1. What is the role of ERM today? Has it reachedwidespread recognition by the C-Suite? When managementteams think about risk management, they are probably thinkingconcurrently about ERM as well as specific risk managementdisciplines; for example, the treasury looking after financialrisk, traditional insurance teams looking at Property andLiability, and the team that tracks quality or compliance efforts.The nomenclature is sometimes confusing because we can think aboutrisk while also thinking about risk at different levels, andmanagement teams today are absolutely doing that.

2. How is working on a consulting team different fromyour previous roles as an in-house risk manager with Ford MotorCompany and Coca-Cola? We provide clients with advice,experience, tools and assist them in educational efforts withintheir company, but we're different from a risk team within acorporation or nonprofit enterprise, where you have it as a stafffunction that looks after many aspects of risk within anorganization. Sometimes we're hired by a board of directors or amanagement team to do an independent analysis of theirorganization's capabilities and help them determine where theywould like the organization to be, and make a plan to get themthere.

3. Has your background at a variety of other companieshelped you do your current job? I think all of us, in anyprofession, bring our amassed prior experiences to the table.Working at Ford and Coca-Cola Enterprises was helpful for a lot ofreasons, including exposure to the management level,decision-making around risk, an understanding of boardresponsibilities and the operational aspects of RM.

4. Is the C-Suite still equating “risk” with“loss”? I think risk is perceived at the C-level as thebalance between taking the risks you want and have to take- it'sbalance against avoiding negative surprises. All organizations takerisk everyday because of the things they want to achieve. From afunctional standpoint, risk management is still perceived as theorganization that says “no” to avoid negative outcomes, but thereare many risk managers who have been successful at recasting thisview.

5. Do you have any personal frustrations about thatfundamental perception? No. My job is to takeorganizations from where they are today to where they want to be,so we have to start with understanding their frustrations andbarriers and helping them move through that to the next level ofmaturity based on their capabilities.

6. How are risk managers transitioning to strategic riskmanagement (SRM), and why is this important? It'sinteresting, this debate whether SRM is a different thing from ERM.I do not see them as two distinct practices. It's my observationand experience that risk management in the strategic context is anatural result of having a well-designed and integrated ERMframework

7. How do you think that recent events, such as theattack in Boston and the Texas plant explosion, will affect riskmanagement on a global scale? Will it make organizationsmore cautious, or will it spur them to become more resilient? Riskmanagement tries to predict unforeseen events and understand theorganization's ability to deal with those matters according totheir exposures. Whether it's called risk resiliency, or dealingwith a certain event, there are things that you can do proactivelyto enhance your organization's ability to deal with it. Number oneis aligning the leadership team to how the organization will governitself in an unforeseen circumstance. Number two is to understandwhat your resources are and how to deploy them if an event occurs.Three is having the capability to modify your response in realtime. It's a lot about nimbleness and decision making capability incircumstances where time matters.

8. Speaking from the position as a NU board member,what's on your mind that you would like to say to the RMcommunity? Risk managers bring a tremendous amount ofinsight and capability to the question of how organizations shouldmanage their risk. My thoughts are that it is important forsenior-level risk managers to have technical capabilities tounderstand the operations and the “business of the business” thatthey are in. We must wear two hats: being a technical risk manager,and being a collaborative member of the organization's managementteam.