> continued
7 The IERP® Monthly Newsletter July 2018
When he joined KPS last May, one of his initial priorities was to realign their risk management frameworks and processes with ISO standards in order to improve their efficiency. He also wanted to make things more practical and easier to understand—a necessary step that would help to establish a common risk language at all levels of staff and management.
That common risk language is essential to resolve the two common challenges he has encountered throughout his risk management career: convincing top management of the benefits of risk management, and amending corporate culture to be more risk-aware. He notes that, in his experience, providing structured, practical training to all levels of staff has proved vital for developing risk culture in an organisation.
But the difficulty in changing corporate culture towards risk awareness is that it requires changing perceptions at the top levels of an organisation. Mr. Shahari observes that some people think risk management is a waste of time and money: “They don’t see the need for risk management and Business Continuity Management until something happens.” He tells of a past experience where a risk that had been identified on a risk register actualised and became a crisis. But because the company he worked for at the time lacked the proper processes for BCM, “it became a fire-fighting situation.” He views BCM as an essential component of ERM: “There are [negative] risks you can’t mitigate, but still, even then, you have to minimise its [possible] impact.”
It’s telling that the most common challenges he’s faced involve the management of people. Though Mr. Shahari states early on that he has to be impartial when it comes to risk management—so much of risk management has to do with doling out hard truths—he recognises the need for, in his own words, “a personal touch.”