Diana Graham, chief risk officer at ResMor Trust Company, will be one of the speakers at the upcoming Enterprise Risk Management Canada Conference, held October 2-3, 2012, in Toronto. (Business Finance is a media sponsor for this event.) In this preview interview, she shares some of her experiences in building a successful internal risk culture that involves individuals from every level of the organization. Key to this success, she believes, is developing transparency across these risk buckets to enhance communication and minimize potential gap risk from falling through the cracks.
The past 24 months have seen a number of man-made and natural disasters bring risk management demands to the forefront of executives and board directors. This in turn has created a renewed interest in enterprise risk management (ERM) practices. How can organizations ensure a culture of risk awareness is put into place?
Diana Graham: Get a commitment from senior management that encouraging a risk culture throughout the organization is a priority. Put together a communication strategy that can include newsletters, lunch-and-learns, speaking at head office and regional business meetings. Look at the gaps or challenges in your risk appetite and material risks for ideas on where to focus your efforts.
What role should finance play in this area?
Graham: Ideally, risk management would be included as a business stakeholder in budgeting decisions when areas seek to streamline operations resulting in the elimination or weakening of controls.
Risk management should be an influencing stakeholder regarding certain compensation decisions, i.e., risk management targets in areas outside risk management and weighting of the risk management segment in balanced scorecards. Additionally, risk management should sign-off on all new product/new business decisions.
Can you characterize the difference between Canadian and U.S. companies regarding their ERM strategies?
Graham: Canadian companies tend to be more conservative than those in the U.S., so there may be more of a foundation in place across the organization. Generally, I have found that there is a "healthy tension" among stakeholders in Canada as opposed to that found in the U.S. in building a risk culture. While the need to incorporate the board of directors within the ERM framework is a global challenge, Canadian companies' cultures are more open to implementing risk structures and processes at every level of the organization.