Avoid the Scramble: Proactively Plan for Changes in Risk Owner

Wouldn’t it be nice if a risk simply went away when the risk owner left the organization or changed roles?

Okay, now wake up from that dream…this doesn’t happen in real life.

As a previous article on assigning a risk owner explains, the ERM unit does not actually manage risks. Instead individual(s) who are close to or have extensive knowledge of the specific situation take ownership or responsibility for managing certain risks. Basically speaking, the role of the risk owner is to ensure someone in the organization is accountable for the risk and that resources are available for managing it.

But life isn’t static…

Just because someone has been assigned to monitor, manage, and report on a particular risk doesn’t mean it will always stay that way. Perhaps this person receives another job offer they can’t refuse, they move onto a different role within the organization, they retire, or they have to leave for personal reasons.

Whatever the reason for their departure, the risk will still be there for the organization.

Consequences for not replacing a risk owner can include:

  • Compliance/fines – if the risk owner was responsible for complying with certain laws or professional standards or handling filings, the company could get in serious trouble with a regulator or professional standards organization.
  • Safety/job injury – if the risk owner was responsible for implementing new protocols to keep workers and others safe, there could be a tragic accident if these important tasks fall through the cracks.
  • Strategic implications – if the risk owner was managing a big initiative related to the strategic plan and making decisions based on projects’ inherent risks, the company could fall short of its goals. Also, long-term opportunities could leave with this person too, especially if their knowledge or idea is not documented.

As Douglas Hubbard points out in his book The Failure of Risk Management: Why It’s Broken and How to Fix It:

changes in risk owner

This of course is just a sampling of consequences. At best, if ERM is not proactively preparing for the departure (planned or otherwise) of a risk owner, you will be scrambling to fill the void this person leaves behind.

What can be done to avoid the negative consequences of a risk owner leaving or changing roles?

Life comes with all sorts of surprises…risk owners are no different.

Sometimes there can be time to prepare for this person’s departure, but sometimes there isn’t. If the risk owner was in a fatal accident or otherwise suddenly no longer able to fill their role, ERM will have to scramble to find a replacement and any specific knowledge about the risk will be lost too.

The best thing to do then is to prepare…to have a Plan B ready as soon as the risk owner assumes their responsibilities.

For example, the possibility of a sudden, unexpected departure is why in-depth conversations at regular intervals are so important, especially if the individual has extensive knowledge about the risk.  As Julian Talbot explains in this article on uncertainty:

You must have a Plan B already in place (including any resources) before you press the “Go” button on Plan A. If you wait for Plan A to fail before you develop Plan B, you’re reacting [emphasis added] to a crisis.

One thing you will consistently hear me talk about is being proactive, not reactive. So whether it is about decision-making or managing individual risks to the organization, being proactive pays off in the long-run.

Therefore, in addition to knowledge transfer, below is a list of some other things to consider, preferably when you are in the process of assigning the risk owner:

1.  Find a successor for the risk(s) this person will be managing. If the individual is responsible for multiple risks, it’s okay if they are broken up and assigned to multiple individuals. This could take the form of what’s called a “stretch assignment” for someone internally or an external consultant can be hired to help with the risk until you are able to find a permanent replacement.

2.   If the risk owner sits on a committee or provides an advisory or decision-making role, your company will be missing a valuable perspective. For example, losing a long-time CFO or Controller with extensive knowledge about the company and general financial matters could be a huge setback, which is why regular, in-depth conversations are so important.

Also, if this individual is a senior executive, you will have to consider more than just any risks they may be responsible for, but also any decision-making or risk culture leadership they provide. What if the individual is a key supporter or sponsor of risk practices? Who will be the walking, talking example of embedding risk into daily practice?

3.   Reevaluating the status of risks is something you and the risk owner should be doing regardless. In so doing, you may discover that the risk has been handled to the point that it doesn’t really need an owner anymore. Remember, not all risks will require an owner. In fact, trying to assign someone to manage every identified risk will be overwhelming and counterproductive.

In the end, preparation is key to avoiding scrambling when (not if) a risk owner leaves the organization or otherwise no longer able to fulfill this responsibility. Be proactive to ensure there is smooth and orderly transition and be a good example to others.

Has a risk owner unexpectedly left your organization? Did you have a Plan B in place or were you forced to scramble to find a replacement?

Check out my previous article to learn more about what you need for assigning a risk owner.

I am also interested in your thoughts and experiences on this important topic, so please feel free to leave a comment below or join the conversation on LinkedIn.

And if you are struggling to develop a game plan for when a risk owner leaves your organization, or you are in need of some outside help to ensure the risk(s) are still being taken care of, reach out to me to discuss your unique situation today.

Featured image courtesy of Andrea Piacquadia via Pexels.com

Posted in

Sign Up For Our Newsletter

Sign Up For Our Newsletter


Meet Carol

Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.

Most Recent Posts

The 12 Days of ERM Christmas

Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…

Read More

Don’t Let Goals and Initiatives Be Blindsided by External Events

As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…

Read More

Going the Distance: Ensuring Successful Execution of Strategic and Annual Initiatives

Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…

Read More

Avoid Rookie Mistakes and Protect your Internal Reputation

Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…

Read More

ERM at Thanksgiving – An Illustration of Risk Management in Action

On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…

Read More

Why Quantitative Risk Assessment is Not Just the Best But the Only Option – A Conversation

Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…

Read More

The Three Lines Model – 3 Reasons Why I Don’t Like It

Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…

Read More

5 Avenues for Expanding your ERM Knowledge

One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…

Read More

Storytelling and Risk Management – Developing Skills that Technology Cannot Replace

It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…

Read More

3 Phases to Creating and Launching an ERM Program Focused on Organizational Success

If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…

Read More