The risk management function will increase in importance and be in the centre of strategy in the coming five years post-pandemic but most businesses are not completely resourced and prepared in the risk function to meet coming challenges.
With the pandemic delivering a sharp lesson in risk in 2020, shining a strong spotlight on the risk management profession, The Future of the Risk Management Professional report by the Governance Institute of Australia is based on a survey of almost 350 professionals, an expert roundtable discussion, and in-depth interviews with three leading risk management experts.
The report found that while 77 per cent of respondents expect the risk management function to become more important in the next five years, nearly half (47 per cent) reported that their risk management team does not have the resources needed to do its job effectively with 52 per cent of respondents feeling slightly prepared.
Governance Institute of Australia chief executive Megan Motto said the report provides a road map for the risk management profession as it traverses an uncertain, fluid future landscape.
“This year, the risk management profession has been challenged like never before with a series of crises striking and the voice of risk raised to the boardroom table as organisations grapple with major decisions,” Ms Motto said.
Ms Motto said the pandemic served to speed up the rate of change already evident in the profession – and more change is on the horizon.
“This is a valuable snapshot of the skills and attributes that will be in demand in order to tackle future risk management challenges. It will help guide the profession so they can be better prepared to meet the challenges,” she said.
Earlier in the year, another survey revealed that not enough testing was being undertaken on organisational risk and crisis plans during the onset of COVID-19.
With almost a third of survey respondents reporting that their risk management functions are not very well resourced, Ms Motto said a key lesson from 2020 is for organisations to place a focus on strengthening their risk management function.
“The report contains some important reminders for management and boards about ensuring their risk function is prioritised and well resourced. Recent corporate crises have illustrated just how dramatically companies can unravel when this is not the case,” she said.
Business continuity and resilience, regulatory change and compliance, and cyber security are expected to be the three key drivers of change in 2025, the study found.
However, by 2030, climate change, artificial intelligence and business continuity and resilience are expected to dominate.
Furthermore, the pandemic has accelerated the pace of change in the risk profession. It has demonstrated the importance of risk in building resilience to withstand shocks. There is an increased demand for risk management, in particular stress testing.
The report revealed that the pandemic has altered the climate in which decisions are being made: it is hard to make long-term decisions as the situation is so fluid. There is a greater need to take emotional or moral factors into account. Areas of operational risk, such as employee wellbeing and social impact, have grown in importance during the pandemic and risk professionals will need to take this into account to avoid reputational damage.
The remit of the risk professional has also become broader, making the scope of the role harder to define. The strategic elements are expanding, meaning risk professionals need to be communicators and influencers, as well as technical experts. The report revealed it is likely the role will split into two or several positions, with technical experts in key areas of audit, compliance and legal fields working alongside masters of strategy to make the voice of risk heard across the organisation, especially in the boardroom.
“Recent corporate scandals and organisational failures demonstrate the consequences of not placing risk at the centre of strategic discussions,” the report stated.
“In addition to the risk profession becoming more strategic, there is also a greater focus on educating non-risk colleagues about risk, as well as being more optimistic by identifying opportunities as well as threat.
“Risk needs to emerge from the legal or audit department to be something that is understood and used across the organisation, especially when it comes to decision-making.”
“This will require risk professionals to educate colleagues about the benefits of risk when it comes to identifying both threats and opportunities, without trying to make them subject-matter experts.
According to David Ingram, chief risk officer and company secretary Bank of China (Australia), the pandemic “is really an exercise in boards learning to, if they had any comfort zones, get out of those comfort zones, and really look at the drivers of risk and the impact on strategy.”
Looking to the future, the report highlighted that the challenge will be to move from the crisis mode instigated by COVID-19 to a business-as-usual operating model that successfully integrates what the pandemic has taught businesses about the importance of stress testing and risk management with the routine tasks of running an organisation.