IERP® Team No Comments

Getting Senior Management Buy-In by Utilizing ERM to Support Corporate Strategy

Read how Dunstan Maurice, Group Chief Risk Officer of GHL Systems Berhad faced challenges in getting senior management’s buy-in and how he overcome them

After a long Chinese New Year break in February, we were back for our second tea talk of the year by Mr. Dunstan Maurice, Group Chief Risk Officer of GHL Systems Berhad, who spoke on getting senior management buy-in by utilizing ERM to support corporate strategy.

Just like any other risk practitioners, Dunstan faced challenges in getting senior management’s buy-in in the early days of ERM implementation in his organisation. His strategy was identifying individuals who he believed would support his cause and, in this case, it included his Chairman, the Group CEO as well as the Head of Internal Audit and Compliance. Once he identified these individuals, he had a number of informal discussions with each one of them, understanding their point of view as well as getting their informal endorsement of his approach to ERM. By doing so, he was able to have additional channels of influence to the Board.

His next step was to tackle the senior management team in the organisation by educating them about the importance of ERM and how it could help the organisation comply with regulatory requirements as well as act as a “look out” for the company’s rapid expansion plan. Dunstan started by educating his senior management about operational risk via the RCSA and other operational risk management activities which were easy for most people to comprehend. That led to quick Board buy in about the importance of risk management. He then introduced the concept of utilizing ERM as a strategic management tool. He did this by getting the IERP® to facilitate a strategic enterprise risk management exercise which demonstrated how ERM could be used as a strategic management tool to help the organisation achieve its corporate vision, mission, strategy and objectives – all within only 4 days. This exercise led to the development of the first version of his organization’s risk registers which was practical and dynamic.

During the Q & A session, one of the risk practitioners shared the importance of culture and building rapport with the lines. The practitioner added that it was important for risk managers to be able to communicate positively with the lines, for example red box in the risk profile doesn’t mean bad and green box in the risk profile doesn’t mean good as they are only generic indicators. It is the action taken in response to the red and/or green box which is important, although in most cases risk managers, boards and the lines only concentrate on, and stop at, the colour of the boxes.

Some other tried and tested feedback to get buy-in mentioned by risk practitioners who attended the session included:
1. the carrot and stick approach is often employed although it doesn’t always work;
2. linking the share prices with ERM activities;
3. showing surveys done on the correlation between risk maturity and revenue can encourage the lines to work harder and place greater importance on their risk registers;
4. using peer pressure by presenting each departments’ risk registers at the board meetings where poor quality /deficient risk registers would be shown up;
5. better understanding of business units/departments detail processes will help ensure RMD input more relevant;
6. keeping up-to-date with business units development and initiatives by engaging with Head of Departments.
One participant also mentioned using the opportunity whenever there is a potential new partner or investor in the organisation to help push the Risk Management Department’s agenda as way for the new party to ensure that their interests are better protected.

The participants concluded the tea talk that the best way to obtain buy in was firstly to have a properly qualified CRO in place. Secondly, to implement an effective education program. This would then need to be followed up on by, thirdly, an effective and focused ERM program such as the IERP®’s tried and tested 4 day objective centric ERM implementation program.
A fun filled fellowship and networking session followed the tea talk where acquaintances were renewed and new friendships forged.