Day one of the Risk Awareness Week 2021 conference was dedicated to governance and the future of risk management. Speakers focused on key lessons such as how risk managers can better establish relationships with boards, how risks can be transformed into opportunities to create shareholder capital, and how to embed risk analysis into finance, strategy and treasury departments.
Future trends in risk management
The day kicked off with a session on the future trends of risk management 2.0, delivered by Alex Sidorenko, Chief Risk Officer at EuroChem. In the most popular workshop of the conference, Alex pulled out four key trends, which risk managers must be aware of. These included:
Why it’s important to have clear goals for quantitative risk analysis
Alex believes that “quantitative risk analysis is a given” and it is well-established that the risk management industry must move away from qualitative risk scales, scoring methodologies and heat maps.
He explains: “I think we’ve grown enough as a profession to recognise qualitative risk assessments as professional negligence and that we should quantify risks whenever and whenever possible”
But he cautions that quantifying risks for sake of it is pointless and that risk managers must have clear goals in mind from the outset. Specifically, you only need to quantify risks when you’re at the stage where you’re trying to decide which mitigation strategy is best or need to make an important business decision.
Why stochastic libraries are the answer
Alex says that since many parts of an organisation must become risk-based, and the goal for risk management is to ensure that everyone is thinking about risk, the administration of applying quantitative risk analysis can become a huge burden.
He argues that the answer to this dilemma is stochastic libraries, which allow people to create what he calls “microwave meals out of quantitative risk analysis”. This means that risk managers do not have to create distributions from scratch every single time and can pre-prepare a lot of the components necessary for quantitative risk analysis.
The need for back-testing
Alex’s third point is that without a back test, “you’re just another person with an opinion”. He says that even though many empirical studies show that qualitative risk assessment techniques are worse than useless, quantitative risk analysis techniques don’t automatically guarantee the best possible decisions either.
In fact, Alex points out that while they almost certainly will provide better decisions than qualitative risk analysis, it may still not be good enough for the executives to make decisions. That’s why risk managers must back test everything that they do – to confirm that they’re actually reducing uncertainty and error.
Stop talking about the next big risk
Alex’s fourth and final future trend was that risk managers need to stop laser-focusing on the latest, “new, sexy risk of the year”. His point is that that mathematics, analytics and stochastic techniques used to manage risks are identical regardless of what threat they are applied to. Therefore, the risk management professional will be better served by learning, adapting and even improving the risk management tools and techniques rather than focusing on the latest risk trends. He concluded: “By understanding and learning those methods, you can apply and quantify literally any other future risk on the planet.”
You can watch Alex’s presentation in full here.
The board’s role in risk management
Another key session of the day examined the board’s role in risk management. The half-hour talk, which was delivered by Norman Marks, Author, thought leader, retired CAE and CRO, examined how to establish conversations between various groups including:
- The c-suite / management
- The board
- Different board committees
- Risk management
- Audit / compliance.
Norman began by showing that reviewing a list of what could go wrong is not the best way for a board to get assurance that an organisation will be successful. Next, he spoke about the value that an effective risk management program can and should deliver, such as enabling informed and intelligent strategic and tactical decisions. Finally, he shared his views on what the board should do when it comes to its oversight responsibilities.
He gave firms valuable tools in the form of lists of questions that each group should be asking the others and explained clearly how information needs to flow from risk management to the board in order to enable strategic decision making. For instance, questions that board should be asking risk managers included:
- CRO, is risk management effective? Does it meet the needs of the organisation?
- CRO, what are your plans for improvement?
- CRO, is collaboration with management effective?
- CRO, are we in compliance with risk-related regs?
- CRO, what else do we need to know?
- Tell us how we are handling the more significant sources of risk to our organisation?
He also gave concrete advice for risk managers interacting with boards, such as avoid technobabble, tell them only what they need to know, provide actionable information and don’t bury them in a mass of detail.
You can watch Norman’s 30-minute session here.
Measuring readiness and building capability in business continuity
The day finished with a workshop by David Lindstedt PhD, Founder at Adaptive BC Solutions showing how to measure preparedness and recoverability in business continuity.
In the step-by-step talk, risk managers learnt:
- What actions work (and which do NOT) in the post-disaster environment
- How to measure preparedness
- Examples and implications
A key takeaway was that risk managers need to prepare for effects not causes, because there are an infinite number of things that can wrong. He says that there are three main outcomes from any disaster:
- Unavailability of people
- Unavailability of resources
- Unavailability of locations
To deal with this, firms must focus on checklists rather than binders, capabilities not documentation, guiding principles not activities, innovation not instructions and so on.
In the second part of his workshop. he explained how companies can meaningfully measure preparedness, based on the three implications outlined above and the resources, procedures and crisis competencies that the company, its departments and even individuals in place. This method he outlines gives a specific measurement rather than a hunch, and shows how the organisation as a whole is equipped to deal with various crises and disasters.
Finally, he shows how by measuring preparedness, businesses can see where the gaps are and begin to address them. By following this method, business continuity becomes more of a science, whereby firms can plug in AI, data and analytics, and figure out what is most important. Taking it further, companies can measure preparedness before a disaster, measure the impacts afterwards and correlate the two, leading to even more precise measurement formulas over time.
You can watch the half-hour presentation here.
All day one sessions
You can catch up on the full list of sessions on the Risk Awareness Week website. Day one’s workshops included:
- Future trends in Risk Management 2.0 (50 minutes) – Alex Sidorenko, Chief Risk Officer, EuroChem – watch now.
- Risk as a Scarce Resource – Boards and the Attraction of Risk Capital (39 minutes) – David R. Koenig, President and CEO, The DCRO Institute – watch now
- The board’s role in risk governance (36 minutes) – Norman Marks, Author, thought leader, retired CAE and CRO – watch now
- Risk analysis in time series forecasting (42 minutes) – Jorge Salazar, Risk Specialist, Nutrien – watch now
- Practical steps to enrich risk analysis with scenario planning (34 minutes) – Henk Krijnen, Founding partner, Claridec – watch now
- Measuring Readiness and Building Capability in Business Continuity (37 minutes) – David Lindstedt PhD, Founder, Adaptive BC Solutions – watch now
- Measuring Outcomes and Demonstrating Value in Resilience (36 minutes) – Mark Armour, Director Global Business Continuity, Brink’s Inc. – watch now