As one of the leaders of Protecht, I am very fortunate for the opportunity to meet new people all the time. Those friendly conversations that happen at any major event or at any small meeting, are the interactions that shape my role and give me new perspectives on risk and compliance management.
One of those entities that encourage valuable interactions is the Governance Institute of Australia. Twice a year I am invited by the New South Wales Chapter to present their Dux Awards for Risk and Compliance, a recognition that Protecht has been sponsoring for the past 5 years, and has become a tradition for us to support. Coming to this event gives me the opportunity to talk to professionals from a wide number of industries and discuss the present and future of risk, compliance and governance.
Last November it was a pleasure for me to personally congratulate Robert James, the latest recipient of the Dux Award for Risk and Compliance during 2017. I am delighted to share with you his points of view on governance, risk and compliance. But, first of all, who is Robert James?
Robert is an Independent Non-Executive Director of two Not-for-profit organisations in aged care and small business advisory. Robert also chairs the Advisory Board of a commercial Information Technology organisation and consults to organisations on governance, risk and compliance matters. He was previously Head of Superannuation Systems at BT Financial Group and has over 30 years of skills, experience and knowledge in Superannuation and Information Technology. Along with being a Justice of the Peace, Robert has completed the Graduate Diploma of Applied Corporate Governance at the Governance Institute of Australia. And, as we mentioned before, he was awarded Dux for Risk and Compliance at the Institute in NSW.
It probably goes back to the recession we "had to have" in the early 90's. I was involved with many unit-holder meetings at that time and witnessed firsthand how people were impacted where funds were frozen or repayment of debt reduced equity. Of course governance, risk and compliance played a large role in these situations.
It was on the recommendation of a friend and colleague. What I have found since is that Governance Institute course covers all the bases, giving students the necessary detail across such a broad area.
These sectors are highly regulated which is necessary for obvious reasons. The community at large across all generational cohorts is also demanding high-quality services in Super and Aged care. Anything else is inadequate.
In this environment reputation is critical. And Warren Buffett is famous (amongst other things) for saying. "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently."
So my view is risk and compliance management has a huge role to play in these sectors, both now and into the future. They need to ensure the "5 minutes" Warren Buffett talks about either never happens or if it does happen, it is managed in a first-class manner.
The main challenges involve two key points I have learnt through my studies:
- Strategy and risk are very closely related. They are like two sides of the one coin. Australian companies need to discuss both in the same conversation. They also need people who can do that. However, particularly in larger organisations, strategy and risk teams are often located on different floors and talk different languages. It is, therefore, a challenge to improve on this; and
- Risk ends up in the bottom line. For example, if a company is mitigating a risk, is the cost of that mitigation in the forecast? If the risk occurs and remediation is required, is the remediation budgeted for? Hopefully, Australian companies don’t have unfunded contingent liabilities that might impact them. Understanding this relationship between risk and finances can be a challenge for some organisations.
Ideally, the directors would show leadership asking for both a risk management and compliance management framework. The directors are ultimately responsible and need to fulfil their roles with the degree of care and diligence that a reasonable person would exercise in their roles.
Implementing new frameworks is also a change management project. Therefore, conduct a risk assessment on the change required and determine what sort of project is required, its governance, whether specialist change management expertise is required, and so forth.
As we are in a period of rapid technology change, it is imperative to be across it. We know that computer algorithms and robotics are making huge strides in other industries such as manufacturing, distribution and health. Those industries are going through a shift.
"So imagine the gains that can be made when applied in this industry. We will also go through a shift - significantly improving effectiveness and efficiency. Imagine having a system where the information is always up to date, you can easily find or locate something, and mundane work is automated. Imagine having a system that can rapidly and accurately predict risks, their characteristics and run simulation scenarios."
My advice is threefold:
1) Clarify your objectives
2) Develop a realistic plan to achieve those objectives
3) Determinedly work your plan
People can be discouraged when obstacles arise, however, determination is an amazing attribute. Determined people will always find a way.
Send us an email to firstname.lastname@example.org and share with us your own Risk journey.
Alf has established a number of risk management frameworks in financial services, real estate and property development, mining and exploration, and heavy engineering sectors. A Certified Compliance Professional, Alf has an impressive collection of qualifications, including a BSc in Pure Mathematics and Theoretical Physics, a Graduate Diploma in Commercial Bank Management and an MBA in general management. He is also a member of the Global Association of Risk Professionals, past President of the GRC Institute and past member of for-profit and not-for-profit organisations.