changes on the horizon, as well as publications specific to the legal profession.
Keeping up with how technologies are changing - and how they will impact your sector -- is especially important.
The CROs surveyed for the Outlook report all considered the development and deployment of AI to be “outpacing” management of the ethical and regulatory risks it poses.
“As a risk professional, you cannot properly have an insight into the risks of your business if you don't understand technology – everything we do is going to be led by technology."
Don't forget speaking to experts in person to get insights first hand. “Go away and talk to your CIO, talk to your IT colleagues, and really make sure you understand how technology works and how it impacts your business.”
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Tech and Innovation
The Agenda Weekly
A weekly update of the most important issues driving the global agenda
You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.
More on Global RisksSee all
Emma Charlton
November 29, 2024