In response to a changing global economy as well as to regulatory and customer demands, risk management has evolved from a reactive and independent function, to one that is increasingly connected to strategic decision-making, with its own developing standards and best practices. In short, risk management has undergone considerable development: broadening its scope from just credit, market, and operational issues. Enterprise Risk Management (ERM) is currently the most advanced iteration of risk management, and seeks to improve on conventional approaches while taking into account current and future needs.
In a study on Risk Management in 2017:
- 19% of respondents said their risk management activities are coordinated across specific lines of business.
- 69% of respondents say skills shortage in new & emerging tech impedes risk function effectiveness.
- 59% say they are responding to cost pressures by aligning management and employee skills with the changing needs of the risk function.
- 52% are adopting a standardised model to manage market risk.
These findings point towards a risk function that encompasses greater scope and complexity, with the capacity to play a bigger role in a company’s decision-making processes and everyday operations. At the same time, the growing need for risk management is obstructed by lack of awareness at the top-level as well as the lack of a defined career or professional development path — both of which contribute to organisations struggling in improving the effectiveness of their risk function.
Here are a 4 fundamental shifts in risk management in the past decade:
1. Increasing focus on the big picture: More and more, the risk function is playing a greater role in the C-suite. While a large number of organisations and industries still suffer from the lack of robust risk management frameworks and processes, many recognise that risk management can be used as a powerful tool to inform business decisions. Risk management is no longer just seen as a method to keep organisations safe and protected from external harm, but a way to also have a holistic view of opportunities and threats, and how they align with business needs and objectives.
2. The growing importance of multidisciplinary knowledge and skills: Risk managers have traditionally started from a finance or auditing background. In the current iteration of risk management, however, risk professionals can come from a variety of fields and work experience, whether it’s marketing, sales, IT, and so on. This can prove to be a strength for those seeking to move beyond a checked-box approach to risk. The growing prominence of risk function makes it vital for risk managers to understand not only the business side of things, but also how other functions fit into the whole picture.
3. Increasing focus on outcomes: ERM moves the focus away from just assessing the probabilities of risk events and their effects on systems, operations, and processes. Now, there is greater focus on the relationship between risks and organisational objectives. Rather than just looking at the likelihood at the event, the best practice is to look at how objectives will be impacted by an event. By connecting risks to outcomes, ERM provides a guide to decision-makers on which risks are most important to address, and which can be placed as a lower priority. In this way, you can then increase the chances of achieving set objectives.
4. Internal risks and culture: Risk management has moved from being an ‘outsider’ function; though risk managers still have to maintain a certain level of independence and objectivity, their success also depends on how well they create relationships and understand the various business units. While it has been useful to evaluate the external risks to an organization, the risk function also has the potential to make improvements to internal processes, systems, and culture so that there is enterprise-wide efforts towards certain outcomes. A risk-aware culture is much talked-about but is often an elusive, vague concept to apply. Using risk-based thinking allows you to determine the best tools and approaches for each context or challenge you are faced with. Relying on the limited scope of audit and compliance functions to identify gaps will only leave organisations stuck at a certain level of performance or growth.
In the last decade or so, the risk management function has transformed from a narrow, limited discipline into an interdisciplinary field with a comprehensive, integrated approach. This means that risk management can no longer be a tacked-on function. Effective risk management requires investments in time, money, and talent, and an integration into the organisation’s efforts towards a long-term vision — a factor that can decrease the willingness to invest in the first place. However, we are in a new era of disruption innovation, geopolitical upheavals, and environmental catastrophes. The interdependencies of the global economies mean that it’s no longer sufficient for individuals or individual organisations to practice effective risk management. Government, regulatory bodies, and industry authorities also have their part to play in moving the discipline forward so that sustainability can be achieved on a collective, macro level.
Learn more about Enterprise Risk Management best practices and standards in our flagship ERM® Certification Program.