As the world of risk gets increasingly complex, there is a golden opportunity to elevate the profession beyond insurance buying, to strategic, value-adding, board-level ERM. Those risk managers who fail to step up and grab it with both hands may quickly become irrelevant.
The theme that really stood out to me as I put together this issue is the extent to which the world of risk (and therefore risk management) is changing.
For starters, the threats that businesses face are evolving.
Take cyber risk. Attacks are now inevitable, and hackers are becoming more sophisticated.
Risk managers need to understand complex issues such as double-extortion ransomware (see our guide to managing this on page 20) and CEO impersonation fraud (page 3).
The rate of change is also accelerating.
Climate change is no longer a worry for the future, as our survey and research report (pages 25–36) reveal. It has happened already, and the effects are devastating.
”Threats do not behave tidily, queuing patiently for their turn to challenge a business.”
As Alessandro De Felice, chief risk officer at Prysmian Group, puts it: “Climate risk is no longer a matter of prevention. It’s a matter of control.”
Of course, these risks (and the many others risk managers must consider, such as hurricanes (page 4), supply chain (page 9) and even the intricacies of the North Korean political landscape (page 22)) do not stand in isolation.
Threats do not behave tidily, queuing patiently for their turn to challenge a business.
Instead, the risk manager finds his- or herself caught in an onslaught of crisis, with all the components connected and influencing each other, in new and unexpected ways.
So, what does this mean for the industry?
It means that risk managers need new skills. First, they need to align with boards, thinking beyond health and safety, emergency planning and business continuity, and focusing on value creation.
As the IRM’s Clive Thompson explains in our cover story on page 12, “It is very important that risk managers have an understanding of how to exploit opportunity – this is the only way the risk profession will contribute to top table strategy and debate.”
It also means moving beyond insurance and looking at a broad range of tactics to manage the increasingly complex risks facing a business.
”Our special report is packed with advice from risk managers and experts who’ve been there, done that, and can show you how”
AKTUS’s Hans Læssøe puts it nicely in his opinion piece on page 7: “For business managers and risk managers alike, past approaches of identifying, analysing and mitigating risks based on current operations and defined strategies are at high risk of being too little, too late… A new and more active approach is needed.”
A massive part of this is shaping a positive risk culture for your organisation. This allows you to embed risk-based decision-making throughout your business, from the C-suite to the shop floor.
This might sound daunting, but our special report is packed with advice from risk managers and experts who’ve been there, done that, and can show you how (page 37).
For more inspiration, check out our case studies throughout the magazine, including:
- How an Indian SME redesigned its risk culture, built on empowerment and education (page 44)
- How one risk manager overcame boardroom challenges to successfully implement a risk management programme (page 18)
- How Prysmian’s Alessandro de Felice has integrated TCFD reporting and climate risk processes into the ERM framework (page 33)
Finally, the industry needs to think about how to attract a new generation of risk managers who have the skills to thrive in this ever-broadening role.
This is far from easy, particularly as huge swathes of experienced professionals are now approaching retirement.
The trick, as Dirk Wegener explains on page 14, is to highlight the breadth, depth and excitement inherent in the modern risk manager role.
He says: “We should be vocal about what we are doing… It’s a very interesting role given the diversity of topics and areas it encompasses. You have to understand every aspect of the organisation; the whole arsenal of potential risk management and mitigation measures available to you and your corporation.”