Expanding your job description

End Analysis

Expectations for risk managers have changed, placing them in uncharted territory. But with uncertainty comes opportunity. Those who recognize that risk is far broader than calculations-and who take the manager part of the job seriuosly-can meet these expanded expectations head-on.

Making a Difference

Traditional risk management means either looking at security issues (Are we adequately alarmed and monitored? Do we have firewalls?) or legal issues (How well are we protecting our intellectual property?). But there are much larger risks to be considered as well. Look around your organization, and you will find common problems for which you might have the solution.

For example, customer relationship management (CRM) software is designed to enhance the interaction between the customer and employee. When it works well, companies increase worktime efficiency, improve the customer experience, enhance customer and employee satisfaction and save money. Then why is CRM bombing? Billions of dollars have been lost on these programs, and the resulting litigation is both common and expensive.

First, many companies purchase CRM software on the plug-and-play assumption. Either the seller does not promote training or the purchaser declines to use it. Both sides blame the other. (Or, one internal department accuses another.) In addition, companies fail to enlist employees to support new programs. Management does not tell employees what the CRM initiative can accomplish, what involvement everyone will have in it and how the company plans to integrate the software.

Research shows that these same problems-companies failing to analyze a new initiative properly, having unrealistic expectations, neglecting to enlist and motivate employees or not incorporating employees experience-affect many aspects of the business that may not fall under the risk manager's traditional purview. And yet, these factors increase the risk to the corporation in many ways. The resulting problems can range from Occupational Safety and Health Administration violations to creative accounting.

This brings to light a new era of risk management: Making sure organizations' executives explain not just the nuts and bolts of initiatives, but why the company embarks on them.

Expand Your Role

How can the risk manager take part in this process? Here are a few clues and cautions:

Consult rather than command. The risk manager can become a consultant to internal clients or departments. Offer your perspective, experience and the benefits of your input. Some groups will welcome your help, some will accept it and others will decline.

Seek to understand, then to be understood. Listen, read and repeat. See the problem from as many points of view as possible.

Identify rather than solve. Your purpose is to identify, minimize and manage risks, not solve problems. Most of the time, you will find the expertise and determination to solve problems in a department is already present. The arrival of an outsider makes the difference between scoping out a plan of action and actually implementing it.

Act as a link. Your most important contribution may be as a vital link to those who can tackle the questions raised. Imagine how different WorldCom's situation would have been if five quarters ago, the risk manager, while talking to the internal finance people, heard the questions and discomfort about capitalizing operating costs. An outside opinion might have prevented the illegal gambit. Worldcom's growth might have stopped, but it also might not be bankrupt today.

Set expectations properly at the start and then reset them. Explain to the groups with whom you work that this is a long-term process designed to help the department protect itself. You are a resource, not a Fairy Godmother.