Takeaways from Speaking at the 2019 RIMS Risk Management Conference

Steven Minsky | June 18, 2019

The Risk Management Society (RIMS) held their annual 2019 Risk Management Conference from April 28th to May 1st in Boston. This year I was honored to be selected to speak on the effects of the See-Through Economy, “How to Mitigate Reputational Risk.”

The Risk Management Society holds one of the largest risk events of the year. Its purpose is to provide anyone tasked with risk responsibility, or who provides services to risk professionals, the skills and tools necessary to effectively integrate risk management into their organization’s core processes and decisions.

Companies are being held accountable for their actions now more than ever before. The RIMS 2019 Risk Management Conference has come at a critical time for organizations as they are learning how to navigate the  See-Through Economy. Corporate scandals could happen at the drop of a hat in the event that risks are not controlled. With new technologies leaving companies with nowhere to hide, now is the time for organizations to take control by assessing how risks may impact your organization’s reputation across all departments and levels.

Manage Fire Wisely 

Managing risk and the See-Through Economy is all about reducing uncertainty and amplifying positive actions which, in business, is always a good thing.  Take fire as an example. With it, you can cook your food and heat your house, but when fire gets out of control, it becomes a disaster. As risk managers, it is our job to reduce uncertainty in achieving our goals as well as preventing distracting mishaps.

So, what can an uncontrolled risk look like at your organization? Each week, preventable risk management disasters take various forms in the headlines. Recently, tech giant Apple discovered a major glitch in their software’s FaceTime feature the hard way. The glitch enabled users to force pick-up on a third-party device, which in turn also gave them audio access. Because Apple did not have a user channel to escalate glitches, it wasn’t until a fourteen-year-old discovered the glitch and his mother reported it via email, fax, and social media that the bug was fixed. Apple lacked a way to engage its user base in a positive way to bring issues to the attention of appropriate teams internally. Not only did this delay the resolution process, an issue that should have been previously taken care of behind-the-scenes was blown up publicly in the age of fast-paced social media.

How do you Manage Reputational Risk? 

In order to anticipate your risks, you need to be able to engage your organization, bridge silos, and provide channels through the five layers of management between your board and your front line. I shared a few tools with my audience at RIMS to help do this. When engaging a department, this risk-based translator, like the rosetta stone, will help you speak the language of others silos so that there is no confusion when discussing risks across the enterprise.

With risk management, it takes a village, meaning “If you want to go fast, go alone; but if you want to go far, go together.” Therefore, it is important to engage others in the risk management process. Risk managers can leverage this risk-based approach wheel as a tool. Since risk management is an iterative process, it is best to start on a topic of the wheel that is of interest and holds importance to your target stakeholders. From there you can move around the wheel to show them how their comfort zone is linked to other steps in the risk management process. The result will be to monitor the true effectiveness of controls over specific risks.

Most importantly, once you are implementing risk management best practices, it is essential to periodically evaluate your organization’s progress in adopting a risk-based approach. One way to measure this is by leveraging the Risk Maturity Model which I authored. Published by RIMS, this assessment is a free framework that allows you to assess how well you are using a risk-based approach., You can take the RIMS RMM and receive a score that assesses your ERM maturity on a standardized scale and get customized recommendations for how to improve. I recommend taking this assessment once or twice a year, then sharing the results to get feedback from across the organization.  Not only will you see where your successes lie, but it also can demonstrate which areas you can improve upon over the following year. It is a great tool to aggregate information for Board and senior leadership reporting to represent how prepared your organization is in managing risk. Using these tools to guide the way, your organization will be able to anticipate what’s ahead, proactively manage identified risks and opportunities, while you also achieve goals and prevent costly and distracting missteps.