Achieving results through strategic risk management maturity

On Wednesday at the RIMS annual conference in New Orleans, I’ll be moderating and contributing to an important session with Gert Cruywagen, a leading risk leader from a South African hotel and casino enterprise and Betty Simkin, a leading finance and risk professor from Oklahoma State University who recently co-authored a significant text on case studies in successful “progressive” risk management. The session will highlight stories reflecting alternate versions of risk management maturity and success in the discipline.


I use the term “progressive” because whether you practice “enterprise risk,” “strategic risk” or “integrated risk,” it is my view that it all boils back to what “risk management” should have always been. In other words, while so much of the history of the discipline has revolved around the insurance mechanism as the primary, often exclusive, source of risk “treatment,” the most significant results achieved by risk leaders have more often been outside this box and involved risks (often strategic and operational) that do not lend themselves to insurance treatment. Aside from this fact, using the insurance/self-insurance mechanisms and strategies remains a very important tool in the arsenal of leading, accomplished risk professionals.

This session will begin with a review of a brief state of the union of risk management around the world. We will highlight, among other things, the RIMS’ risk maturity model that was so thoughtfully developed several years ago by a group of risk leaders with their own success stories, and who thoroughly vetted the seven components of “risk maturity” that they believe are most impactful in producing meaningful results for companies. Consider employing many – or even all – of these techniques to influence your own risk management program’s results. These techniques include:

  • A truly enterprise-wide approach to risk management
  • Use of repeatable and scalable processes
  • Use of a risk appetite framework and/or strategy
  • Use of root cause analysis
  • Attention to emerging risks and exposures
  • Use of a risk-performance approach
  • Emphasis on building and sustaining a resilient enterprise

Of course, there are many sources for defining risk maturity, each of which has its own take on this question; that diversity is what makes the discipline so vibrant and dynamic. As I like to say, there is no single approach that leads to great results. With that in mind, we’ll also be talking about the prevailing opinions and concerns of senior leaders and boards of directors, as shown in recent research, with respect to what they look for in risk management functions and leaders, and where the current opportunities lie in their organizations; we’ll look at what these stakeholders have to say about successful, mature and results-oriented risk management. While most stakeholders take a more narrow view of this question tied to their area of expertise and focus, the success of all risk management functions is highly dependent on a strategy that engages and leverages the views and talents of key risk stakeholders throughout an organization when developing and deploying a risk strategy and the many tactics that bring that strategy to life.

So while risk maturity implies success, not everyone can claim a successful experience. We’ll delve into areas that represent the pitfalls to be avoided in pursuing risk management excellence, enabling attendees to learn from the mistakes of others – mine included. You may have a “mature” risk program that succeeds more slowly over time, rather than producing the marquee results that matter most to many organizations. Any strategy deployed for any length of time will have its share of accomplishments, but “success” is really in the eyes of the beholder. To that point, understanding who your stakeholders and key constituents are is critical to true successful maturity, a term that we’ll put definition to and help refine. We’ll clarify what success looks like by exploring a set of elements which mean the most to the typical key risk stakeholder community. Here’s a peek at the elements I think are most impactful and important to senior leaders and boards:

  • Process consistency
  • Process rigor
  • Semantic interpretability
  • Communication clarity
  • Balanced measurability
  • Downside protection as job 1
  • Value creation
  • Embedded risk culture
  • Managing to appetite parameters
  • Aligning, if not integrating with, strategy and objectives

Of course as all risk leaders know, the discipline is daily faced with challenges and opportunities. In fact, most challenges are opportunities to be accepted if not exploited. We’ll spend some time addressing both. Attendees will leave with a clearer sense of not only what risk management success really should mean, but how several successful organizations have, in their own unique ways, achieved a level of successful maturity that works for them. And if no other point lands on solid ground with attendees at this session, it is that there is no one right way; if you don’t build your risk strategy and framework around the priorities of your organization, you’ve likely missed the boat.

Hope to see you at our session on Wednesday from 11:30-12:30, room 222 in the convention center.

Chris Mandel, SVP, Strategic Solutions

Back to Blog
Back to top