Editor’s Note: Earlier this year, Group General Counsel Greg Boss named Karen Neave into a newly created role of CSL’s Chief Risk Officer. After a little over five months on the job, Karen recently took time to share thoughts about her new role, the importance of creating a risk aware organization, safeguarding the company’s reputation and why upholding business integrity and ethics are critical to helping patients and protecting public health.
Q. What does a Chief Risk Officer do and why is this role important to CSL?
A. In my role as Chief Risk Officer or CRO, I lead Business Integrity & Risk (BIR), which sits in the Global Legal organization and includes risk management, insurance, business continuity, business integrity or compliance as it used to be known, data privacy and management of the internal audit for the enterprise. CSL has long been a Values-based company and I view part of my role as being instrumental to supporting the organization in ensuring we continue to uphold our Values while making decisions and conducting our work in a way that protects the needs of our stakeholders and our business. In addition, continuing to build a risk aware organization through including discussions on risk and risk appetite into already existing leadership and team meetings is important particularly in the current environment we are facing, where a risk, that is a pandemic, that had previously been considered to be highly unlikely, has now occurred. A more risk aware organization will have risk considered in the day to day business across the entire enterprise and help with a consistent and shared understanding of acceptable and unacceptable risk in making decisions, how to respond appropriately to mitigate risks where possible, and continue to support effective and efficient risk management across the organization. Finally, Data Privacy is also an area that is getting an increasingly higher profile across the world, where individuals want to ensure their personal data is protected. For CSL, that includes employees, donors, clinical trial subjects and healthcare professionals just to name a few. As we conduct more business activities virtually and online, both internal and external, there is an ever increasing need to ensure we have the right controls and monitoring in place to ensure that protection is in place, and thus to ensure we maintain the trust that people place in CSL to manage their personal data.
Q. You’ve spent much of your first five months listening and learning. How has this informed the risk framework you have been developing?
A. One of my key takeaways from the past five months and being new to the BIR function is the need to build an enterprise risk framework that is easy to understand and was put together with input from the business. My vision is that anyone working for CSL – whether they have been here for 20 years or 20 days – can pick up the new Enterprise Risk Management Framework and understand, through reading one clear and concise document, how risk is viewed and managed at CSL. In particular, the collaboration and support I received from the business when creating the new risk appetite statements and risk measures was immensely encouraging. People were happy to be involved and contribute in a value adding way to ensure we created a framework and risk appetite measures that were relevant – and that we see and use this new framework as a living document – not one that will just sit on a shelf.
Q. Your path to becoming the CRO is unconventional, having started in Finance rather than Legal, which might be expected as the more standard route. What makes your diverse experiences well suited for your new role?
A. Many of the experiences and skills I gained by working in the Finance organization are well suited and transferable to my role as Chief Risk Officer. Another key benefit is my 23-year tenure with the company working across many parts of the organization allows me to bring an enterprise-wide approach and understanding of the business to my new position. This includes working across vaccines and plasma and working in both Australia and the U.S. in varying areas of finance. This broad perspective is critical at a time when we are working across CSL to adopt an enterprise-wide operating model. I also think my career path speaks to the culture at CSL, which supports development opportunities and values diverse perspectives and experiences.
Q. At CSL we are driven by our promise to help patients and protect public health? How does your role support this?
A. As one of the world’s leading biotech companies, CSL has many stakeholders who are counting on us to continue to drive scientific innovation so we can improve the lives of the patients we serve and safeguard public health. But this takes trust – trust in the safety and efficacy of our products, trust in how we conduct business with our customers and suppliers and trust in how we treat our people, patients, plasma donors -- and all of our stakeholders, which will help ensure we maintain CSL’s reputation.
As the Chief Risk Officer, I see my role supporting the CSL promise through the multi-faceted responsibilities I have, including business integrity, data privacy, risk and business continuity. While everyone at CSL is individually responsible for managing risks and business continuity in their business or functional area, for ensuring that they and their teams act with honesty and integrity, and for being aware of the need to protect the privacy of all personal data, as an enterprise wide enabling function each of my teams play a key role in supporting and advising our functions and businesses to help them manage these responsibilities. Whether it be providing technology, tools, frameworks, processes, training or other information or advice, we are here to support the organization in conducting their day to day business under this lens, which also supports working in accordance with the CSL Values. This ultimately leads to protecting CSL’s reputation and delivering on our promise.