No one can truly predict what a year will hold, yet that is often the job of risk managers. But while predicting the future is a tall task, preparing for it is considerably more manageable – if the right processes and toolkits are in place. The ability to identify and manage risk throughout an organisation is becoming more and more important. With that in mind, we have identified four trends that will help define risk attitudes during 2018:
Governance and Compliance will be the top risk
Governance and compliance will be at the top of company agendas in 2018, for two reasons. First there is the invigorating reaction against corruption in South Africa. We are seeing high-level executives finally being reminded that they have responsibilities and that there are consequences for ignoring those. At the same time, the local Protection of Personal Information act (POPI) and Europe’s General Data Protection Regulation (GDPR) come into effect this year. These carry stiff penalties for not looking after private and confidential data. Their successful implementation will depend on a solid compliance foundation.
Yet establishing good governance and compliance is not easy. It will require a reliable and shared view of the risks on an organisation. The agile and effective character of modern cloud software fits perfectly into this mould, as it allows companies to scale and grow their view at a managed pace.
Speed to mitigate will be an important benchmark
Of all the moving parts in risk, mitigation is arguably the most fundamental. If you don’t intend to avoid or lessen risk impact, risk management is pointless. But mitigation is also the hardest: it requires timely identification and study of a risk, then implementing remedial action while keeping the main strategy on point. This is perhaps why risk management is such a colossal and slow-moving exercise, because identifying and delivering on mitigation isn’t simple.
Yet the world is not standing still, and serious risks manifest more quickly. In order to mitigate that, companies need to understand risk on their terms and respond with speed. Here the role of scaling, cloud-based risk identification and integration applications is crucial. They enable a company to aggregate and collate risk data across its landscape. Analysts and decision makers are able to spot and respond to risks with greater effect and clarity. The world sets the pace, but with risk management integration platforms, the business gets the full picture to respond in kind.
Cultivating a risk-responsive culture
An accelerating environment is the main generator of risk for current businesses. Unless a company is able to spot and mitigate a risk as it appears, chances are it won’t be able to sidestep those problems. Though long-term and consistent risks will always be there, it’s the unexpected risks that are becoming more frequent.
Here companies already have an invaluable asset: the eyes, ears and minds of their people. All too often companies miss risk not because the risk wasn’t obvious, but because its culture lacked the ability to raise, identify and escalate risk in a timely manner. Empowering employees to bring their expertise into the equation is crucial. This is most often a toolset problem, solved by using cloud-based risk aggregation platforms that can mould to fit the specifics of a business’ department or roles.
Boards and risk officers will need a single truth
Risk professionals are often cast as conservative types who don’t like taking chances. But in an Economist Intelligence Unit survey of boardrooms a few years ago, 40 percent of board members said a higher focus from the board on risk management appears to stifle the business. In contrast, risk officers are more likely to advocate chances. Of course, a risk failure ultimately falls on the shoulders of boards and the Exco, which is why they are less likely to approve of maverick moves. The problem here is that boards and risk managers often don’t share the same view.
Having risk-centric individuals higher up the organisation helps, but this still has a limited impact. A better approach is to get everyone on the same page – often called the ‘single view’ or ‘single truth’. Again, applications can come to the rescue. A major function of a risk management platform is to aggregate risk data, then present it in the format that specific roles require. Boards don’t need every nuance that concern risk officers, but there is significant overlap between the two. Identifying those overlaps and making them the key areas of focus is highly effective, yet unachievable without a fluid technology platform behind it. That is both possible and affordable today, and the companies that adopt these platforms will have the competitive edge.
Risk data no longer belongs exclusively in silos. Such intelligence can flow across the organisation, bringing insight to those who need it – and it can begin with a small proof of concept deployment. Don’t let 2018 overrun your business. Try Riskonnect, implemented and managed by thryve.