WHO IS GETTING MANAGEMENT BUY-IN FOR ERM?
The ERM implementation activities in Poland are mainly driven from the following sources:
• Governance stimulation, such as a supervisory board (board of directors) recommendation, governance (stock exchange), or audit good practices committees. For public administration units, the Public Finance Act states that there is an obligation to include risk management as part of managerial supervision.
• POLRISK Risk Management Association, since the beginning of its existence
• Internationally operated brokers in Poland.
• Risk management consulting companies.
• The companies themselves or head offices of international companies that are operating as subsidiaries or affiliates in Poland.
Our survey of 100 POLRISK members showed that a lot of interest in ERM in Poland is generated by various specialists or senior experts related to business continuity management, information technology (IT), physical security, operational risk, project risk management, internal audit or internal supervision from commercial and public sector, internal control, and legal attorney, but rarely pure insurance managers. Some board members or directors showed interest, but not many. Professional consultants who participated in POLRISK discussion panels or workshops told us that they had problems with communication and explaining ERM concepts to the boards.
We decided to explore the challenges of communicating with boards, and after discussions with executives it appeared that the key aspect is the context in which ERM is presented. We have identified that problems with executive communication are related to two main personality profiles in business. The first is that it is difficult or almost impossible to be both a good manager and an expert in the subject matter simultaneously. Why? The main difference is how decisions are made: The expert needs almost a 99 percent certainty to give a recommendation on a specific solution, system, or expertise. In turn, the manager operates and makes decisions with more uncertainty involved – it does not matter if there is a 60 percent certainty or an 80 percent certainty. The point is that this substantial difference requires the development of different skills.
The decision of an individual to pursue or develop a career toward being a highly skilled executive or an effective manager means resignation from being an expert, which means in turn also abandoning the expert's mentality and way of making decisions. And when in corporate reality those two mentalities meet on boards, audit committees, or any executive meetings, those differences arise and are reflected in attitudes, wording, and beliefs. For managers, the uncertainty of making decisions is normal – they may even pursue it. Experts, however, when talking about uncertainty while presenting ERM, use terms like "mitigate" or "avoid" risk in a different context. They are not decision makers, so they do not understand that anyone who makes important business decisions accepts that there are regulators, audits, internal competitors, and the like who may second- guess the decisions of any given manager.
Therefore, the pure concept of documenting all assumptions, risk analysis, and consequences of decisions seems to be ERM utopia, as no manager would like to deliver any formal evidence or proof for potential corporate enemies or competitors that the decision was made despite high risk – because this may later be easily judged as incompetence and could be used to terminate the manager's contract immediately. So, paradoxically, not documenting everything is in fact the behavior of good personal risk management. This we know from several very experienced managers we interviewed. Why are we saying this? The reason is that ERM buy-in is often promoted (we assume this is the case not only in Poland) by experts or consultants rather than by pure managers – and hence problems with communication, mentality, and business justification arise. The manager is bold, risk taking, and brave by nature, whereas the expert is more risk averse, cautious, circumspect, and risk avoiding by nature.
This is a paradox. ERM is often suggested and promoted by experts who do not like to take risks and are not making important decisions. Successful ERM has been driven by CFOs or CEOs who are passionate about ERM – we directly know that this is the case. So perhaps awakening a passion for risk management in CEOs or CFOs is the right way to go. When we include the differences in experience of both groups of professionals, it is very hard to find a common understanding even on an interpersonal level, excluding knowledge of risk management itself.