This interview was featured in the Forge Magazine. You can access the full publication here.
Too many organisations view risk management as a regulatory cost and handbrake on growth when they should regard it as a performance enabler.
That is the view of David Bergmark, Co-founder and CEO of The Protecht Group, a leading provider of enterprise risk management (ERM), and asset and liability management (ALM) software, and a pioneering risk consultancy, trainer and adviser. ‘We are redefining how the world thinks about risk,’ says Bergmark. ‘A strong risk-management framework allows organisations to move faster. Also, a deeper understanding of risks helps executives and boards to better understand opportunities and how to mitigate risks through execution.’
Protecht’s work is timely. The Banking Royal Commission in 2019 and the Australian Prudential Regulation Authority’s (APRA) review of The Commonwealth Bank of Australia (CBA) in 2018 highlighted risk-management failures. Risks are rising across industry. The global coronavirus (COVID-19) pandemic and natural disasters in Australia in early 2020 headline a long list of risks. Cybersecurity breaches, modern slavery in supply chains and climate change are other ongoing risks, as is employee misconduct.
‘ERM is increasingly complex as organisations face more risks in more areas,’ says Bergmark. ‘A cybersecurity breach, for example, or revelations that a company has exploited offshore workers in its supply chain can damage an organisation’s value. Companies that have antiquated risk-management systems are vulnerable.’
David Bergmark (Left 1) with David Tattam (Right 1) and our UK Team
Bergmark says risk management must start at the top. ‘Boards must proactively set the riskmanagement statement and executives must communicate it. Risk data must be aggregated to identify emerging or systematic risks, and business lines must have ownership of the risks.’
Another issue is poor use of risk data. ‘APRA’s CBA inquiry indicated that there were many resources devoted to risk management, but that information was not acted on. Some internal audit findings were outstanding for more than three years. Companies must use risk information to formulate actions.’
Worse, some organisations use spreadsheets or point-system solutions that do not talk to each other or reference a central library of organisation risks. ‘There is no consolidated view of the risk profile or its connected items,’ says Bergmark. ‘Organisations must see how many indicators are outside their operating range for that risk, how many incidents have been raised and how many internal audit findings are connected to it. They can’t do this unless they have the right technology.’
Protecht is an international company founded by some of the most accomplished risk professionals in the industry. Since 1999, we have delivered training, advisory and software solutions that intensify the Risk Management focus and discipline of government departments, corporations around the world.