Securing budget and resources for a successful integrated risk management program can be difficult. Even the most experienced and articulate risk leaders can have a hard time getting stakeholders to understand the value of better visibility into risks across the organization.
While today’s executives should be more open than ever to upgrading risk management programs, given the disruption caused by COVID-19, budgets and resources may remain constrained by the widespread economic damage. If you’re having trouble winning budget (or buy-in), you might be making one of these common mistakes:
Making an ask without establishing a relationship.
Don’t go in cold. Build a relationship first and make your case second. Find out what’s most important to the decision-makers and use that to make a personal connection.
People are more likely to help out a friend than a stranger – it’s just human nature. Finding common ground – interest, hobbies, similar career, and education paths – helps build rapport. If your audience is comfortable with you as a person, chances are they will be more receptive to your pitch.
Living exclusively in the past.
While a mature IRM program may have helped mitigate the impact of COVID-19, there’s nothing to gain by pointing fingers or casting blame about what went wrong. Frame any past weaknesses as opportunities for improvement. Provide examples of how IRM will make the business more resilient going forward. Your point will come through loud and clear.
Not considering decision makers’ objectives.
Instead of explaining how a new technology can help your team, make your processes more efficient, and your life easier, focus on the benefits to your decision makers.
For example, if you’re speaking to the chief compliance officer, highlight how an expanded IRM program helps avoid penalties and litigation for noncompliance. If you’re pitching the CEO, focus on how IRM can provide critical facts quickly for more accurate and timely decisions. When your objectives coincide with your decision makers’, it’s much easier get support.
Not communicating a clear ROI.
While it’s difficult to put an exact dollar figure on something like a cyberattack or multimillion-dollar lawsuit, there are ways to estimate the overall return on an investment in IRM technology.
For starters, identify the types of fines and litigation expenses others in your industry have experienced, and use that to calculate potential savings from avoiding those costs. You also can evaluate staff resources that would be saved with greater efficiencies and tie that to a dollar value. For example, if automation saves you 20 hours per week for a salary that breaks down to, say, $50 per hour, then that’s a savings of $1,000 per week for the business. Multiply that by the number of people and hours saved, and the impact of automation alone could be significant.
Those extra hours can then be redirected to tasks that provide more strategic value to the organization.
Getting budget in this economic climate can be difficult – but the end result will be well worth the effort of making a sound business case. Companies with robust integrated risk management programs have an unobstructed view of both current risks and those on the horizon, which significantly improves agility and resilience. And anything that promises to deliver that kind of advantage is likely to be considered money well spent.