Risk Management Network: Milestones and New Horizons

Vhe pioneering work of Prof. Dr. Bruno Brühwiler has always been a great success when it comes to risk management in Swiss institutions. Bruno Brühwiler initiated and founded the network ten years ago with a "small group of idealists". In the meantime, more than 200 members, both individual and collective, are enrolled in the Risk Management Network. In 2015, his multifaceted office was handed over to Ms Nicole Heynen, MAS.

Nicole Heynen is Co-Section Head at the Federal Finance Administration (FFA) and coordinates risk management in the federal administration in a senior role. Not only because the Risk Management Network is celebrating its tenth anniversary, but also to illuminate holistic, tried-and-tested strategies, Management & Quality conducted an interview with the two experienced risk experts.

The last few years have been marked by ISO realizations, by continuous improvement measures and new trainings. In your opinion, what were the most important milestones of the network you founded 10 years ago?
Bruno Brühwiler: Quality management started its upswing about 25 years ago. The Swiss standard of the time was replaced by the ISO 9000 series. Today, 1.1 million organizations worldwide are ISO 9001 certified. A success story. However, risk management only took off about 10 years ago - triggered on the one hand by legal regulations in the Swiss Code of Obligations, and on the other hand by ONR 49000 (first version 2004) and subsequently by ISO 31000 (first version 2009).

Why is there a specific need for risk management, as is the case with the Swiss network to date?
Bruno Brühwiler: This is easy to state. Globalization, complexity, interconnectedness. The world has changed enormously in recent years. Quality management is concerned with the "normal situation" and its continuous improvement. Ri

Risk management is interested in the "exceptional situations".

sics management, on the other hand, is interested in the "exceptional situations".

Such situations are unfortunately becoming more and more numerous, surprising and unpredictable. See, for example, the Fukushima disaster or the Volkswagen case. But even in Switzerland, the systematic handling of uncertainty is something new

Risk management serves in strategic issues of corporate development, it now plays a significant role in corporate governance. This is seen in corporate governance, where the top management bodies (board of directors, executive board) continuously answer to the questions of corporate strategy, corporate development and risk management. The Risk Management Network has taken up precisely these issues. The aim is to take a holistic approach that has been tried and tested in practice.

To what extent have your members been able to develop their risk management skills from year to year?
Bruno Brühwiler: The further development and increasing number of trained risk managers is built on a comprehensive understanding of the discipline, which is still young. Because the traditional quality management organizations have not yet internalized this trend, new associations are emerging that have understood these risk management concerns. That's why our membership continues to grow. Risk management is a model for the future.

Ms Heynen, how was it possible to introduce a nationwide risk management system? Were elements such as continuity management (BCM) introduced at federal level in the same way?
Nicole Heynen: The so-called decentralized responsibility corresponds to the federal organization. Such elementary prerequisites showed great chances of success from the very beginning. In order to ensure that the heterogeneous risks can nevertheless be compared, we have

Nicole Heynen: How SMEs handle risk management How SMEs handle risk management is difficult to judge.

However, in order for this to happen, methodological guidelines are required, which first had to be developed. Another important step towards success was the establishment of internal risk management training. In addition to employee training, top managers are also periodically trained in this topic. These steps are strongly encouraged from the very top. The guidelines for nationwide risk management - were drawn up by us as the coordinating body - in close cooperation with the departments. In doing so, we did not reinvent the wheel, but based ourselves on the specifications of ISO 3100 and ONR 49000 guidelines. Acceptance was strengthened by incorporating the know-how already available in the federal administration.

Our most important decision-making body is the General Secretaries' Conference. This decides on further development, the completeness of the nationwide "top risks" and the plausibility of the Federal Council risks. Cross-cutting issues such as information security are also discussed and analysed.

BCM is a recurring theme in the risk management measures. In contrast to risk management at the federal level, however, there are only selective overarching requirements. BCM is therefore less firmly anchored and must be strengthened in the future. However, this weakness has been recognised and appropriate measures have been initiated.

Ms Heynen, your main task is to present risk scenarios per department in a Federal Council report. How do you communicate risks that are of importance throughout the Federal Administration - but which should be avoided by non-risk experts?
Nicole Heynen: Raising awareness and training are certainly important. But before we can be effective, we always need the support of management. If this is the case, we try to work closely with other specialist units that are responsible for sub-areas of risk management - for example in the area of information protection. As the Federal Risk Management Coordination Unit, we support these specialist units, either through our training courses or through specific assignments to deal with specific risks. Other instruments for raising staff awareness are our newsletters on the one hand and specialist events in the Risk Management Network on the other.

Mr. Brühwiler, was it actually always easy for you to divide the roles between the management of Euro Risk Limited and the presidency of the Risk Management Network?
Bruno Brühwiler: The Risk Management Network was a voluntary activity, sometimes certainly characterised by great idealism. I never earned a "centime" more, see the many travel expenses. However, participating in and leading leading ISO 31000 discussion groups brought me certain synergies.

Which important risk management elements did your network implement for the first time in Switzerland?
Bruno Brühwiler: Integrated Risk Management. It strives to see the various risk management applications in an overall concept, not in silo areas. Here, individual aspects are integrated and mutually networked:

Internal control system, risk-based quality management as an extension, safety management according to the processes and methods of risk management, compliance management - because non-compliance is always risk - finally emergency, crisis and continuity management as further categories of integrated risk management. Not to be neglected is also the aspect of human factors in dealing with risks as a special challenge.

The Risk Management Network has dedicated itself in depth to such challenges. The Risk Management Network addresses these elements throughout Switzerland.

In the meantime, it is 2016, to what extent does risk management still have potential for development?
Bruno Brühwiler: I think that in 10 years, risk management will take on a central role in addition to quality management

Nicole Heynen: It would be desirable for risk management and, for example, quality management to go together in the operational area. Silos of individual sub-areas of risk management should be broken down so that an efficient and effective risk culture can exist in the company. Top executives are relieved by the integrated risk management approach. This gives them a better, transparent overview.

Ms. Heynen, would you say it's different today than it used to be in how risk management is implemented in larger facilities?
Nicole Heynen: Risk management is taken seriously and implemented accordingly in the federal administration and in companies close to the federal government. A change in thinking has taken place here in the last 10 years. The same certainly applies to large corporations, most of which are also listed on the stock exchange and have to meet legal requirements. However, it is difficult to assess how SMEs deal with risk management in their companies.

Do you have a vision of where the risk management network will be in ten years' time?
Nicole Heynen: We want to be the leading platform for integrated risk management for large companies through to small businesses. In addition to strategic topics, we also want to cover operational areas such as occupational safety. To achieve this, we are seeking partnerships with other organisations. Furthermore, we want to actively participate in the development of standards and contribute to scientific studies, for example.