The risk management processes and practices of organisations across Australia are under siege. As we hurdle towards the future of work, it’s time that we update our approaches to grapple with a new reality. The concept of risk evolves over time – naturally, organisations must follow suit.
The standard corporate governance model is defined by three key pillars: Front-line staff, the risk management and compliance function and the internal audit department. For years, this system has served its adherents perfectly well. But like any system or process, it is vulnerable to time.
Things don’t stay the same. They never have and they never will. In fact, as we move further and further into the future, things will change at a rate that we have never before had to deal with.
As soon as our reality alters, we have two options: adapt our current practices and processes to meet new demands or modify the approach entirely so that it is perfectly calibrated with the new reality.
As is becoming clear to executives across Australia, the evolution in risk management strategies that is required is sizeable and absolutely necessary.
We all know that the global business environment is facing more risks than ever. According to Protiviti’s Executive Perspectives on Top Risks 2019 report, survey respondents indicated that they considered 2019 ‘riskier’ than both 2018 and 2017. This trend shows no signs of changing into the future. Similarly, the report shows that concerns about certain risks are intensifying. For example, the issue of IT infrastructure not being able to meet future performance expectations rose from 10th to 1st in terms of the risks causing the most worry for survey respondents.
But these findings do very little in getting to the core of the problem facing organisations today. James Dunn puts this issue perfectly:
“Not only does the range of risks the modern company faces get ever broader, risk comes at the modern company fast. And that can become an additional risk in itself.”
Dunn’s quote does a whole lot more than highlight how the risks themselves are changing and becoming more intense: rather, it focuses on how risks are emerging at a speed that organisations have never had to deal with. Part of what makes a risk so pressing is an organisation’s incapacity to manage it; if the rate at which they come about makes it impossible to deal with, then organisations become dangerously vulnerable.
So, it is against this backdrop that we argue that risk management practices must be updated. If they don’t, organisations could become overwhelmed.
The Future of Risk Management
In Dunn’s article, he quotes Sally Herman (non-executive director at Suncorp Group Limited) who said “any organisation has to think about risk as a core part of doing its job which means it can’t be the responsibility of some faceless department in the centre.”
Herman gets right to the centre of the resolution. For too long, risk has been treated as the responsibility of a centralised component of an organisation. How can we expect one body to deal with multiple, vastly divergent risks across an entire organisation? Moreover, if new risks are popping up at every turn, it is unrealistic to think that each and every issue can be successfully identified and managed by a body somewhat removed from the everyday functioning of the organisation.
Risk thinking and management, thus, needs to be spread thinly across the entire organisation. You need risk-oriented leaders on the front line and in every team to ensure that your organisation’s vulnerabilities are being considered at every turn.
Organisations of the future need to be fluid. Structures remain important in terms of getting the most out of teams but the same is not true of individuals. The time for executives who are experts in only one field has passed. We need leaders who are masters across the board – who display risk thinking in combination with a whole range of other qualities.
Humankind has arrived at where it is today through a process of evolution. For both organisations and leaders, the time has come for change.
Risks are everywhere. Therefore, risk-thinkers must be, too.
