It all starts with sound Risk Management

This interview was featured in the Forge Magazine. You can access the full publication here.

Too many organisations view risk management as a regulatory cost and handbrake on growth when they should regard it as a performance enabler.

That is the view of David Bergmark, Co-founder and CEO of The Protecht Group, a leading provider of enterprise risk management (ERM), and asset and liability management (ALM) software, and a pioneering risk consultancy, trainer and adviser. ‘We are redefining how the world thinks about risk,’ says Bergmark. ‘A strong risk-management framework allows organisations to move faster. Also, a deeper understanding of risks helps executives and boards to better understand opportunities and how to mitigate risks through execution.’

Protecht’s work is timely. The Banking Royal Commission in 2019 and the Australian Prudential Regulation Authority’s (APRA) review of The Commonwealth Bank of Australia (CBA) in 2018 highlighted risk-management failures. Risks are rising across industry. The global coronavirus (COVID-19) pandemic and natural disasters in Australia in early 2020 headline a long list of risks. Cybersecurity breaches, modern slavery in supply chains and climate change are other ongoing risks, as is employee misconduct.

‘ERM is increasingly complex as organisations face more risks in more areas,’ says Bergmark. ‘A cybersecurity breach, for example, or revelations that a company has exploited offshore workers in its supply chain can damage an organisation’s value. Companies that have antiquated risk-management systems are vulnerable.’

IRM SPECIAL SUPPLEMENT - JAN 2020 - David Bergmark, Keith Davies, Gary Lynam and David Tattam

David Bergmark (Left 1) with David Tattam (Right 1) and our UK Team

Bergmark says risk management must start at the top. ‘Boards must proactively set the riskmanagement statement and executives must communicate it. Risk data must be aggregated to identify emerging or systematic risks, and business lines must have ownership of the risks.’

Another issue is poor use of risk data. ‘APRA’s CBA inquiry indicated that there were many resources devoted to risk management, but that information was not acted on. Some internal audit findings were outstanding for more than three years. Companies must use risk information to formulate actions.’

Worse, some organisations use spreadsheets or point-system solutions that do not talk to each other or reference a central library of organisation risks. ‘There is no consolidated view of the risk profile or its connected items,’ says Bergmark. ‘Organisations must see how many indicators are outside their operating range for that risk, how many incidents have been raised and how many internal audit findings are connected to it. They can’t do this unless they have the right technology.’

Protecht Solutions

Bergmark and Co-founder David Tattam formed Protecht in 2000 after witnessing too many organisations with unsophisticated risk-management systems. They’ve both headed up risk departments for international banks and finance companies. ‘Tattam and I knew there was a better way to manage risk,’ says Bergmark. ‘Companies were not using the right risk technologies – there wasn’t a sufficient internal risk culture or enough training.’

David Tattam (Left ) with David Bergmark (Right)

The Sydney-based firm’s success has been two decades in the making. From humble beginnings, Protecht has built an exceptional team of risk experts, expanded to the United Kingdom and helped leading organisations to manage risk.

The firm’s flagship enterprise risk-management software, Protecht.ERM, is a full-function ERM solution. It includes risk assessment, key risk indicators, compliance and obligations management, incidents, issues management, and more.

The cloud-based solution is accessed through web browsers on desktops, laptops and mobile devices. Once data is captured, the workflow engine disseminates information efficiently and risk profiles have connected information.

‘Protecht.ERM is one of the most functionally rich products on the market,’ says Bergmark. ‘Its integrated analytics engine allows for beautiful visualisation of risk-related information and, as risk practitioners, we continue to pioneer thinking in this visualisation. Our RiskInMotionTM and Risk Culture dashboards are examples of this.’

On compliance, Protecht is integrating its technology with regulatory content suppliers. ‘A robust compliance function consists of an obligations register that enables the organisation to understand its legislative obligations, an attestation program to ensure that staff understand what their obligations are, and a breach register to capture noncompliance and action plans,’ says Bergmark. Protecht’s expertise in risk training – led by Tattam, a noted authority on risk – is another strength. ‘Tattam is renowned for his passion for enterprise risk management at all organisation levels,’ says Bergmark.

He says that Protecht’s ability to support customers through their risk life cycle is unique. ‘We produce risk related technical content through free monthly webinars, our client community portal allows risk managers to communicate and improve their knowledge, and we provide in-house training. Protecht teams are experienced risk practitioners who guide risk managers on connecting risk-management concepts to Protecht.ERM.’

Bergmark believes that more organisations will embrace risk-management technology. ‘The magnitude of risk requires organisations to use market-leading software, such as Protecht.ERM, to streamline risk management, and deliver stronger, more sustainable performance.’