At the end of last year I had the opportunity to do a workshop at the Annual Risk Leaders Conference organised by the Institute of Risk Management (IRM) in London. Due to the high interest that the audience showed with the content I decided to write a short article to share the information with everyone.
During the workshop, we shared real-life examples of the dynamic nature of risk to illustrate how risk is evolving. A key challenge we observe to be facing risk practitioners today is migrating away from static risk assessments or traditional risk assessments. Whilst we acknowledge these traditional assessments bring consistency and form. More is required.
To have a truly sustainable Dynamic Risk Profile, the organisation needs business buy-in. During the session, industry insights were shared on how this can be achieved, including, how to aggregate risk profiles to empower risk practitioners to challenge business decisions with conviction through a layer of objectivity. It is important to recognise the challenges business stakeholders face with competing priorities and tasks in often unstructured environments.
The challenge we brought to participants during the session was how can we support business maintain adequate risk awareness when seeking to achieve business objectives.
Our view is a mechanism or platform is required to navigate the increasingly complex business environment and facilitate robust conversations.
Main takeaways for the readers:
1. Changing Landscape Results in Emerging Risks:
The emerging risks organisations are facing are less visible than traditional risk types. This can present challenges to the risk function. The control environment as an example needs to keep pace, seeking investment in controls after change has been implemented can be difficult. Risk Managers must strike a balance in their approach and be careful not overengineer risk processes. Horizon risk scanning and adopting agile approach are key focus in supporting good business outcomes.
2. Disconnected Supporting Risk Framework Information:
Management needs greater visibility of the risk profile to understand the connected nature of risks. This requires streamlined access and view of risk data that can empower them to make decisions. Risk must also adapt. We must consider new ways of assessing risk and seek to remove unconscious bias often observed in traditional methods and consider the ways in which we present risk data to business managers to support robust discussions. Is your risk framework fully connected?
3. Industry Recognising Change:
We have observed change with industry standards. In the banking sector, ORX changed their Level 1 classification matrix this year. New risks such as third party, data and information security have now been promoted to the top tier or Level 1 Classification.
4. The velocity of risk impacts is being magnified by new technologies:
Risk velocity, which is the speed of transition from risk event to impact felt has received heightened focus. Management has less time to act than previously. Impacts are being experienced at a rapid pace. Risk professionals must be able to support the management decision making process in this faster-paced environment. Waiting for periodic reporting processes is no longer sufficient.
5. Failure to understand risk dynamics will lead to resilience concerns:
In the past few years, there have been many high profile events (i.e. Permanent TSB) which have led to considerable questions about organisation’s resilience capabilities and whether the organisations understood how risk profile had changed over time. Regulators have focused on organisation’s ability to stand-up crisis management teams, and recover critical business processes when a risk event occurs. This scrutiny has demonstrated many organisations are no longer confident their recovery plans have estimated the risk velocity from event to impact. When was the last time you undertook a resilience assessment and qualified the scenarios for critical business processes?
How can we help them? As organisations try to better understand the dynamic nature of their risk profiles, Protecht can assist guide clients through this process. Our advisors have cross-sector experience and are well placed to ensure risks are connected across the risk profile and management is well placed to execute decisions with all risk data readily available to them.
- Book a demonstration of the Protecht.ERM system.
- Send us an email at info@protechtgroup.com