When I set out to write this article I thought to myself, top trends are boring because they are always too obvious and have been going on for years. So I went on a quest to find the trends that will completely reshape the profession and yet will catch most of the risk managers completely off guard. Because you know, the shoemaker’s son always goes barefoot. Write in the comments your level of surprise from 1 to 10 for the risk management trends.
Trend 1. Questions that have no answer
This one I feel will blindside most risk managers. As the science of decision making is evolving, the decision makers and decision checkers are becoming more educated. Remember 10 years when very few people new about cognitive biases and how they affect risk perception and decision making, well now it’s common knowledge and you probably can’t image a management course without some references to the studies in neuroeconomics. Same thing will happen with risk management. Decision makers and internal auditors are already aware that world is stochastic and deterministic decision making just doesn’t cut it anymore. It never did, but let’s pretend this is somehow news.
So I predicts that it is only a matter of time before Board members, decision makers and even internal auditors, ironic right, will start asking risk managers real questions. Questions like:
- what are expected losses and unexpected losses from a given risk/decision
- how much does the company need to reserve for these risks
- how much risk capital needs to be allocated to these risks
- which of the possible mitigations has the greatest effect on reducing the risk exposure
- how fat is the tail of risk distribution and can it be insured/hedged
- what is the probability of achieving the goal given the uncertainty
- what assumptions are most volatile
- how are risks correlated
- does this project reduce or increase the overall corporate risk exposure
- how does this decision affect liquidity risk and covenants
- what is the chance of positive cash flow
- what is the chance of expected rate of return, etc.
These are simple questions for the RM2 world, not so much for the 99% of the risk managers who spent they careers developing risk management frameworks, running risk workshops, collating risk registers and other RM1 mambo jumbo.
The big trend I predict is that the demand for risk management will outgrow the supply, educated decision makers will be asking real, complex, often mathematical questions and most risk managers will have nothing to show for it. Unfortunately can’t answer any of the questions above with a heatmap or even a risk register.
Don’t be blindsides, upskill your RM2 game.
Trend 2. Back tests are going to destroy risk management faster than Chicxulub impactor
In the world of science when someone makes a claim or puts forward a hypothesis we can test it to see whether it actually holds true. Surprisingly, not really, we don’t follow the same scientific rigor when it comes to risk management in non-financial companies. Risk managers outside of financial services, risk consultants, risk management institutes and standardization bodies have been making outrageous risk management claims for years with no back testing or independent validation. So many books by ex-CROs with no validation or back testing of the approaches they describe whatsoever, nothing but their word for it.
Well, my prediction is that we are going to see much more scientific rigor in risk management next year. You want to use heatmaps for your risk assessments, fine, just show the management and the auditors how they perform during the back test, are they better or worse than chance. Wait, what? They are worse than random risk ranking at predicting next big risks, then can’t really use heatmaps, can you. I expect auditors and Boards to demand back tests on any risk analysis performed by the company. These back tests, not opinions, should drive the risk methodology.
If you are not sure how to back test your corporate risk methodologies, that’s a pretty good sign it will not pass the test.
I also expect huge liability claims against consultants who were so shamelessly promoting RM1 to their clients for decades.
Trend 3. Changing the way decisions are made and presented
By far the most common excuse I heard in 2021 was this is way industry works or this is how we always did things. The big trend that I see includes changes beyond the risk management team. The first two trends were specific to the risk management profession, this one is about the application of risk analysis to business decision making.
For example supply chain, while it is now common to perform compliance and sanctions checks when accrediting new suppliers and even scoring suppliers based on some risk assessments, there is more opportunities for risk integration. Cheaper is not always better and risk-adjusted pricing can be used during tenders to compare apples to apples. Procurement performance can also be measured using risk-based metrics to reward not just reduction in cost, but also reduction in risk.
Insurance is another simple example. Most people assume that insurance decisions are risk based. They are not. Insurance buying is an embarrassment, lack of quantitative risk analysis and overreliance on brokers who are clueless about risk. And yet quantifying loss exceedance curves and comparing cost of transfer (premiums) to risk retention (deductibles) is the easiest thing a risk manager can do. I bet you intuitively feel that your company is overpaying for insurance but let me assure you, you have no idea just how much and what huge savings are available while improving the quality of the coverage at the same time.
Investment and M&A decisions have been historically made deterministically. It doesn’t have to be that way. We have all the tools we need to make decisions stochastically. Etc, etc.
One of the biggest trends I see for 2022 is stepping outside the normal risk management boundaries and changing how common business processes operate to make organizations risk-based.
Were you surprised by these risk management trends? Write in the comments your level of surprise from 1 to 10.