You suspect you have a problem. You hire a professional to explain what’s wrong. And all you get in return is generic, impersonal advice that you cannot act upon. Now you have more problems.
That’s what happened recently to one professional services organization in the U.S., which assists many of the nation’s biggest companies. After hiring a large consulting firm to conduct a risk management assessment, senior leadership was left with an uneasy, underwhelming feeling.
The assessment, conducted through balloting software, had resulted in rudimentary, focus group-like thinking and did not do a good job of prioritizing risks specific to the company’s culture and management team. The executive team felt they had wasted a lot of time and money on general advice that didn’t resonate with management, and quickly shelved the recommendations.
The risk management plan the internal audit director received zeroed in on closing loopholes in acquired companies, system consolidation, IT and employee training, data scaling, and maintaining regulatory compliance. It also included metrics to track changes in risk levels over time and ways to evaluate new risks without causing an excessive burden on management.
Unlike the first assessment, this project succeeded in determining which risks mattered most and helped the executive management team come to an agreement on priorities, especially in the areas of IT and sensitive employee data. It brought everyone on the same page with regard to the risk areas that could be improved upon and provided them with the tool to do so.
For the internal audit director, the risk assessment was her first big victory in helping the company get its house in order, and it demonstrated her ability to deliver and partner well. For other stakeholders, the assessment and risk meters Protiviti helped put in place represented a specific improvement that was enthusiastically received and instantly beneficial. It improved the company’s efforts at managing risk by becoming a part of the executive fabric, rather than a folder on a shelf.
Most important, the project brought the executive suite together to discuss risk topics for the first time as a team, generating valuable group insights and consensus on how best to drive the company forward.