In a perfect world, everyone in the company would clearly understand how enterprise risk management (ERM) can help them be successful, and, most of all, be eager to engage.
But for a variety of reasons, it soon becomes clear that this is nothing more than a utopian dream.
The (unfortunate) reality is why many executives and business unit leaders will have, at best, a vague understanding of what value ERM can provide them, and at worst, a profoundly negative attitude.
This situation demands ERM professionals to help management understand, which is where marketing comes in.
As I’ve discussed in other articles, the ERM professional must wear many hats. Simply adhering to certain processes and standards (a/k/a creating an ERM silo) will not be helpful in building the right internal reputation.
Soft skills like relationship building and conversations are equally or even more important than technical skills in my opinion.
Instead of being a documentation exercise that regurgitates a list of risks, ERM should really serve as an internal consultant–a consultant dedicated to one client–to support decision-making and help ensure the company achieves both business and strategic-level objectives.
How exactly do you go about shifting this perspective, so company leaders see ERM as an enabler of success instead of another nuisance?
Conventional wisdom would say that you need to have what is popularly known as an elevator pitch.
This makes sense on the surface, but what often happens is that it comes off as a sales pitch more than anything. The typical result of this approach is a blank stare or a polite nod.
Besides confusing, the truth is nobody likes the messaging ‘we do this, and you have to do this our way.’
Before getting into what to do instead, I want to reiterate the phrase ‘internal consultant.’ In the context of today’s article, ERM should be acting as a ‘consultant’ to company leaders and business units.
There is in fact a book called Consulting on the Inside that I recommend. In it, there’s an anonymous quote from an internal consultant in the healthcare industry that says:
The first big thing is to understand your customer and what your customer is looking for. Consultants sometimes try to tell customers what success ought to look like. You have no business doing that. They should tell you what they think success is, and they will judge you based on what they think.” [emphasis added]
To kick things off, ERM should have what the “consultant’s consultant” David A. Fields refers to as a fishing line. Why? Because one of the worst things you can do is to walk into a meeting and start talking about what do you do for 2 minutes.
A good fishing line will be, first and foremost, what David calls right-side up, a term that essentially means focused on the other person, not yourself. (If you are focused on yourself, you are upside down.)
That’s the ultimate drawback of the elevator pitch – it’s all about YOU instead of the customer, which is your company.
A good fishing line for ERM could go something like this:
“Hi, I’m Carol with ERM. We help management make risk-informed decisions quickly so they can be more confident in their choices.”
It’s inevitable that you mention yourself—after all, you must introduce yourself! But notice how this statement quickly pivots to who you are focused on helping and why.
This statement, or something similar, is descriptive while also being very short and to the point.
This intro statement could be universal save for a few tweaks depending on your company and industry.
The whole goal is to pique the listener’s curiosity, with the response hopefully being:
“Oh wow, that’s neat. How do you guys do that?”
Unlike the fishing line, responses to this follow up will vary based on company maturity, your reputation, and other factors. However, responses can be based on the following three circumstances:
- The company is beginning to implement ERM.
- The practitioner is new, but ERM practices have been long-established.
- Both the practitioner and the practices are well established.
For the first circumstance, the response will be something like “We’re getting started. We’re working to establish ourselves.”
For the second and third circumstances, come up with one or two sentences that describe how you interact with management to increase their confidence or inform their decisions. If the practitioner is new to the company, you can even add a disclaimer that you are still figuring out some of the details. 🙂
While responses will vary, how you deliver them will remain the same – short, descriptive, and always ending with a question about the other person.
That last point is something people commonly forget. Again, you want to be right-side up – it’s not about us, it’s about them.
They are the whole reason ERM exists in the first place!
If you know the person you’re talking to, some questions to them can include “What are the biggest things sitting on your plate right now?” or “When it comes to the challenge of ___________, describe what the ‘perfect’ solution would look like.”
Notice how none of these questions really use the word “risk,” as well as notice how they do not ask “what keeps you up at night?” (Nothing keeps me up, thank you. I sleep just fine!). That’s the key difference between modern ERM and more traditional approaches to risk management. The latter is simply about managing a list of risks while the former focuses on decisions and achieving goals. Nobody wants the list risk management, and everyone wants to achieve goals and make good decisions.
Of course, trying to do all of this on the fly can be difficult, which is why prior preparation is highly suggested.
Don’t walk into a meeting without knowing anything about who you’re talking to and their function in the company.
As the saying goes, you never get a second chance to make a good first impression.
Without this preparation, people will think ‘how can they help me? The person in charge doesn’t know anything!’
In the end, marketing ERM as a valuable partner and gaining a seat at the table ultimately boils down to learning how to think like management.
CEOs and other executives are not interested in processes. What they do care about are outcomes and the urgent things on their plate.
Short of this, if you’re not adding value, the spotlight will be on you, especially if company finances are tight and leadership is looking for ways to cut expenses.
I don’t say this to suggest fear of losing your job should be your motivation.
Instead, you want to do it because you want to add value and help move the company forward—help management think differently about their problems.
This means asking questions they don’t already ask themselves and NOT just giving them a list of top 10 risks to manage.
What other ‘right-side up’ strategies would you recommend practitioners use to market their ERM program?
I’m interested in hearing your thoughts. Please join the conversation on LinkedIn.
