In the second of future of risk interviews, Anna Koburt, President of the Russian risk management association RusRisk, reviews the state of risk management today and how to prepare for tomorrow’s challenges
How has risk management changed in the past decade? Risk management is a profession on a development path. Risk management as a profession is evolving to become distinguished, solid and commonly recognised as a robust contributor to corporate success and value, financial stability, social responsibility and sustainability.
Risk managers now have to co- operate and integrate with a number of functions related to corporate risks, but the main achievement at this stage is that they have been recognised as true risk leaders.
In addition, the main changes, as well as challenges, in risk management during the past decade are related to the fact that non-financial risks have stepped forward in corporate risk profile, calling for specific skills for risk identification, assessment, communication and treatment. Risk management goes far beyond the calculation and reporting towards communication, integration, change management and risk culture development.
What responsibilities does the modern risk manager have?
Quite evidently, risk managers now expected to take responsibility and ownership for risks and management of risks. No longer is she/he easily accepted as simple facilitator within a company. The risk manager today now takes part in the decision-making.
This development has led to greater requirements – competences, competences and, again, competences. Risk managers need in-depth understanding about the core business and its industry. The risk manager has to be highly professional in risk management knowledge, tools, techniques and skills. Experience and in-depth expertise will make the risk manager flexible and able to steer themselves and management to selecting the tools and solutions that are the most appropriate for the particular environment and substance. There should be clear, day-to-day risk procedures in place, deeply integrated into the key business processes and value chain of an organisation. It is not enough to produce a risk report once or twice a year. The cur- rent assignment for the risk man- ager is about actively dealing with real risks daily, together with management.
Risk managers are now facing a great challenge in that expectations of them are changing. They should find a way to adopt corporate, daily business processes to become really integrated into the operational and communication loop in their organisations. Not an easy task at all.
My colleague, Alexei Sidorenko [from tech specialist Rusnano], said: “Risk management is not for a shy personality”.
On the other hand, this is a call for risk managers to demonstrate deep, multifunctional skills and knowledge. Our colleagues have to be ready for such responsibility and to be able to manage it.
What emerging risks have changed the risk manager’s role?
Risk managers have to be active in acquiring information and reacting on it. We should be fully included in the operative communication loop in our organisations at all levels, including the top one. In order to achieve this, the status of risk manager has to be raised, and the risk manager’s role has to be better positioned within organisations. Risk managers have to get direct access to the boardroom. With this in mind, FERMA intends to develop better knowledge of the role and practice of risk management bodies at board level – risk committees – at a European level. Brief study has already shown that, among others, a key principle for successful risk governance with risk committees is to provide a place for prospective discussions to anticipate future disruptive events that could change the market in which the organisation operates. This is to be achieved by gathering the expertise available in the organisation. The tone of these risk sessions should favour open discussions with a lighter and informal process behind them – reduced agenda and reporting format.
I love the expression by another of my colleagues, Jonathan Blackhurst [from Capita]. He said: “We have to become risk-intelligent.”
What risks or trends are likely to further complicate the risk manager’s role?
The main challenges in risk management are related to the fact that emerging and non-financial risks – political, cyber, strategic and so on – are stepping forward in the corporate risk profile. These all are the issues to be addressed to top decision-makers within an organisation. This requires from risk managers specific skills for risk identification, assessment, communication and treatment, including sometimes non-financial approaches. Yet they must also be reliable and trustworthy. In addition, this requires a highlevel of communication skills for the risk manager to position her or his own role as a risk leader and communicate with board representatives and all the experts in a company to establish a true and ongoing dialogue.
The biggest challenge is to build up and establish such integration at the risk manager’s own workplace and a risk communication loop with all stakeholders.
This is about being able to create risk culture and deploying an open risk aptitude, and it is not going to be given by someone else. The idea is to change the mindset of people around us – and that is not going to happen itself by some miracle. This is our own task at our own workplaces.
What are the top three biggest risks for 2015?
I will not be original here. They are:
- ebola virus;
- armed conflicts and the movement of people from North Africa and Syria; and
- global political opposition on Ukrainian developments.
These are global and non-financial by origin, but I would like to highlight the trend.
We clearly see that our world is shrinking and, despite thousands of kilometres lying between any African country and me – or we could say, between Ukraine or Russia and you – developments there may affect my life (or your life) and business quite substantially. Risks nowadays easily overcome distances and cross borders. Notice that the risks I listed earlier are humanitarian and political.
Nevertheless, even for non-trans- national businesses, they become something one cannot ignore. At the same time, it is difficult to predict, figure out, calculate and pre- vent their having an impact because of the very indirect influence of such global risks on businesses.