Guest Post by Andrew Sheves (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
As a risk manager, you will often be asked to explain the RoI (return on investment) of you, your team, even the whole risk management program.
Effective risk management can help an organization grasp an opportunity and realizing an upside risk should generate a positive RoI.
However, when you are focussed on shoring up a weak system, plugging gaps and minimizing risks, showing an RoI can be hard. Even so, an inability to show a positive RoI in a cost-conscious environment can threaten investment in your team. It can even make people question the value of the program as a whole.
I had this time and time again when I was a security risk manager on a major LNG (liquified natural gas) project. This was my first job in the private sector, and I was struggling to re-orientate myself to everything boiling down to dollars and cents (among other things). I had no real way to calculate my RoI, far or less show a positive return. Luckily, I got a great tip from someone: I should still make it about money but to turn the question around.
Instead of RoI, they suggested I talk about LoI (loss on investment).
Highlight what you’re protecting, not what you cost
Framing discussions in this way allowed me to compare the potential losses – through accidents, incidents and material losses – to the cost of the security program itself. We were LoI positive as long as the losses prevented were greater than our costs.
And even when there were no dollar metrics available, I could equate the cost of the program to insurance showing that we were a minuscule ‘premium’ compared to the value of the assets ‘insured’.
I could have expressed our ‘savings’ as RoI, but framing our contribution as LoI really allowed me to demonstrate our value. We went from being thought of as a cost to being seen as protecting value even though we still weren’t generating income.
This approach helped explain our role in the overall project but it also helped unstick several security projects that were stalled because there had been no tangible RoI.
Helping exploit an opportunity is the optimum type of risk management and maximizing the upside will lead to a positive RoI. However, most of us are focused on risk minimization and mitigation before we get to that stage. In these situations, instead of talking about your RoI, start discussing your LoI.
This will help reinforce your contribution to the business and illustrate the value your team provides. Make this shift and I hope you’ll be as pleasantly surprised as I was with how this can improve the perception of risk management within your organization.
Andrew Sheves Bio
Andrew Sheves is a risk, crisis, and security manager with over 25 years of experience managing risk in the commercial sector and in government. He has provided risk, security, and crisis management support worldwide to clients ranging from Fortune Five oil and gas firms, pharmaceutical majors and banks to NGOs, schools and high net worth individuals. This has allowed him to work at every stage of the risk management cycle from the field to the boardroom. During this time, Andrew has been involved in the response to a range of major incidents including offshore blowout, terrorism, civil unrest, pipeline spill, cyber attack, coup d’etat, and kidnapping.
Andrew has distilled these experiences down to first principles to develop the KISS Risk Management framework, a straightforward, effective and robust approach to risk management. This aims to make high-quality risk management tools, resources, and training accessible to as many people as possible, particularly those starting out in the field of risk. He has also developed the dcdr.io risk management software platform and several online assessment tools to complement the KISS framework.
Andrew has an MSc in Risk, Crisis and Disaster Management from Leicester Univerity and has written articles for several publications including the RUSI Journal, ASIS Security Manager Managzine and the International Association of Emergency Managers Bulletin.
Leave a Reply