Megan Motto, chief executive of the Governance Institute, said the pandemic served to speed up the rate of change already evident in the profession – and more change is on the horizon with a key lesson from 2020 that is for organisations to place a focus on strengthening their risk management function.

The survey found that three major issues to drive changes in risk management are business continuity and resilience, regulatory change and compliance, and cyber security. Respondents surveyed felt that these three areas will have the biggest impact on risk management in 2025, with cyber security to have the biggest impact, followed by regulatory change and compliance and then business continuity and resilience.

The report stated, however, that it is of concern that survey respondents ranked two of the risks that have been underscored by the pandemic crisis management and supply chain failure – as the least likely to drive changes to risk management both in 2025 and 2030.

“This suggests that the lessons learnt from the pandemic may not be as long-lasting as we would hope,” the survey found.

For major drivers of change in 2030, climate change and artificial intelligence were ranked the highest, which perhaps reflects a more long-term view, according to the report.

“Cybersecurity, business continuity and resilience, geopolitics and uncertainty, and regulatory change and compliance were all ranked very closely behind, suggesting that respondents believe the issues that will affect the profession over the next five years will also be influential over the next 10 years,” the report analysed.

As a result, these drivers of change in the next decade have revealed the importance for those who work across the risk management function on the need to constantly adapt and update to prepare for transformative challenges in the future.

VIEW ALL

Lyn Nicholson, Holding Redlich general counsel, said that to be a “trusted adviser the risk professional needs to be able to constantly rebalance the risk appetite and update it for new information.”

“COVID-19 and working from home, and telehealth, are prime examples of many businesses and individuals changing their view,” she said.

With a shift towards data-based decision-making in the future, the survey found risk professionals will need to be able to analyse data well, so they can build a picture of the risks the organisation might face in the future. 

Strong data analysis will also provide the board with more context when it makes decisions about risk, the study found. It allows the board to understand which risks it could reasonably see coming, given the data available to it.

Another transformative factor needed will be the need for risk professionals to have “a more mature relationship with technology,” with the report stating “vendors need to tell [risk professionals] how to use technology effectively.” This would allow risk professionals to gain a better understanding of what their systems can do for them.

Steve Farrall, risk management consultant at the South Australia Department of Health and Wellbeing said the adoption of better technology, such as enterprise solutions, to support the profession’s outputs, should be a key consideration over the next five to 10 years.

“There is an enormous amount of data in organisations but the ability to harvest it and turn it into something useful is really difficult,” Mr Farrall said.

Ultimately, risk professionals will also need to communicate risk effectively, to the board and across the organisation. This area of the role is growing in importance and will be key in adapting towards the various drivers of change in the future.

“Risk professionals need to be heard in the boardroom. They need to ensure that directors understand the context of the decisions they are making,” the report stated.

“There is a need to ‘sell’ risk to the board and other decision-makers, so that they appreciate the value in hearing what the risk department has to say. Risk professionals must also deliver an effective challenge in the boardroom.

“The future risk professional will need to have a broad perspective to allow them to build the kind of gravitas that is required to influence others, particularly board members. This could be achieved by building external knowledge through additional learning or involvement in other organisations, to widen the context risk professionals draw on when presenting information to decision-makers.”