Being able to clearly articulate the benefits to all stakeholders in your organisation is critical to getting any new risk management software project across the line.
Understanding your stakeholders is key to building empathy and making sure you position the project in the best possible light. We've prepared scenarios for your Line 1 business owners, Line 2 risk managers and boards/risk committees to help you understand their needs and how a risk management product will help them.
Lee is finishing up work on Friday evening and looking forward to quality time with his family over the weekend. Just before closing his laptop, he receives a text from the CEO: "The regulator is coming in on Tuesday and wants to discuss your business, the state of the risk and control environment, and progress made since their last visit. Be ready for a dry-run on Monday."
Lee isn't sure where to start. He reluctantly calls his leadership team into a planning call on Saturday morning. They provide Word docs, Powerpoints, Excel spreadsheets, PDFs, and emails - all showing similar but different information about the overall business.
Lee spends the next two days trawling through the documents, synthesising information and summarising it into digestible content and narrative.
Confidence level over the information is not high, but it’s the best Lee can do in such a short timeframe.
Across town, Alex is settling in for a Friday night movie with her family, when she receives a similar text. She acknowledges the text and continues to enjoy the night’s viewing. On Saturday morning, Alex runs four reports from the Enterprise Risk Management System, Protecht.ERM:
Seeing a few red metrics, Alex drills through to understand the detail as these will likely be a point of discussion. There are some specific questions the leadership team will need to answer, so she quickly exports a PDF and sends them to the relevant people to action.
On Monday, Alex is ready to go.
John, the CRO of a medium-sized financial services company, starts his day early at 5.00 a.m. It's risk reporting day and the risk committee and board papers must be in by lunch. John starts by checking he's received all the responses to his email requests for information and begins opening the spreadsheet attachments. He notices fields missing and that formula field have been overwritten by a colleague.
Already stressed, he must now consolidate all the spreadsheet data into the "Master" spreadsheet, taking care to use the right version.
All this must be completed before he can create the pivot table that allows him to add colourful charts to the word document and PowerPoint for the board.
Across town, Amy is enjoying a relaxed breakfast with her family and sees them off to school before starting her day as CRO of a similar company. Amy opens her Enterprise Risk Management System, Protecht.ERM. Her "My Tasks" screen shows that all but one action is outstanding –a compliance attestation from HR.
A quick follow up ensures that's completed by 9.00 a.m. Next, she reviews the Board and Risk Committee reports showing all the data in preconfigured dashboards. Amy looks for the key message in the report, focussing on the red items. With a few clicks, Amy identifies the reason for the red items and writes some minimal narrative to explain their causes and what actions will be taken to remediate.
She looks for trends in the data and correlations between different parts of the data. She adds these insights to the report narrative to provide the board with valuable forward-looking commentary.
By 10 a.m. all the data is in, the reports reviewed, and the narrative added. Amy quickly exports the reports to PowerPoint as the Board prefer this format. She has time for a morning coffee break before her next meeting.
Robin is closely watching the final days of the Government Inquiry on television. The final week is focussed on the role of the Board and questioning the Board's Chairman.
As a Board Chairman herself, Robin is paying attention to the questions, such as: "...how do you gain comfort that management are reporting the material risks to the Board? Show the court how you demonstrated sufficient oversight and challenge over management. How could you not know the risk culture of the organisation was so toxic?"
Dreading the thought of being called to a similar inquiry, Robin asks herself the same questions of the Board she chairs.
On reviewing the upcoming Board pack, Robin is not convinced she'd have any real evidence to prove the Board had met all their obligations. She's also not sure she could comfortably answer the questions in the absence of such evidence.
Not far away, Kim, also the chairman of a Board, is watching the same inquiry. While empathising with anyone required to answer a Government Inquiry, Kim also asks himself the same questions.
He reviews the upcoming Board pack. Section 1 outlines the Risk vs Reward Report, where he can clearly see the comparison between how well the company is performing against Key Risk Indicators and Key Performance Indicators, ensuring the discussion focuses on sustainable growth. Section 2 is the detailed Risk Appetite Report, where three red metrics have been escalated for discussion and action at the upcoming meeting. He can see that Management have already raised issues for these metrics, but Kim has some additional challenges to put forward. Finally, Section 3 includes the Risk Culture Dashboard and results of the recent Risk Culture Survey.
There seems to be an increasing trend in overdue actions, which is something Kim circles for discussion at the meeting.