After three years of global shocks and turmoil, senior managers are more engaged than ever in risk management

Fifty-four percent of readers who responded to the latest StrategicRISK Global Benchmarking Risk survey say more attention being paid to the company’s risk function than ever before, compared to 38%, who say there had been no change. 

“The last three years have helped to increase the engagement of senior and C-level management and to approach risk management seriously,” observed the risk and control officer of a European technology company.

Asked how the last three years have affected their organisation’s approach to risk management, survey respondents said firms were more generally more proactive in areas such as business continuity and strategic risk management.

“There is more concern, more focus and more controls,” according to global director of insurance of a European construction company.

A public sector risk professional said she was seeing much “earlier involvement of risk in discussions”.

“There is much greater visibility of the value that risk management can add, recognition that the disciplines of risk management, crisis management and business continuity need to be intrinsically linked and approached holistically,” she continued. 

“[The events of the last few years] have proved greater interdependencies and relationships exist between risks,” added the senior director of enterprise risk and internal audit at a US-based financial services firm. “This has increased the ease in obtaining additional resources.”

Show us the money!

And yet, the majority of risk professionals say the resources they need to steer their organisations through an increasingly volatile risk landscape are lacking.

Just a third of our readers (34%) have seen their risk management budget increase over the past 12 months, a slight rise from last year’s survey where just 26% had seen a boost in resources. But for the vast majority, budgets (63%) and team sizes (75%) have remained the same year-on-year.

The director of a risk consultancy said there was a much greater platform for risk management since the global pandemic, War in Ukraine, supply chain crisis, natural catastrophes and other major upheavals. But the capital investment is not yet where it needs to be.

“There is much greater awareness that business as usual has changed and there are many more potential system shocks,” he noted. “We are seeing more buy-in from Execs, but not enough financial or practical support still for the Risk Function.”

Economic headwinds dominate short-term agenda

Dominating the near-term risk agenda is the risk of an economic slowdown (according to 56% of respondents). Of these, 64% said recession would have a moderate impact on their business and 29% expected it to have a major impact.

The majority of risk managers concerned about the economic climate thought their controls were, at best, ‘partially effective’.

Their responses come against the backdrop of a worsening economic environment, with the IMF currently forecasting that global growth will slow from 3.4 percent in 2022, to 2.9 percent in 2023 (before rebounding to 3.1 percent in 2024).

Difficulty maintaining a talented workforce (52%), mounting geopolitical risk (48%) and the impact of a targeted cyber attack (44%) were the other major concerns selected by our readers for the year ahead.

At a time when many parts of the world are continuing to feel the effects of the global pandemic, with countries such as China emerging from lockdown, just four percent said that a pandemic or other health issues was on their risk radar for 2023.

Longer-term when asked to select their top emerging risks, the risk of pandemic and infectious disease rose to just nine percent.

Asked to rank up to five emerging risks of most concern to them, respondents selected skills shortages (56%), increasing political instability and conflict (52%), data security and ethics (52%) and climate change (44%) as being at the top of their register when it came to a longer-term horizon.

Other notable emerging risks include those relating to the energy transition (22%) and inflation (26%). 

Asked where risk professionals would be focusing their efforts going forward, the top three priorities - according to survey respondents - are risk culture (40%), risk appetite (36%) and ESG and sustainability risk (32%). Other key areas include embedding ERM, monitoring emerging risks, crisis management and people risks.


An uphill battle

Commenting on the results of the survey, Hans Læssøe, founder at risk management consultancy Aktus, noted that too many companies expect their risk function to deliver superiod capabilities within the constraints of their current budget and processes.

Inevitably, this will lead to disappointment, he thinks, and they will ‘blame’ risk managers for not having foreseen and mitigated against major risks.

“After a five-year period starting with a ‘no-agreement agreement’ Brexit, and then to Covid-19, the Ukraine war, inflation etc, this sentiment - ‘risk managers, keep us safe, you have the means to do so’ - has been exacerbated.”

In order to carry out their role effectively, risk managers must have the resources they need and a voice and influence at a senior level within their organisations. But this remains a key challenge for many risk professionals, acknowledges Læssøe, despite having proved their value over the past three years.

“Risk management must affect decision making,” he says. “This is stated numerous times in the globally-acknowledged ISO 31000 standard. Yet, I see very few senior managers/executives who are prepared to adjust their decision processes to embed risk management steps.

“The worst managers simply will not accept anyone challenging their decisions as they see that as insubordination,” he adds. “This makes value-creating risk management a steep uphill battle.”

Despite this, he does not think risk managers should give up. “Step up your professionalism and recognise that qualitative assessments and heatmaps are utterly useless,” says Læssøe. “Ensure risks are quantified as - to quote Lord Kelvin - ‘you cannot improve what you do not measure’.”

“Focus hard on decision processes - from sales and operation planning, to budgeting, project approval and investments. Support these with proper risk analytics and help organisations make better decisions.

”If you are not asked to do so (or even discouraged from doing so), do it anyway and present decision makers with the results you have generated - inspiring them to sharpen their decisions.

“Take it one step at a time,” he added. “When decisions which have been properly risk managed prove to succeed more often than others, even the slowest of senior managers will begin to embed this, if for no other reasons than to enhance their own personal performance and bonuses.”