This video offers a brief overview of why risk management is an executive function not to be delegated away.
- One of the most critical mistakes business owners make is thinking that they can delegate away the function of risk management. What often happens is that the owner starts giving up his or her duties that relate to the product or service they provide. That means less time in the trenches and more time invested in the management of others and big picture strategies for the business. One of those areas that can be easily given away is risk management.
There is a threefold problem with completely delegating away risk management. First, the brand of the business is at stake. Nobody will protect that brand more than the name on a shingle. The CEO that built that business can lose it all in an instant if they aren't personally keeping tabs on it. Second, the task is delegated to someone ill-equipped for the job. This is not a commentary on the skill or intelligence of the person, it's a knowledge issue.
The most common roles given risk management are CFO, human resources, and director of operations. In each case, the skills needed for those positions don't line up directly with risk management. They lack risk financing, loss control, and risk strategy expertise. Third, the back burner dilemma arises. You know what it is. The person who has been delegated to the task of strategy and implementation are so busy with their other duties, risk management get shoved to the proverbial back burner and only flares up when a fire is ignited.
And then it's too late. I suggest that the CEO stay active in strategy, thoughtful in delegation, and consistent in message. Here's what I mean. Risk management is an executive strategy, because it's visionary and big picture. The very definition of risk management is when to identify and deal with obstacles that can get in the way of profitable growth and organizational success.
That's why the CEO must play a part in defining those organizational goals and identifying the obstacles or risks. This should be done at least annually to confirm hazards, plans, and goals. Thoughtful in delegation means giving the job to the person best suited to manage it based on expertise and experience. That person should have a background in risk management at some level, and be given autonomy with accountability to the CEO.
In addition, they should be given help from an outside source that has full experience and knowledge they don't have. Finally, consistency in message is paramount to long-term risk management success. Employees can see through quick fix initiatives. When the CEO's message becomes weaker, or even completely vanishes, credibility is lost. When credibility is lost, so is the important buy-in from those needed to carry out plans.
CEOs are needed for their voice as much as their actions. By being consistent on their messaging around safety, security, and risk mitigation to assure business continuity, the CEO is literally telling people he or she cares about them and their long-term service to the organization. Risk management strategy should never be delegated away. The CEO that stays active in strategy, thoughtful in delegation, and consistent in message will be creating a strong and profitable future for the company.
- Explain the process of identifying exposures.
- Cite examples of transferring risk.
- Name the tools used for implementation and monitoring risks.
- Define “organizational amnesia” and explain how to prevent it.
- Describe security concerns an organization may have and explain the cybersecurity tools that may be used to mitigate them.
- Identify the benefits of an employee handbook for mitigating risks.
- Explain the various parts of an insurance policy.
- Summarize the importance of a business continuity plan and describe the steps for creating one.