Looking back on the key messages from World Risk Day, 2013…
“The more innovative our products have become; the more risk we must take… The alternative to risk management is luck and fate.”
Christoph Schwager, Chief Risk Officer, EADS
World Risk Day 2013 brought together risk experts from a range of industries to share best practices via its global virtual summit on May 14th. The day provided a snapshot of the latest practical ideas in risk management which can be applied to all types of organizations.
Christop Schwager, the CRO of EADS had some very interesting points about the need for a holistic approach to risk. The Aerospace and Defense sector is all about risk. There is inherently more risk in innovating and delivering hi-tech A&D products than, for example, building houses, getting fresh bread onto supermarket shelves or mass producing widgets. So EADS is at the forefront in innovative risk management thinking and practices.
EADS has evolved its governance models to take a ‘3 lines of defense approach’ for risk.
The first line of defense is provided by operational management as you might expect. The people involved in projects and day-to-day operations are closest to the risks and opportunities and are always going to have the most in-depth knowledge based on their skills and experience.
The trick to make the first line effective is for senior management to create the culture where all employees see risk management as part of their day job, and to provide a system that’s so easy to use that it doesn’t become a barrier, yet can support the business’ variety of risk, compliance, health and safety needs with single data input.
The second line of defense is provided by the risk professionals in the risk management team which is deployed through the organization. Their job is to keep risk on everyone’s agenda and to provide the expertise to make the process and system run smoothly, while meeting the risk information needed at each level in the business. This group now needs a variety of skills such as empathy and communication, coupled with the strength and tenacity to make sure risk is reported upwards, but that ownership remains in the business and is not transferred to the risk team.
Internal Audit has traditionally had an important role in risk management but it has now moved to provide the third Line of defense in organizations like EADS. The Internal Audit team look at the controls in place and their level of effectiveness. Taking a holistic view of risk management now provides the added benefit that the risk picture built up can be used to focus the Internal Audit team’s efforts. Audits can be targeted on the projects and areas of the business with the highest risk levels which could have the greatest impact for the organization as a whole if they occurred.
To find out more about the 3 lines of defense approach to risk management, attend the repeat of the EADS CRO’s World Risk Day webinar. Register for the webinar which is on July 23 at 4pm UK/11am New York time here.