Being an enterprise risk management (ERM) consultant for close to a decade now has forced me to wear many different hats, one of which is marketing.
At some point in this sub-journey within the larger consultant journey, I stumbled upon The ASK Method marketing system developed by Ryan Levesque. The main idea behind ASK is to use surveys to discover the words your target audience uses to describe their wants, needs, and challenges.
This is important, as you can imagine, because who is going to click ‘buy’ for something or otherwise engage with someone if they either can’t understand or relate to what they’re telling them? No one. Period.
If you simply use technical jargon, it will be impossible to make connections that are so necessary for success – this is Marketing 101 type stuff.
Here’s the interesting thing – the same thing can be said for words ERM professionals use when talking with business representatives.
If you’re using terms that only attendees at a RIMS ERM conference or NC State ERM Roundtable Summit are going to understand, you will not be able to develop the crucial factors of ‘know, like, and trust’ ERM practitioners need to be truly impactful.
All the tools, tech, and processes, no matter how robust, are utterly useless.
Most practitioners, including myself once upon a time, would address this dilemma by thinking that they need risk training…so they can understand terms like impact, likelihood, risk velocity, heat maps, risk appetite, or controls mean. The problem with this approach is that it makes ERM practitioners sound like the unforgettable teacher from Charlie Brown…
The end result is the same – frustration by both parties and mistrust by the business leaders.
We shouldn’t expect business leaders to read practitioner-focused articles like mine, Norman Marks, Tim Leech, or Hans Læssøe to understand our jargon. They’re busy running their business after all – as they should be!
Besides, if you read any of those thought leaders for very long, you’ll notice there’s intense debate around terminology, including the use of the label ‘risk management’ for the practices being discussed.
One of the main points proponents of changing this name cite is how basic terms like ‘risk’ and ‘management’ mean different things to different people.
For example, the companies I primarily work with – insurance companies – will think they’re already handling ‘risk’ because, well, that’s the business they’re in. Or take management – many automatically assume that exclusively means ‘mitigate.’
We may understand ERM’s ultimate purpose is to be ‘objective-centric,’ that is, to cut through the fog of uncertainty to ensure the company is meeting its goals.
But as Roger Estall and Grant Purdy explain in their book Deciding:
’Risk management’ is a much heard expression these days. Despite having no consistent meaning or form, organizations are encouraged by its advocates (often to earn their living) to adopt its complicated structures AND LANGUAGE, ostensibly to address uncertainty. And yet, despite the investment and inconvenience that is involved in pursuing ‘risk management,’ achieving sufficient certainty is seldom the result.” [EMPHASIS ADDED]
To address this discrepancy and begin helping the business achieve ‘sufficient certainty,’ start by remembering two of the key personas of an effective ERM professional – facilitator and communicator.
The core of our profession is (…or at least should be) to facilitate informed decision-making in pursuit of strategic and business objectives, which is why when someone asks what Strategic Decision Solutions does, my answer is:
“We help insurance company leaders understand areas of uncertainty to help them achieve their goals.”
Facilitating the achievement of objectives inevitably involves effective communication.
Even though our role is ‘risk,’ you don’t want to come out and just ask ‘what are your biggest risks?’ because, like we said earlier, risk can mean different things to different people…plus, what’s significant for one business function may not be a big deal for the broader company.
Besides, that’s taking a very ‘risk-centric’ (downside) view instead of an ‘objective-centric’ (upside) view. The original version of this article, while still relevant in some respects, was very oriented toward the former.
With that in mind, instead of asking what the business’ top risks are, the first question should be ‘what is the business here to do?’ or ‘what does the company want to achieve?’
Before going any further, make sure everyone is on the same page on the objective.
From here, the questions should focus on what could prevent the business from achieving the objective, what are they relying on being in place (dependencies), what assumptions are being made, what challenges are you experiencing right now that may influence this objective, and what are worst, best, and likely scenarios.
Asking questions like these and keeping conversations focused on the business’ activities and how they function will automatically help the most significant risks become readily apparent.
To do this effectively or rather, ask questions in a way that will yield the best insights, start studying scorecards or operating metrics that leaders use to run the business and understand how the metrics fit into the bigger picture.
Do this type of analysis for your company but also get to know your industry and competitors. Understanding your company’s unique value proposition will enable you to communicate effectively with the business.
You may be thinking…but there is SO much to learn about the company. There is no way I can learn it all in a timeframe to be effective.
Do not fear. There are a couple ways to approach this dilemma.
If you have a multi-person ERM team, think about designating a team member to become a subject matter expert (SME) on assigned business functions. Move away from an ERM ‘roles and responsibilities’ approach and towards having people well-versed in the entire ERM lifecycle who focus on different areas of the company.
As I explain in this previous article on the first steps of any risk and strategy conversation, understanding the business and using their language instead of risk jargon helps build trust.
It shows that you care enough to take the time and get to know the business, making you a valuable partner in helping them achieve their goals and not just another box to check on some endless to-do list.
What tactics do you use to learn and subsequently integrate business terminology into your ERM activities?
Please join the conversation on LinkedIn to share your thoughts on using business terminology vs. risk terminology.
If you’re struggling with facilitating and communicating about ERM and its role in the company, please reach out to me to discuss your specific situation, goals, and potential solutions.