The lesson here is that ignoring risk is a major financial error. You will pay a high price for this choice, sooner or later. You are wise to choose to manage risk now, while the cost is low and the upside is high.
A Critical Change in Thinking for CEOsThere is one vital piece of advice that I must give to owners/CEOs. This advice will feel terribly counterintuitive to many of them. As leaders, especially as entrepreneurs, they have learned to praise and reward the heroic man of action. In a company without a risk management process, a behavior that is often highly prized and rewarded is firefighting. What CEO doesn't love to sing the praises of a hero who bravely dashes into the flames and rescues the big client or delivers the company from peril? Many companies live in an environment where firefighting is common and heroic firefighting exploits are part of the company's legends.
A primary component of risk management is fire prevention. If a risk manager does everything right, there will be very few or no fires. So what is there to celebrate? The answer is obvious: You celebrate how the absence of destructive fires is letting you focus human and financial resources on innovating your products and building relationships with your customers. But this answer is counterintuitive for CEOs. They don't celebrate the fact that nothing happens -- which is the way many of them will subconsciously interpret the results of an excellent risk manager having done an excellent job! Risk managers often live in fear of this subconscious interpretation of their work.
They fear the CEO will think, "I might not need the risk manager anymore. We haven't had any fires since he put his risk management process in place. The company might be safe without him."
The CEO must learn to think in new ways! Implementing a risk management process means an end to a culture of firefighting. Prevention is to be celebrated and rewarded. If the risk manager has everything under relatively good control, he is probably working smart and hard in many ways that aren't visible to the CEO. This invisibility factor makes it important that the CEO receive regular reports from the risk manager.
All that said, no risk management process can prevent every fire over the long term. Even if the process is perfect, human nature and evolutionary changes within the company will eventually find a way to defeat it. There will always be some fires to fight. But fewer fires will occur and they will probably be less costly than the blazes that happened prior to implementing a risk management process.
Ground Rules for the CEOIn many small companies the risk manager will report directly to the president or CEO. It is important that the superior officer understands and effectively executes his role in support of the risk management process.
My finest business mentor summarized the CEO's job in three sub-roles: Chief Strategist, Chief Ambassador and Chief Coach. Twenty-two years after co-founding my first company, I agree that this is an effective summary of the CEO's job.
None of these three roles includes the title Chief Risk Manager. Yet many CEOs become immersed in risk details and lose focus of the tasks they alone can and must perform if their companies are to prosper. Some CEOs enjoy the legal elements of risk management. Some fear that delegating this work might lead to a costly mistake. Some simply haven't realized that they could create a risk management process, appoint a manager to execute that process and free the CEO's time for his own unique work. Your CEO, however, has probably made the key decision to delegate at least some portions of this important work to you -- and that is why you are reading this.
Delegating this work to an effective risk manager frees your CEO from the vast majority of this work. As the risk manager, you should encourage the CEO to stay clear of the work -- work that you will soon be better trained to perform than he. However, getting and staying free of this work will require the CEO to:
• Select and empower you in the risk manager's position.
• Assist you in refining the PreAct? risk management process to fit your company, primarily by clarifying his tolerance levels for the different risks confronting the company.
• Provide you with ongoing information, especially information relative to potential events, threats and shifting risk tolerances.
• Give you support to implement, enforce and improve risk management practices.
• Give you the economic resources needed to secure services from competent risk management suppliers, especially legal, insurance and tax experts.
• Give you frequent performance feedback.
You can't eliminate risks, but you can reduce them. Here are a few preliminary pointers Bulletproof Your Business on the best way to approach that goal
Printer-Friendly Version
