An interview with Pierre Sonigo, secretary-general, FERMA

What do you think are the most important challenges facing risk managers today?

We have several challenges to deal with. We all have to cope with larger demands from within and outside our organisations regarding compliance.

I am really concerned about the number of different standards we will need to comply with so one of the challenges will be avoiding bureaucracy in risk management.

For example, we now have the proposed ISO risk management standard. I think that is going to represent a new demand which is going to be huge in terms of resources, cost and manpower.

Then there is the ERM and the global approach. It is a major challenge to be able to deal across the board with all the risks a corporation is facing. I think that is quite difficult and I’m not sure we have the tools to do that. In order to provide pertinent information to the board and management, we will have to find new techniques, for example appropriate ways of measuring performance and how we are dealing with risk. That means defining KPIs and doing real risk assessment. That’s a management and an organisational challenge.

Another challenge will be dealing with a more difficult insurance market which continues to be somewhat risk averse as regards new risks such as environmental liability and long-tail health problems.

I see the final challenge as communication. How should you communicate about risk? What do you say or not say – how much, in what form and to whom? I believe that will be quite difficult in view of the legal issues. For example, the REACH regulations require you to define whether your product is carcinogenic.

Do you tell your employees this? So risk managers have quite a few challenges ahead.

How do you think they can deal most effectively with these?

There are several ways. Many of these risks are transversal so they have to be dealt with on a team basis. Risk managers will need to use other resources within the company and become a part of their teams. They can’t do it alone but need to work with auditors, financial people, communication specialists, etc.

So the risk manager’s role is going to be more of a team approach rather than a risk management job.

This also involves developing new skills, for example in actuarial modelling, and also getting people with different sets of skills within the risk management team. This might well include people who have knowledge of the perceptions of risk.

The way risks are perceived internally and how to communicate will require different types of skills.

Do you see any emerging risks on the horizon?

There are a number of ongoing risks such as environmental risks and perhaps climate change although I personally do not consider that a major risk. But we have to deal with it whether it’s real or just a perceived risk.

The health issues will continue to be a problem in relation to products, whether in respect of exposure of personnel within the organisation, customers or those in the vicinity of a particular plant. Increasingly we are going to find that products used by industrial companies have important health impacts. As the ways of measuring this develop, the more likely we are to see new potential risks.

“Risk managers have information which is unlikely to be possessed by anyone else in the company

Risk managers have information which is unlikely to be possessed by anyone else in the company.

Also, with the ageing population in most European countries, it’s likely that we will discover that environmental causes may contribute to some diseases such as Alzheimer’s.

This could have a significant impact for some corporations. And nanotechnology will bring new health issues. Risk managers have to be aware of these.

Interestingly, some religious risks are also emerging. In certain parts of the world where people of different religions work together, the resulting problems can be a major risk which needs to be dealt with. It’s one of the problems risk managers may have to tackle in the future.

Many risk managers do not have direct access to the board. How can risk managers get the value of what they are doing over to senior management?

It’s a problem. Many people calling themselves risk managers today are really insurance managers. There is a new breed of CROs or directors of risk which does have access to the board.

For others, it means demonstrating that you’re adding value. It helps to be part of the teams who are working on risk at the request of the board.

The board and audit committees are increasingly demanding better risk management and more information about risk. The problem is that they do not address those demands to risk managers. Instead, they are going to auditors, the financial team, etc.

These people sometimes ignore what the risk manager is doing simply because they don’t know what this is or how he or she can contribute.

So risk managers need to ensure that they are part of these teams and groups and show that they add value and share the huge amount of information that they have, particularly if they have a risk information system.

Risk managers have information which is unlikely to be possessed by anyone else in the company.

Do you think the role of the risk manager will change in the next five years and, if so, how?

I see two areas where it’s going to change. Specialisation is one – specialisation by type of risk or by risk techniques. There will be people who are increasingly specialised in risk assessment and those who will be more specialised in risk treatment including insurance.

These people may not even necessarily work in the same department and could be reporting to different levels in the company. Probably the risk assessors will be close to the top managers and those in charge of risk treatment more in line with operations.

I think we will see these functions as being clearly separated with more specialised people taking care of them.

The other difference I foresee is what I would call bureaucracy reporting. The risk managers will spend more time providing information to management, the board, investors and other stakeholders and they will be doing a rather different job in ensuring that the processes are in place in the company to deal with the risks.

And the processes will involve a lot of different people in the company. Risk management is going to change!