Dan Chelly, a risk manager at Mazars and a member of the scientific committee at Amrae gives his views on current risk issues, emerging trends for the sector, the role of the risk manager and how artificial intelligence won’t be stealing jobs just yet…
SR: What are the current top three risks facing risk managers today?
Dan Chelly: The first one is cyber risk, clearly. On LinkedIn, I post a lot of press articles and nearly each week I have a new case of ransomware. Corporates actors are concerned (at this moment, Bouygues contructions) but many towns (New Orleans, Las Vegas…) or Hospitals (Rouen) were impacted in the last few days.
The second one, for me, is ethics and compliance matters with new rules and higher sanctions amount than in the past. You have ethics and compliance in your local markets and then you have also another “layer” due to extraterritoriality rules from united states.
The third one is risk from the supply chain. Most corporates use outsourcing today in many kinds of industries. You have a good example today with coronavirus in China – this has had many consequences across the world. The car industry, for example, could be impacted worldwide because of the supply chain being broken.
SR: What are the top emerging risks for the industry?
Dan Chelly: I have two emerging risks that I think could change how we manage risk today. The first one is the internet of things (IOT) linked to 5G.
The IoT is linked to the possibility to connect and 5G helps achieve this connection. You will be able to get captors everywhere in the company. I think that a lot of information due to those captors could affect risk management decisions. Beyond the question of cyber risk, there is question about the process to analyse all those data and to take “human” decision.
The second emerging risk for me is the business risk. The business risk due to changes in the business model. [These changes] are due to disruption factors or to new regulations. Both will change how and where you get the money in your business model and how and where you get in touch with your clients.
SR: How has the role of the risk manager evolved?
Dan Chelly: It will become a more strategic, part of the decision tree. The movement started a few years ago, but it will continue.
When you are in the Financial market, you need systematically to deal with performance and risk together - and you can’t manage one without the other. I think today, in all kinds of industries and services, you will have to manage both also. The risk prism is necessarily a part of the decision.
The role will become more strategic, but at the same time, risk managers will need to become a risk Swiss knife. Why? Because it’s so complex today to manage risks.
The risk manager will coordinate risk experts, like legal experts, compliance experts, cyber risk experts, supply chain experts – he will have to manage and coordinate all those skills and experts to achieve full ERM (enterprise risk management). Taking place at a strategic level, he will be an orchestra conductor of risk management.
SR: Do you see a lot of automation or machine learning coming into risk management at all?
Dan Chelly: Clearly yes, but for me, it’s will be only a help for decision. I don’t think that all risk management can be driven with automation. There are so many things and so many kinds of risk to take into account that it’s could not be possible.
Many articles say that the artificial intelligence is running in one way and if you focus on something, it’s good. So [AI can be used] to play chess, to drive a car. You can use AI on some clear processes, but I think that risk management is so wide, there are so many things to understand, that human view is compulsory.
If you want to manage risk, you need to have a human view, a human analysis, helped by a lot of tools – no problem with that – but I don’t think that a machine will replace the risk manager. I see in the future a more augmented risk manager [maybe], with the right tools.
It’s so complex. In all enterprise, you need a committee to take decisions. Why do you need a committee? No one can understand everything at a higher level and be able to take decisions alone. You need to have committee to have all people, with all experiences, to discuss and then to take a decision. It’s not possible today, in this complex system, for one person to say: ‘I know, we need to go on this way’.
For me, with AI, it’s nearly the same. A risk manager has so many things to deal with, such as team turnover, communication crisis, cyber risk, problems in the quality of a product. You have so many things to identify, to understand, to analyse, it’s not possible to be an expert, that’s why I think the risk manager will be a Swiss knife. He will not be an expert of all, he will have enough skills in all those things to discuss, to take information and to embrace all the information and then make decisions.