As the global economy continues to change, all organizations and industries must adapt and evolve to stay relevant and successful. Risk management is no exception. Once a siloed department in large companies, risk management is now being formalized and integrated throughout organizations across the world. As this change takes place, risk professionals must adjust to three primary changes: an increasingly uncertain environment, risk management becoming primarily digital, and cultural shifts.
Complex External Environment
The environment is changing faster than ever before in many ways. Technologies are invented and then replaced before organizations can adopt them, clients often expect instant gratification, and every day seems to introduce a new business threat. This turbulent environment poses a difficult challenge for risk professionals. Business disruption is now common, unpredictable, and expensive.
The most drastic shift in the external environment is the unbelievable advancement of technology. Processes are being automated, new systems implemented, and extremely high amounts of data are available for in-depth analysis. While this has brought countless benefits and efficiencies to the risk management industry, it also introduces new threats. An organization cannot adopt every new technology, but they must determine which will add value or risk being left behind innovative competitors. Cyber risk and the abilities of hackers are also growing day by day: cyber crime costs are expected to hit $6 trillion by 2021.
The prevalence of technology has made clients and customers in every industry more socially conscious and aware. They also have higher expectations for personalization and satisfaction. Further, it has never been easier for a dissatisfied customer to voice their concerns: they have access to platforms that can immediately amplify their message across the world. To improve customer service practices, and thus reduce reputational risk, this article from Customer Insight Experience suggests giving front-line workers more power and enabling constant contact.
Another complex area of the external environment is the increase of regulation. New laws and policies, such as the GDPR that has just gone into effect across the European Union, force organizations to adapt and comply to higher standards than ever before. Research from McKinsey and Company has shown that the cost of regulatory risk has increased by 50% over the last five years. Compliance with these new laws can involve significant organizational changes, and failure to do so will result in hefty fines or more severe legal action.
In addition to increased government regulations, risk professionals must navigate political uncertainty and instability. For example, the United Kingdom’s decision to leave the EU will have an impact on organizations everywhere, not just those in Europe. Many organizations are still awaiting news on the Brexit deal to make future strategic decisions.
Finally, the physical environment is undergoing climate change, which has caused natural disasters to become more common and severe. One only needs to consider the hurricane season of 2017 to see the devastating impact such events can have. Even organizations in areas not traditionally affected by natural disasters are encouraged to have preparation plans in place.
Digitization of Risk Management
Risk professionals are beginning to implement new technology and systems across their organizations. Many have begun to use Risk Management Information Systems (RMIS), which are robust and flexible systems built to handle all aspects of risk. There may soon be a basic expectation for all professionals to be adept and comfortable with these systems.
With the introduction of RMIS, there is an emphasis on strategic, high-value activities. Organizations are beginning to automate manual, routine processes such as data entry, basic client communication, and even claims processing. This allows the risk management team to act on data and build risk prediction and mitigation strategies. An impressive example of automation is a European bank that transitioned from a 95% manual decision-making process that required two weeks approval time to an automated process that reduced approval time for 60% of decisions to less than a minute. More details on this case can be found in McKinsey's report "The Future of Risk Management in a Digital Era".
Data management has primarily moved to online sources. There is such a wealth of information available, collected from many sources, that manual entry into spreadsheets is no longer adequate. This trend has increased data integrity, but it can be difficult to know what information is most relevant. Organizations using outdated data processes run the risk of falling behind competitors that use their data in real-time to make strategic decisions.
Increased data access has resulted in increased analytics. Reports and dashboards can now be automated and viewed in real-time to ensure that the organization is making decisions based on the best information available. Visual tools are becoming more important to showcase results and improvement. These advanced analytics allow risk professionals to identify trouble areas, realize opportunities, and monitor the impact of their actions.
In order to adapt to this complex and digital environment, risk professionals as well as their departments have gone through some cultural shifts.
Risk professionals are being held to higher expectations and given more responsibilities. No longer simply insurance purchasers or risk preventers, they are now responsible for predicting future risks based on industry knowledge and trends. (Read: "Tomorrow's Risk Manager: Purchaser, Protector, Predictor".) Top management fully supports the risk management process and wants to see actionable data and results. To manage this shift, risk professionals and their teams have become more agile and flexible in their work and mindset.
A safety and risk culture is becoming more common throughout organizations. Risk management is no longer the sole responsibility of an isolated team; it belongs to everybody. Risk systems and frameworks have been formalized and integrated throughout many departments, such as finance, purchasing, legal, operations, and marketing. Employees collaborate with those from different departments or regions to identify opportunities and trends.
Collaboration is also growing between risk teams and their external partners or even customers. It is not uncommon to see multiple links in a supply chain, for example, working together to reduce risk across the board.
The organization’s view of risk itself has also changed. Instead of a fear-based compliance issue, it is now seen as a way to increase performance and value. Risk professionals determine and encourage an appropriate level of risk-taking in order to balance the level of risk and reward. Being overcautious prevents an organization from obtaining the benefits of risk-taking, such as uncovering new ideas, as outlined in this piece by Huffington Post. Risk prediction and resilience have become just as important as risk mitigation. Risk prediction often stems from trend analysis and industry knowledge. Resilience, or an organization’s ability to make a risk’s impact less severe and survive the outcome, can be accomplished through careful preparation and planning.
Adapting to These Changes
With all this in mind, how can a risk professional prepare for this new and continuously evolving landscape?
As always, risk professionals require an in-depth knowledge of all potential risks. Today, there should be an additional emphasis on emerging risks as well as current trends in technology, politics, and other relevant external factors. This information can be obtained from external research, industry monitoring, or even internal professionals. This collection of the best risk management blogs and news sites is an excellent start.
There’s a need to develop new strategies for proactive risk management. Professionals should take advantage of new technology to streamline their processes and spend their time on high-value activities, such as creating and practicing business continuity plans for likely (and unlikely) scenarios. The risk team should develop a vision for the digitization process to ensure they are taking advantage of all relevant opportunities to increase analysis and resilience. Organizations can also explore new types of risk transfer, such as cyber insurance: a new development expected to soon become as common as general liability insurance. Check out this site on cyber liability for more information.
Organizations should seek out new talent that is competent in both technology and business. Innovation and experimentation should be encouraged, so unique, value-adding strategies will come to light.
To match the change in culture, risk professionals should promote better communication across the organization, including horizontally between departments. Data and information about risk should be readily shared to any authorized team member that could find it beneficial, and networking relationships can be formed.
Above all, risk professionals should commit to continued learning and change. A person who is most comfortable in a stable environment would perhaps be better suited to another industry. New activities need to be compounded with traditional risk management practices.
If a risk professional can successfully modify their department to accommodate these changes, their organization is well equipped to survive in today’s environment. Of course, tomorrow’s environment may be vastly different. The one fact organizations must keep top of mind as they pursue risk management is to be prepared for change.
ClearRisk’s Risk Management Information System can help professionals navigate even the most complex risk landscape. With automated workflows and processes, in-depth data analytics, and constant updates to match each day’s unique environment, any organization looking to move forward with their risk management processes can benefit from our solutions.