It can be challenging at times when people assume that just because we are risk practitioners, we must automatically have all the answers when it comes to risk. We don’t.
It’s not that we’re flying blind though…
The comparison or analogy that fits here is a toolbox…
If you’re newer to ERM, perhaps just out of school or transitioning into the practice, your toolbox will be mostly empty, with tiny versions of tools (experiences) you can use again. Why? You may understand a lot of ERM theory, but you have little to no practical experience to draw upon.
However, as this experience grows, your toolbox gets fuller and needs to get bigger, eventually morphing into one of those huge rolling toolboxes you see in a garage. Similar to an experienced auto mechanic, your years of experience will enable you to quickly identify not only the tool(s) needed, but also how you’re going to use them to get what you need.
Again, contrary to what others might say, this doesn’t mean you need to know everything…
In the context of ERM, people frequently have this expectation that an ERM director or practitioner must know what the proper response to a risk should be in every situation.
This is impossible, because as I repeat often, every company is different, even within the same industry.
While a practitioner can lean on their experience to make the best judgement call possible, they are also not going to be privy to every conversation about the subject at hand, especially if it involves a hot-button topic. Your experience can probably confirm this, but passions can run pretty high, especially when discussing the future course of the company and how it will navigate risks along the way, which is why strong relationship skills are so important.
Again, every company is different.
Company A may have a higher appetite for risk-taking, so a particular mitigation may not make sense for them as it would for Company B that is more risk averse. No matter their number of years of experience, a risk practitioner will not have this answer right out of the gate.
Taking this a step further, a risk practitioner should not be expected to know or give assurances that a particular technique is going to work perfectly. Why? 2 reasons: 1) the unique characteristics of each company have a huge impact on whether a particular approach will work or not and 2) the execution and timing of a particular approach impacts the effectiveness (no pun intended). A highly experienced practitioner should not be embarrassed to recommend that the company run a pilot on any new process to test how well it works, how data is gathered or how well the business takes to the process.
In addition to the risk response decisions, it’s also unrealistic for company leaders and other stakeholders to expect the practitioner to know the ins and outs of every risk. Yes, it is important to have some basic knowledge, but the real subject matter expert – the business leader who owns that risk – should know the risk inside and out. They will be the one(s) who can have impromptu discussions on root causes and other factors driving a risk.
As I’ve learned in my career as a consultant, an “insider-level” of knowledge about an industry can be helpful to know how other companies or industry-specific processes typically work, but that knowledge can also lead to decision-making biases and other constraints.
Although a risk practitioner should not have to know everything about a company’s risk, there are still expectations.
As Albert Einstein stated in the late 1940s,
“You don’t need to know everything, you just need to know where to find it.”
This segways nicely into what a practitioner should know.
One thing Einstein was famous for was he would not remember anything he could look up, including his own phone number according to legend.
When it comes to the ERM practitioner, what they do need to know is how to elicit the right information at the right time.
Going back to the toolbox analogy:
- What tools need to be brought out at a specific time?
- What questions need to be asked?
- Who needs to be at the table?
An example: you’re in a meeting or workshop with executives and have some questions to get clarity before a decision is made.
Do you automatically set up a separate meeting to ask your questions? No. Why? CEOs and other company leaders typically run on pretty tight schedules, so they often don’t appreciate having to take time for another meeting on a topic that was already discussed.
Instead, by knowing which tools to use from your toolbox, you do this: find a good time in the conversation to nicely interject and state that you have a few questions. Acknowledge everyone’s time is valuable, then offer two alternatives – would they prefer to discuss the questions now or in a separate conversation? If they say they would rather talk about it now, you pull another tool out of the toolbox, so you can exercise caution on how you ask those questions without creating awkwardness or discomfort.
This topic illustrates the importance of learning, or to have what many coin as a growth mindset. In fact, this story explains how being an effective learner is the ultimate “meta skill” of the 21st century.
Does your company express unrealistic expectations on what a practitioner should and shouldn’t be able to do or know?
If there are experiences from your career that you think would be helpful for up-and-coming risk practitioners to understand, please don’t hesitate to join the conversation on LinkedIn or send me a LinkedIn DM.
Also, this topic is a hint of the panel discussion during an upcoming webinar I’ll be moderating in partnership with UCLA Extension. Join us Thursday, September 12th from 11am-12pm Pacific (2-3pm Eastern) to learn more about the many routes you can take to becoming an ERM professional. Click here to register (required).
If you’re struggling to understand what you need to have to be successful as a risk practitioner, please feel free to reach out to me to discuss your status and future plans today!