Being a risk leader in your organisation is always a challenge. More than once I have been asked "How do you get a blustering, super confident CEO to slow down and listen to what we are trying to achieve in the risk function?" Unfortunately I don't have the silver bullet, however, here are a few tips which are explored in more depth in RMP's Whitepaper titled "Risk Leadership: How to be Heard":
1. Target - Identify all the stakeholders you need to influence. Identify the order in which you wish to tackle them. It is always best to get senior management buy-in first, however, sometimes that just isn't possible and you have to win over their key influencers before you can tackle them. Make sure you have a clear strategy.
2. Analyse - Indentify their main motivators, their hobbies and interests. Your best opportunity for engaging someone that does not already know you and trust you is to ignite their interest through something they are already passionate about.
3. Tangibilise - Risk management has so many intangibles. You need to do your best to make what you want to achieve seem tangible to your target audience. People comprehend best when you provide them with both visual and verbal descriptions. So draw a picture and tell them a story. Choose examples that are most likely to relate to their motivators, hobbies and interests you have identified.
4. Translate - Speak their language. I call it moving from "risk speak" to "c-suite speak" when engaging senior executives. Too often we simply blurt out what we know is needed in what we might consider to be simple risk language, however, it means almost nothing to our audience. Try talking "inherent risk" to a CEO. You know, the world without controls. You would agree, a better approach would be discussing the need to identify where we may be able to save some compliance costs by understanding which of our current controls are most important and which are not. You can then inch towards using risk speak as you gain their attention and then understanding.