It is vital that companies innovate and, in a rapidly changing world, the role of the risk manager is taking on a new urgency

Innovation

It is one of the great business clichés of our time. Everyone, in everything they do in the corporate world, seems to claim that they are ‘innovating’ – all too often without any justification. 

“It’s certainly an easy word to throw around,” says Julia Graham, director of risk management and insurance for global law firm DLA Piper and the current president of the FERMA. “But a very hard one to define and act on. 

“Businesses, risk managers, insurers – they all use the word a lot without really articulating what they are doing. If I hear another insurer claiming that they are ‘innovating’, I’m going to say: ‘Well, what exactly do you mean?’”

But while the word might frequently ring hollow, it remains nonetheless at the heart of every successful firm. Like a shark that needs to keep swimming to breathe, a company cannot stay still or it will suffocate. 

“We used to think about innovation in terms of products and processes – but now, people are talking much more in terms of ‘higher order innovation’ and looking at business models and management,” says Andy Neely, founding director of the Cambridge Service Alliance and professor of complex services at the Royal Academy of Engineering. “Success is now about how we are doing things, rather than how to make them better.” 

The problem every organisation faces is that the world does not stand still. Unless you are constantly asking questions of yourself – which, rest assured, your competitors will be doing – then you risk being left behind. 

“Change is everywhere in both services and the products and manufacturing sectors,” says FERMA scientific adviser Dr Marie-Gemma Dequae. “If you stay fixed with what you are doing today, you will get into trouble in the future. 

“There are concrete examples of this: Kodak, Nokia, Borders bookshops. Without innovation, you endanger the continuity of your company.” 

Neely agrees. “It’s a constant race and absolutely all organisations need to be in the running,” he says. “In different sectors you get different focuses and different ‘clock speeds’. For a long time in pharma, drug development has been a key area of their business and here innovation has a long lead; whereas an e-commerce firm may be able to make changes almost immediately.”

Expertise

At the heart of this process should be the risk manager: “[They] must be involved,” says Dequae. “Risk managers cannot be separate within a company. They have to be involved and become a partner in the process so that when new projects are on the table, you have to be there to talk and ask questions and bring your expertise to the planning process. 

“You will need some resources to capture new solutions, but that is the purpose of the company: to continually re-examine the business model. You also have the opportunity to change your supply chain and manufacturing; you can go to new markets, you can leave markets that are not working for you.”

The role of the risk manager is absolutely critical, for what should be obvious reasons. 

“Innovation is inherently risky, of course it is,” says Graham. “The problem is that many firms look to the short term, when they are under pressure, instead of looking to innovate, which is what they should be doing. Bridging this gap is where risk management comes in. We can help companies manage the process of innovation. We should be right in there.

“Risk managers need the opportunity to sit at the boardroom table and have a conversation with those who are trying to drive innovation. It is our job to make sure innovation happens in a risk-informed way. 

“I would wager that failure to innovate should be up there as one of the strategic risks at a large number of firms. It certainly is at DLA Piper. You need to be an innovative business and keep your business model up to date. Plus, you need to use innovative tools and techniques in your operations.”

But in cash-strapped times, risk managers may find that in talking to colleagues they encounter obstacles to innovation in terms of a scarcity of resources. Here again, they have a unique role to play. 

“To innovate you need cash, and every company is hungry and putting a lot of effort into their business,” says Gaëtan Lefèvre, president of BELRIM. “Innovation takes time and cash. When everyone is hungry, there is a huge pressure on that cash. So it is a real challenge to innovate, to invest in new technology or new ways of doing things.

“In particular, the finance sector of the business is often frightened of innovation, of investment. Some clients are asking for our help with this – in helping them find finance – and this is a new way of doing things. 

Engagement

“I think that risk management can help innovation by providing risk identification. Not to say that it’s not possible, but just in the identification of risk. 

“It is not the job of the risk manager to say either: ‘We will take this risk,’ or ‘We will not take this risk.’ That decision depends on the strategy of the company. If the decision is to take the risk, then we as risk managers need to find a way to transfer that risk. 

“For example, in our company, I was involved with some new technology and we first had a very good conversation to understand what the risks were, and then moved on to the nature of the risks and whether or not they were transferable. 

“We try to find new ways to limit the engagement of the company. We must be able to say: ‘We know the risk and we have placed some sort of cap on it.”

It can seem overwhelming, but risk managers need to encourage a deep risk awareness among their colleagues – not only to mitigate problems, but to identify opportunities. In doing this, simple habits and disciplines can really help. 

“Encourage colleagues to adopt an old-fashioned PEST [political, economic, social and technological risk] analysis as they read the news,” says Professor Bob Garratt, international corporate governance and board development consultant. “It’s not just one thing changing. Everything is changing, most of the time, so how to you get your
corporate head around it? 

“Most people freak out at the thought. But it’s easy to get reasonably comfortable just by reading a serious daily paper – most of which, by the way, if you read the headers at the tops of the pages, are based on a PEST analysis. You need to develop a discipline of engaging with change and when you do, you will see opportunities.”

More and more, risk managers need to act quickly and find tailor-made solutions to help their colleagues truly innovate. “For example, in insurance in the past, global cover was enough,” says Lefèvre. “Now you need specific solutions to specific projects. 

“We need to be more reactive – and proactive – and fundamentally, accept more risk. 

“We need to be more innovative in the way we do everything and that means more and more work for us; everybody needs to work harder.”

Technology

The past 20 years have seen a technological boom that is arguably unmatched in history. From a standing start in the early 1990s, computers now dominate everyday life and the internet has changed the way we work, rest and play. The way customers shop and the way businesses sell their products is fundamentally different. 

This period of rapid and profound change has taken down those businesses that failed to adapt and survive. “We see that the life-cycle of products is sharpening in all sectors,” says FERMA’s scientific adviser, Dr Marie-Gemma Dequae. “Not just in manufacturing – services are also being affected. 

“The motor to these changes is linked to the digital world, the internet. This is changing both the way companies work and the products that they are offering.

“Look at automobile manufacture and compare a car today with one from 10 or 15 years ago. Firms have had to innovate dramatically to include ICT in vehicles.”

Learning from failure

At the forefront of technological change is the agri-business Syngenta, which describes itself as “committed to sustainable agriculture through innovative research and technology”. 

“For us, innovation has two aspects to it,” says head of group risk management Olivier Balmat, who is responsible for enterprise risk management throughout the company. 

“Failure to innovate is a risk, because without innovation you do not have sustainability within the company; you might have to close. In the wider sense – specifically, if we say that risk is not always negative and that risk can be an opportunity – failure might mean something positive because you need to fail to learn. 

“Innovation should be seen from both perspectives.”

One of the challenges of working in risk management at the cutting edge of the technology sector is finding ways to work with technically specialised departments operating precise and complex projects. 

“How a risk manager helps their company innovate depends on their role within the company and how narrow or broad their remit is,” says Balmat. “For me, my job is not to decide how to manage a risk – that is the job of the line managers. My job is to help them explicitly address risks. Everyone does this implicitly, but the risk manager can help do this better by creating a common risk language. 

“Specifically, when it comes to innovation, the risk manager can help people understand risk in its wider sense, where failure can be good – as long as we draw the right conclusions and implement them in future projects. 

“We are in a highly specialised world, where perhaps the scientists don’t think the same way as business development or the commercial people, and I think that the risk managers can make sure that all sides understand the risks in what they are doing.” 

Balmat believes that although some of the challenges he faces are universal to risk management – some people will be co-operative, while others will be forever demanding explanations – there is a specific requirement to be able to communicate with assorted personality types. 

“You will have to approach different people in different ways,” he says. “For example, scientists are logical, methodical people, and you need to show them proof and let them explore your approach for themselves. You cannot just go into a meeting and say: ‘This is what we are doing.’ 

“Other areas of the business will react differently and you need to be able to make switches in your approach. This is especially true when you are taking an enterprise-wide, holistic approach. 

“We can ensure everyone considers risk and feels comfortable talking about it.”

Inception

At Syngenta, for instance, there is a chemical side, a crop protection side and a seed side to the business. 

“We are integrating these together and have an overarching governance that follows each project from inception through to sales and the market. This process requires a full risk assessment,” says Balmat. 

“There are two dimensions to this: the risks associated with project management and also the risks inherent in the content. Is it safe? Could it react to allergies? 

“We need to know how the product will perform in the market. Will people buy it? Is the regulator likely to come to a decision against the product at a late stage? 

“We, as risk managers, help our colleagues see things end to end; help them see more broadly beyond their specialist area. Risk management enables everyone to bring their risks up together and come to a decision together.

“Innovation is essential, but it becomes harder.”

Intangible risk

One of the major challenges facing risk managers and chief risk officers around the world is that the high-tech boom – and particularly the internet – means that the value of many companies is now largely made up of non-physical resources such as their brand and data. 

Until recently, the main stock value of a company was its physical assets – that is property, plant and machinery. Nowadays, however, in many sectors, the value is more likely to be made up of what Peter Hacker, chief executive, global communications, technology and media practice, JLT Specialty Ltd, refers to as “intangible assets”. 

“This can be little more than a website, intellectual property data or a brand,” he says. 

“So, what does that mean for risk managers? If 80% or 90% of your firm’s value is based on these things, for risk managers that represents a change of focus. 

“Take a smartphone, for example. This is based on various applications, when you use applications you use software, when you use software you have data and content, and you have third parties hosting all that. 

“The key challenge for risk managers and brokers is to think outside the box in a horizontal way, outside their silos.”

For instance, if a telecommunications company is hacked, most insurers think in terms of a cyber incident. 

“But it is much more than that, because there is a potential effect on your P&L as variable costs increase, you might lose customers, have contractual liability issues, lose data or land in trouble with the regulator. 

“The challenge is to understand the shift into this complex area and develop solutions, not only products. You have to quantify the risk and then take an all-risks approach. 

“Products alone will not provide the value a company needs.”

Intellectual property

Hacker says that until a year ago, most risk managers were not up to speed on this profound shift in focus, but this has changed. “They are now following a different approach. 

“First, look at the risk landscape, the macroeconomic risk and regulatory risk. Then look at your tangible risk and then on into your intangible risk – and you really need to understand this in terms of your first-party and third-party exposure, which is built around intellectual property and business interruption. 

“Once you understand these, you need to quantify the risk across your organisation – and then look at what you are buying already. Ask yourself whether you have cover in your property, casualty, D&O policies? 

“Look at your policies and understand what you have. Then you need to stress-test your policies and find your gaps. For example, are you covered for a data failure in your supply chain?Then you need to decide, is it better to invest in insurance or alternative risk management, such as supply chain management and disaster management? 

“Only then can you create a properly tailored solution”.