Risk managers: 'Be brave' in 2019

So here we are- at the cusp of another new year. That time of the year where we often sit back and reflect on the year that has been. Across the globe, a number of events this year have catapulted a paradigm shift-  Brexit developments. American politics, Cambridge Analytica and within Asia, nothing stood out more for me this year than the historic Malaysian elections.

These events have affected all of us in one way or another, perhaps personally, professionally, or both. So from a risk management perspective, as the year draws to a close, I ask myself what I have learnt not just from the volatile world that we live in but also from my own experiences.

My personal risk management lessons in 2018

Thinking out of the box. Sounds like a cliche but who would have predicted some of the world events of this year? I believe this ever changing economic landscape calls for a shift in the way we approach risk management. We need to be having the real conversations with our senior leaders about how our businesses and industries will be affected by such macroeconomic factors. A risk heat map isn’t going to capture this nor is a risk register but strategic-led conversations will. 

Sharing knowledge. Over the course of the year, I have had the pleasure and privilege of attending and speaking at industry events. What I have gained has been invaluable. Risk can sometimes be a lonely place to be; trying to fight the how’s, why’s and what if’s on your own is quite the challenge. Getting insights from other risk practitioners across various industries and countries can sometimes completely change your approach and perspective. 

Building a network. We all talk about the tone from the top and I believe its absolutely crucial to have this support. However, equally important is finding key stakeholders across the business who can help you achieve your objectives. Spend some time talking to management, leaders or functional heads to understand their views on risk management and from there, you’ll know who you can count on to help push the agenda forward. The aim of course is for everyone to be on the same page but practically speaking, this almost never happens immediately. Risk is not about short-term gains so the building blocks will take time. 

Be brave. Courage isn’t something that we often see on a risk manager job sob spec but its a key skill. Sometimes you are faced with situations where you have to challenge management and even the Board on matters that you know to be true. Armed with facts and  conviction, stand up and be resilient. This is one of the best ways to add real value, so don’t shy away from the tough conversations.

What I believe the risk management profession needs in 2019

Solving the catch 22. As risk managers, we sometimes need to convince management of the real value of the function, yet how do we add value if we aren’t part of the strategic decisions? Many companies view risk management as a ‘nice to have’, but how many are truly taking the opinions of the function seriously? I don’t think there is an easy fix to this but I think its time that we started to really and truly understand how to break down the silos, be an important part of decision making and not an afterthought.

The risk- compliance equation. Risk and Compliance. Does Strong risk management drive compliance or vice-versa? Clearly these are both important functions to have within any organisation but the balance needs to be just right. I have seen organisations driving risk management purely for compliance reasons and to prove to regulators that the function exists. But what is the panacea or the equilibrium? I believe the industry needs more guidance on how to achieve this balance so that both functions are effective in their own right, without eclipsing one another. 

The data dilemma. Data has been a key theme in 2018. How to better use data to make decisions, data mining. The list goes on. But has anyone really cracked the code of exactly what data we should be using, how we should be using it and what value this can truly bring? Do we need software for this, do we do it manually? I, for one would love more discussions and direction on this new age of data and risk management and its intrinsic value.

Core competencies. Risk managers are sometimes placed in their jobs within their organisations because someone needs to do the job. I can’t imagine the same being true for doctors, lawyers or accountants. So what key skills do risk managers need to have and how to we ensure that as a profession, we are aligned on these competencies? If we want to be taken seriously and to have a voice, then surely we need to know amongst ourselves, what it is we need to possess as core skills. 

With all that there is to achieve as a profession or individually, there’s so much to look forward to in 2019. To borrow a quote, ” without change there is no innovation or incentive for improvement. Those who initiate change will have a better opportunity to manage the change that is inevitable”