The IERP® Monthly Newsletter July 2018 6
From a casual glance-over of his career profile, it’s clear that Mr. Mohd Shahari Idris doesn’t shy away from challenges. From PERNEC Corporation to Bank Simpanan Nasional (BSN) to Felda Global Ventures (FGV), he was often in charge of large-scale changes, whether to develop Enterprise Risk Management frameworks, set up risk or transformation departments, or implement integration initiatives. At BSN, for example, he successfully developed and implemented their Shariah Risk Management Policy and Shariah Non-Compliance Reporting Procedure – though he had no prior experience in Shariah-related risk and Shariah Non-Compliance.
Mr. Shahari began his career as an internal auditor, and has also worked in different functions, including compliance, corporate strategy, customer relationship management, and marketing. When he was introduced to risk management, he saw that there were huge opportunities in the developing discipline in Malaysia. Now, as Director of Risk Management for Kumpulan Perangsang Selangor, he oversees the ERM, BCM, and Risk Governance functions for the company as well as its subsidiaries.
subsidiaries.
When he joined KPS last May, one of his initial priorities was to realign their risk management frameworks and processes with ISO standards in order to improve their efficiency. He also wanted to make things more practical and easier to understand—a necessary step that would help to establish a common risk language at all levels of staff and management.
That common risk language is essential to resolve the two common challenges he has encountered throughout his risk management career: convincing top management of the benefits of risk management, and amending corporate culture to be more risk-aware. He notes that, in his experience, providing structured, practical training to all levels of staff has proved vital for developing risk culture in an organisation.
But the difficulty in changing corporate culture towards risk awareness is that it requires changing perceptions at the top levels of an organisation. Mr. Shahari observes that some people think risk management is a waste of time and money: “They don’t see the need for risk management and Business Continuity Management until something happens.” He tells of a past experience where a risk that had been identified on a risk register actualised and became a crisis. But because the company he worked for at the time lacked the proper processes for BCM, “it became a fire-fighting situation.” He views BCM as an essential component of ERM: “There are [negative] risks you can’t mitigate, but still, even then, you have to minimise its [possible] impact.”
It’s telling that the most common challenges he’s faced involve the management of people. Though Mr. Shahari states early on that he has to be impartial when it comes to risk management—so much of risk management has to do with doling out hard truths—he recognises the need for, in his own words, “a personal touch.” He recalls a time he was kicked out of a meeting by a boss for pushing for an unwanted plan, only for the plan to be approved two weeks later after a productive chat with the boss in the Surau. Creating structures and processes is one thing, but convincing the relevant decision-makers of the strategic necessity of certain steps to be taken is another. “Risk management is an art, not a science,” he says.
Recognising that managing risk is also about managing business in general, he hopes to establish a more forward-thinking ERM approach at KPS, without an over-reliance on analytics. KPS, which has engaged in regular corporate exercises over the past few years and is geared towards further growth, currently seems to be an appropriate company for Mr Shahari to utilise this approach.
Whereas in FGV his job scope was more focused, the diversified assets of KPS—in manufacturing, trading, licensing, infrastructure and utility, oil and gas, and telecommunications—make his responsibilities all the more varied and difficult. “I would say that’s my top challenge here: keeping abreast of the diverse industries, and also keeping abreast of the factors affecting each industry and business.” At the same time, he credits KPS Management and the Board Risk Committee for their support in ensuring good risk governance is applied throughout his tenure.
But Mr. Shahari seems to be taking it all in stride: “Job knowledge is job satisfaction,” he states. That is, being informed at all times allows him to not only be an effective risk manager, but also to make the most of his job. He emphasized that a risk manager can’t just look to internal factors in an organisation; they also have to look to the external: market volatility, geopolitical risks, and so on.
An exclusive interview with Mohd Shahari Idris, Director of Risk Management at Kumpulan Perangsang Selangor, on risk culture, career changes, and challenges in risk management.
Director of Risk Management, KPS: "Risk management is an art, not a science"
Interview with a Risk Practitioner