The 20 Minute Risk Manager

How to make an effective risk management presentation

Mark Little
The Berkman Letter
5 min readAug 15, 2018

--

The agenda for the quarterly senior management meeting has 20 minutes for “Contract issues.” How to make the most of those 20 minutes when there are so many “contract issues” confronting the organization? The 20 Minute Risk Manager outlines how to make an effective risk management presentation.

Contract managers, lawyers, and compliance officers must make the leap from issue management to risk management. Risk managers think holistically about the organization and the risks senior management must address. Risk management involves the identification, management and treatment of uncertainty related to an organization’s objectives. Risk is the likelihood (or probability, if quantified) of consequences (typically, financial results).

To deliver an effective risk management presentation in 20 minutes, use these four techniques:

  1. Avoid the inventory,
  2. Start with revenue,
  3. Identify major risks, and
  4. Recommend action.

Avoid the inventory

Resist the temptation to present the complete inventory of risks, issues or cases. It is important to have the inventory available. Presenting or even distributing the inventory is often counterproductive. Distributing the inventory at the start of your presentation or in advance is likely to provoke a discussion of specific items. When your 20 minutes is up, you have not provided the value to the meeting you planned.

The inventory of contracts, cases, risks and issues is for your benefit. Senior management needs your insight into the entire portfolio of risks.

Start with revenue

Revenue pays everyone’s bills in an organization. Revenue growth, stability, and forecasting are on every senior manager’s mind. Except for a few industries, such as retail, contracts underpin revenue. Lawyers and contract managers sometimes fail to connect their work to sales and revenue. Consider the role that contracts play in two very different contexts.

Company A makes routine sales of low priced equipment and services with “standard terms and conditions” included with invoices. Company B, on the other hand, sells complex systems at a high price point that require negotiation of each contract separately.

A contract manager or lawyer can identify unique revenue risks in both situations. For example:

  • A recent court case in an influential jurisdiction might mean that certain warranty disclaimers are now in question. The implication is that Company A’s revenue recognition of its sales based on contracts with this type of provision is now suspect, because there is now an implied warranty return period. An effective contract manager or lawyer could identify all affected contracts and quantify the potential consequences of restating prior periods’ revenue and forecasting revenue recognition in the future.
  • For Company B, it is critical to rank revenue generating contracts by relative financial impact. A single signed sales contract worth $250,000 is not as significant, from a risk perspective, as a marketing joint venture agreement with the potential to generate $1,000,000 in revenue, even if no sales have been made yet.

Identify major risks in context

In both cases above, contract managers, lawyers, and compliance officers must focus on risks that “move the needle.” What “moves the needle” varies from organization to organization.

  1. Start with the organization’s revenue, expenses and gross income. Keep these three numbers firmly in mind. Is gross income $1,000,000, $100,000,000, or more than $1,000,000,000?
  2. Establish the “move the needle” percentage. This is a rule of thumb only. For example, if a 10% change in revenue or expenses would warrant discussion by senior management, then use 10% as the move the needle number.
  3. Present only risks that meet the “move the needle” test. Note that we present risks, not contracts, that meet the test. No individual contract for Company A above would meet the test, for example, but the entire group of contracts with the warranty issue could very well meet the test.

It is particularly tempting to present every risk of financial loss from a contract, litigation or compliance failure. However, it is important to understand these risks in relation to the organization’s complete financial statement. Contract managers, lawyers, and compliance officers need to identify potholes large enough to meet the “move the needle” test.

Many of the items in the inventory look significant to contract managers, lawyers, and compliance officers, but look like minor puddles to senior management because they focus on the organization’s entire financial statement. For these twenty minutes, so should we.

Recommend action

At this point in the 20 minute meeting, we have presented the urgent and important risks to the organization. Now what? Many contract managers, lawyers, and compliance officers shy away from making recommendations, preferring to focus on identifying risks and implementing the decisions of senior managers. Unfortunately, senior managers need the benefit of your expertise and knowledge of the risks and operations of the business.

As a 20 Minute Risk Manager, we must make a recommendation. If the risk has not materialized, then we can outline preventative measures and recommend the optimal solution to reduce the likelihood of the risk. On the other hand, if the likelihood of the risk is high, then we can recommend specific treatment action to reduce the consequences.

For each risk we identify in the 20 minutes, we must recommend the best course of action in our professional judgement. It is entirely appropriate to outline alternatives, but risk managers have a duty to recommend concrete solutions, even if the course change required is significant and, itself, uncertain.

A recommended action needs to include an estimate of the costs of prevention or treatment, as the case may be. When recommending prevention or treatment, it is important to keep the financial context in mind, just as we did when identifying risks. Senior management will have a hard time understanding why $100,000 of risk requires $1,000,000 of prevention. The prevention or treatment needs to be commensurate with the risk.

Contract managers, lawyers, and compliance officers are critical to a successful organization. Daily, they troubleshoot legal risks, often without those issues ever rising to the attention of senior management. As contract managers, lawyers, and compliance officers, we thrive on the detailed complexity of contracts, laws and regulations. Business managers, however, may not share that proclivity. Therefore, when we have 20 minutes, we have to make the biggest impact we can. Donning the hat of the 20 Minute Risk Manager is the most effective way to communicate the value of our work and improve the organization’s health.

Originally published at www.berkmansolutions.com.

--

--