With lots of variations and often duel reporting lines, CAEs must serve many masters
These risk silos can cause problems for companies, not only because they duplicate risk-management efforts, but because key strategic risks can go unaddressed or siloed thinking may be preventing the company from meeting its goals.
We recently caught up with Michael Gallagher, managing director at CBIZ Risk & Advisory Services, to talk about how these risk silos can crop up at companies, the dangers they present, and how organizations can dismantle them and manage risk in a more holistic way.
"Companies are required to manage risk throughout the organization, by process and by sub-organization. The silos occur when that process isn't coordinated across the company," said Gallagher. "So each individual, officer, leader, department, or location decides on their own way to manage risk and their own priorities, and they may or may not be linked to anything related to the company's strategic objectives. And that is a problem."
According to Gallagher, there are some red flags to look for that could be indicators of an environment where risk silos are likely to occur. "Some of the signals are policies and procedures in organizations that differ greatly by location, process, leader, or executive," he said. "Anytime you see schedules of authorization, levels of authorities, anything that is trying to determine approvals and authorizations and ways to talk about and quantify risk that aren't tied the company's strategic objectives are clear indicators of silos in the organization."
Gallagher says reversing course and dismantling risk silos is never easy, but there are some steps that can head them in the right direction, including the adoption of some form of enterprise risk management. "The number one benefit of enterprise risk management is to break down those silos," he said. "If the company can train itself on those methodologies and learn to talk about and manage risk using the same language, the same quantifications, and the same indicators across the entire organization—and if those ERM processes and policies are tied to the company's strategic objectives—you then have a leadership group and a level of management that is all pulling or pushing in the same direction."