Has it taken the worst public health crisis in modern history for businesses to realise the value of risk management? Amid enforced homeworking, strangled supply chains and heightened cyber threats, many organisations became acutely aware that they were underprepared for a black swan event. This realisation that contingency planning is a vital element of business resilience has been reinforced by the war in Ukraine, with western sanctions and rising oil prices jarring businesses.
But more still needs to be done: McKinsey’s annual global board survey of approximately 1,500 corporate directors found that just 7% of respondents gave their boards the highest rating for risk management, and only 40% say their organisations are prepared for the next large crisis. Enter the risk manager.
The Rise of the Risk Manager
These champions of identifying, evaluating and prioritising risks are suddenly in high demand as businesses look to harness experts that can help them manage an array of risks – ranging from strategic risk, compliance risk, and financial risk to environmental risk, energy risk, and geopolitical risk.
Commenting on the recent rise of the risk manager, Tamika Puckett – Corporate Risk, Willis Towers Watson – said: “If you look at the job boards, there are jobs for risk managers popping up left and right in every industry. So, I think that organisations are starting to realise the strategic benefits of recognising and anticipating the impacts of risk.”
This paradigm shift in the risk management landscape is gathering pace. According to the Global Association of Risk Professionals’ (GARP) Risk Careers Survey 2021 report – a survey of 2,100 respondents in 101 countries and regions across the globe – more than half of all respondents expected their organisation’s risk management department or function to increase staff during 2021. And this growth isn’t showing any signs of slowing across the board: a recent market research report said the global risk management sector, which was worth $7.4bn (£5.6bn) in 2019, is projected to reach $28.9bn by 2027 – a figure that was calculated before Russia invaded Ukraine in February.
The Role of the Risk Manager
Suddenly aware that they need a plan b, businesses are employing risk managers who are skilled at creating – and communicating – emergency response plans that enable them to adapt and react to unforeseen events. The modern risk managers’ ability to monitor, mitigate and respond to different risks, while meeting compliance requirements, is increasingly dependent on soft skills as much as hands-on technical experience. It’s these communication skills that enable them to act as a strategic business leader who integrates at all levels of the organisation and fosters a proactive risk management approach that’s driven from the top-down and implemented from the bottom up.
An in-depth understanding of the development and application of risk management processes and frameworks underpins their ability to support an organisation’s risk requirements. For example, they will implement structured steps that form the basis of a best-practice risk framework to eliminate silos and provide relevant data across the organisation by engaging with departments, sharing data, and socialising risk. These steps will enable them to:
- Identify risk across all levels of the business
- Define tangible metrics with tolerances and KPI’s to measure and predict risk
- Mitigate intolerable risk
- Get an overall view of risk exposure through reporting and monitoring
- Implement a governance and control framework to lower risk & flag problem areas
This framework – which outlines a business’s approach to the management, measurement, and control of risk – identifies risks across the business, defines risk appetite and implements the appropriate controls to ensure the risk appetite is adhered to. By initiating these methods, the risk manager empowers the business with a process that ensures everyone is risk-aware and feeds into the risk data set.
Data-driven Risk Management
A Risk Managers ability to perform adequate risk assessments and add real value is dependent on high quality data. They must ensure they have access to real time information to facilitate informed decision-making based on facts, trends, and statistical numbers. Obtaining and storing accurate data is crucial, but it will be rudderless unless it’s turned into actionable information and delivered to the right people in an understandable format. This brings data management into sharp focus for risk professionals: including, tools that centralise and consolidate data; the maintenance of risk registers that identify potential risks; the development of KPIs that measure performance over time; and comprehensive risk assessments. Without access to this acute, high quality data set, a risk managers value will be limited. It is only when risk managers have deep insight into all areas of the business that they can take risk management to the next level and use risk data to make informed business decisions, uncover opportunities to streamline processes, and identify new initiatives that could grow the business.
The Right Tools for the Job
Against this backdrop of a global pandemic and war in Ukraine, the pursuit of risk-informed planning and operational functions has also culminated in a growing demand for the tools used to measure and predict risk. When it comes to the amount of data needed for a risk management programme, and the complexities around links to other systems, and the sharing of information – spreadsheets just won’t cut it!
Often the first step a risk manager takes when they start in a new business is to implement a purpose-built risk management tool. These GRC software solutions have the power to consolidate disparate processes, systems, and data sources into a single point of oversight to deliver deep insight into the risk profile, status, and performance of the entire business. If planned and implemented correctly, GRC tools can engage every area of the business and quickly become a conduit for risk-related information, fostering a risk-aware culture through worker engagement, participation, and leadership.
The efficient, best-practice risk management functionality provided by GRC software ensures employees at every level of the business can capture even the smallest incidents, near misses and risks, which if left unaccounted for can escalate. This collaborative process makes risk management more accessible, accountable, trackable, and resolvable than ever before. GRC software provides Risk Management teams with the following functionality:
- Risk management: Embeds operational risk management frameworks and processes – including risk assessments, controls, and tolerances – into the business, so risks can be identified, tracked, and managed effectively.
- Define KPIs: Whether they are met or missed, KPIs provide a roadmap for progress in the future by measuring historical performance.
- Reporting and monitoring: Facilitate incident and near miss reporting in real-time and instigate the investigation process post-event. Monitor KPI driven results continuously to mitigate risks and leverage opportunities.
- Compliance management: Tracks obligations and identifies areas of non-compliance to drive business action and address legislative changes.
- Risk Registers: Supports the creation of robust risk registers and the maintenance of them.
- Audit management: Schedules and manages internal and external audits and utilises the results.
- APIs: Consolidate data from across the business into one central location via Application Programming Interfaces (APIs). These APIs facilitate the collection of risk data by seamlessly interacting with other critical systems containing information such as staff details, financials, projects, incidents, risks, and measures.
Having collected and centralised relevant data from across every function of the business, risk professionals’ benefit from accurate information that provides a holistic view of risk and enhances the organisation’s risk posture – so they can: make risk-informed decisions, create a risk-aware culture with accountability and define a risk appetite that drives calculated risk-taking to achieve goals and objectives.
Amid unforeseen events that have dealt an indiscriminate blow to businesses and society, risk managers have become indispensable; helping organisations of all sizes meet their strategic and business objectives – a crucial role that is underpinned by solutions that empower the right people to make the right decisions at the right time.
To find out more about how Camms.Risk is supporting Risk Managers to implement a best-practice risk management framework, request a demo.