Preparing C-Level Employees for Risk

Advertisement

As risks associated with technology and cybersecurity have increased in the last decade, it is more imperative than ever that corporations undertake the proper protocols to protect themselves.

When it comes to implementing risk management processes, many assume C-level executives head up these efforts, involving key departments throughout their organizations. According to a recent study conducted by NC State’s Poole College of Management, however, 80% of organizations surveyed from all over the world have no formal risk training for executives.

Advertisement

A quick look at recent headlines shows how quickly a cybersecurity incident can damage a corporate brand. Many companies that have recently experienced data breaches also have been exposed by the media because of ineffective or nonexistent integrated risk management strategies. This can be for a variety of reasons, from executives trying to hide the breach to the belief that they can resolve the issue before it grows into something larger or, possibly the worst of the options, they are not aware that the breach is even occurring.

Advertisement

So how do we make risk a priority for executives? In my opinion, it comes down to properly re-framing the mindset of executives around risk through effective education and training.

Advertisement

Educate executives on risk types

When it comes to business, the term “risk” generally produces negative connotations, causing many to avoid addressing the phrase—and the issues—altogether. From workplace injuries, data breaches and even social media nightmares, risks tend to mean trouble for executive teams. The reality, however, is that not all risk is bad. Thus, executive teams must be able to distinguish good risk from bad risk.

What constitutes good risk? Simply put; proactive risk choices that benefit the company. These can include exploring emerging markets and growth opportunities, expanding operations into new product areas and even partnering with new vendors. While these risks can produce negative results, given that they are actively pursued by leadership teams shows that they are intended to better the company and its employees.

Executive teams need to understand the differences in positive and negative risks and their larger impact to their organizations. Specifically, understanding multiple risk types exist can change the approaches your management team takes to recognize and address risks, which will echo throughout your organization.

Advertisement

Train executives on how to address negative risks

Executives must realize negative risks are unavoidable. Because negative incidents will happen, executive teams must learn how to bring proactive approaches to managing these speedbumps in daily operations. Thus, formal training programs should be implanted to educate executives on proper risk management.

Training programs should include internal and external communications strategies, both with positive and negative risks, remediation strategies for negative risks and provide tips on how leadership teams can be risk thought leaders throughout the organization.

Advertisement

Remember, an executive team that places value on proper risk management planning and training will produce a similar culture, enterprise wide.

This will allow organizations to more proactively manage risks before they snowball into larger issues, ensuring long-term success.

Advertisement

Consider creating risk committees

Since all C-level executives are crunched for time, risk management often falls to the back burner. In many situations, I’ve found it beneficial for the C-suite to create corporate risk committees. Designed to reduce the burden on corporate executives by providing an advisory board to report on risks, corporations can benefit from dedicated professionals examining risks throughout the organization in areas including IT and operations.

These committees serve as an extension of the C-suite and can create better transparency, while providing informed insights to help leadership teams make better, more educated decisions.

Advertisement

Remember the importance of a top-down approach

No matter what approach you take to educate your executive team and get them more involved in risk management, corporations must remember enterprise risk management requires working from the top down. As risk professionals, we must do our best to gain leadership buy-in and conduct enterprise-wide training to stay ahead of risk. If NC State’s study has taught us anything, it’s that we still have a lot to learn.

Advertisement

Quin Rodriguez contributed to this post.

Risk Management Magazine and Risk Management Monitor. Copyright 2018 Risk and Insurance Management Society, Inc. All rights reserved.

Published by

National Law Forum

A group of in-house attorneys developed the National Law Review on-line edition to create an easy to use resource to capture legal trends and news as they first start to emerge. We were looking for a better way to organize, vet and easily retrieve all the updates that were being sent to us on a daily basis.In the process, we’ve become one of the highest volume business law websites in the U.S. Today, the National Law Review’s seasoned editors screen and classify breaking news and analysis authored by recognized legal professionals and our own journalists. There is no log in to access the database and new articles are added hourly. The National Law Review revolutionized legal publication in 1888 and this cutting-edge tradition continues today.