A Conversation with Andrew Minnitt, CEO Singapore, Aon Part V

In Conversation with Andrew Minnitt, Chief Executive Officer, Singapore, Aon

In the fifth part of this interview series, Aon’s Andrew Minnitt shares his insights on questions posed by risk managers in attendance at PARIMA Manila 2019 Conference that the C-Suite Panel did not get an opportunity to address on the day.

What risk challenges keep you up at night?

I am constantly challenged by not only my risk management team, but the organisation in general. I am approached on discussions about all forms of risks that affect our business – from cyber, and legal and compliance, to intellectual property, climate change and people.

What I am most concerned with is how I can prioritise one risk over the other. Is physical risk overridingly more important than people risk? Or does the Legal & Compliance framework take priority? Perhaps since people are our business on a day-to-day basis, people risk should come first?

Ultimately, no one risk is more important than the other. They are all inter-related. The challenge is in trying to find the balance between which one to address first. Personally, I ask myself how I can remain relevant to my people in the role that I perform as a risk aware CEO and solution provider to clients, and where I can make the best impact each time.

How can you get senior management buy-in on risk management being their job too?

Having the words “risk manager” in one’s title does not relegate the duty of managing risk in an organisation to them alone. In fact, risk management should, and must, start at the top. It needs to be supported, endorsed and driven throughout the organisation by senior leadership.

The role of a risk manager is to pursue the execution of initiatives and risk management conversations. A risk manager should also ensure that risk management is an ongoing effort and has a frequent appearance in every single agenda within the organisation. Whether it is people or property, risk management applies. Senior Management knows this.

How can risk managers effectively use technology such as ERM software to monitor and analyse risks?

Rather than going to any specific brand, the use of a particular software should be contingent on each organisation and their unique needs and wants from a system. Risk managers should look at their objectives and work backwards, looking for a system that fulfils those aims.

Personally, I would very seldom go to the first software system offered to me or pick one simply because the competition is using it too. I like to look at a few options and socialise it with people who are actually going to use it.

While senior leadership might see a software being a gamechanger for the risk management function in their organisation, the real value lies in the day-to-day functionality and operability of that system. Things to think about include:

  • Is it easy to understand?
  • Is it usable?
  • Is it workable?
  • Does it drive the output that you want?