Moving to the frontline

Published on Tue, 30/04/2019 - 00:03

Risk management is moving out of the back office to become a business partner, says Julia Graham, deputy CEO and technical director at Airmic

There has been a silent revolution going on and in the last three decades, a remarkable transformation has taken place. The average value of companies has moved from a ratio of 90% tangible assets and 10% intangible assets (such as reputation, information and intellectual property), to one of 90% intangible assets and 10% tangible assets.

Concurrently, business transformation fueled by technology is creating a world that is more connected and complex. Bring these two scenarios together and there is an explosive cocktail. The consequences are that the assessment and management of risk is harder and less certain. Traditional actuarial rules just don't apply to many modern risks, and when companies think they have their arms around managing risk, the pace of change moves up a gear and the world spins away from their reach.  

Whilst the process of change is speeding up, the external and internal environments in which businesses operate are changing at different speeds. Changes to the external world are like a genie out of a bottle - they can't be put back and change will be exponential. On the other hand, sectors and businesses are typically moving at a slower pace than their external environment.

The increasing speed differential is creating a change lag. Speed of risk decision making is essential, but this requires agility, new knowledge and enhanced skills.

In this context, the corporate governance functions of monitoring, strategy and legitimacy remain valid but need to be enhanced and extended beyond traditional approaches. Governance of digitally transformed business models requires greater attention to the broader environment or ecosystem within which they operate.

Risk management is moving away from pure prevention to response. This requires a shift in the emphasis of risk management and risk management professionals.

First, there must be a better alignment with business priorities. Risk teams need to demonstrate strong commercial acumen - and the business language to communicate it persuasively - and engage more intensely with the company's strategic ambitions and major investments. This will sharpen their ability to develop valuable insights into emerging concerns and help scope innovative risk mitigation solutions.

Second, the modern environment demands a more flexible deployment of resources. Revised analytical methodologies, including the introduction of new data science and automation techniques, should free up capacity in risk teams for more project-based (as opposed to routine) risk work and the provision of advice to business and functional leaders.

Third, businesses and risk professionals should view emerging risk through a more creative lens. This will enable risk teams to engage with institutional and individual biases and blind spots and help build an appreciation of threats for which evidence may be limited or conflicting.

As a final thought, it is often said that risk management is part science, part art. The above arguments demonstrate that the risk profession needs to move more towards the latter - focusing on judgement, creativity and people skills. However, data gathering and analytics will also grow in importance, while machine learning and AI will increasingly play a key role in managing risk. Technology will not take care of itself and the risk community must enhance their knowledge and skills to be prepared.

This article first appeared in The Sunday Times on 28 April as part of a special report on Business Risk produced by Raconteur in association with Airmic. Click here to read the report in full.

Julia Graham is Airmic's deputy CEO and technical director