I’ve spent thousands of hours reading research articles on leadership—specifically, the intersection of corporate governance and risk management. While research directly addressing this connection was limited, I found plenty of insights on leadership and risk management individually. Over time, I gathered golden nuggets of wisdom that shaped my thinking and deepened my understanding of the role leadership plays in an effective risk management function.
Eventually, I realized I had collected enough to share with the risk management community. The challenge was figuring out how. Should I write a paper? Start a blog? Host discussions? I wasn’t sure about the best approach—I just knew I needed to start somewhere.
Earlier this week, I came across my Risk Management Conference presentation, and it struck me that its core message still holds relevance today. My key takeaway back then? A Risk or Compliance Manager’s role isn’t just about enforcing policies and procedures—it’s about building relationships within the organization just as fast (if not faster) than enforcing the rules.
Why? Because risk management isn’t just about identifying risks—it’s about influencing behavior, decision-making, and company culture. And that doesn’t happen through policies alone. It happens through people.
If I were to update this presentation today, I would emphasize why relationship-building is key:
✅ Influence Over Authority – Risk managers often don’t have direct authority over business decisions. Unlike some functions that operate with clear-cut mandates, risk management is about influence. You need to shape how people perceive and act on risk, which requires building trust and credibility. If you’re seen only as the person who enforces rules, you’ll struggle to make a real impact. But if stakeholders trust you, they’ll involve you early in decision-making rather than after the fact.
✅ Proactive Risk Awareness – One of the biggest challenges in risk management is that risks are often identified too late—after they’ve already materialized into issues. When people trust you, they’re more likely to bring concerns forward early, giving you time to address risks before they escalate. This is especially important in fast-moving organizations where risks can emerge rapidly. The stronger your relationships, the more likely employees will view you as a resource rather than a last resort.
✅ Collaboration Over Compliance – Traditionally, risk and compliance functions have been seen as rule enforcers—people who say “no” rather than enabling the business to say “yes” in a responsible way. However, the most effective risk managers shift this perception by embedding themselves within the business, working alongside teams to integrate risk awareness into decision-making. When you focus on collaboration over strict compliance, you create an environment where people see risk management as a value-add rather than a barrier.
✅ Stronger Culture of Risk Awareness – Policies and procedures are important, but they only go so far. Real risk awareness is built through conversations, relationships, and shared understanding. When employees feel comfortable discussing risks without fear of punishment or bureaucracy, they make better decisions at all levels of the organization. Risk culture isn’t dictated—it’s cultivated through ongoing engagement.
A Shift in Mindset
When I first started in risk management, I thought my role was primarily about ensuring policies and procedures were followed to the letter. Over time, I learned that while policies are necessary, they don’t drive behavior—people do. The key to effective risk management isn’t just about having the right framework; it’s about having the right relationships.
If I were giving my presentation today, I’d focus even more on this mindset shift. The most successful risk managers aren’t just compliance experts—they’re trusted advisors who understand the business, build strong relationships, and influence decision-making at all levels.
I’d love to hear your thoughts. How do you balance enforcement with relationship-building in your organization?