As technology revolutionises the way organisations function and brings competition from all areas of the globe, the array of new risks to pre-empt and mitigate is vast. The risk function has long supported leadership by assessing and warning of the risks that could impact an organisation’s ability to fulfil its strategy. However, in this challenging environment, it’s time for risk to step forward and take a leadership role of its own.
Martin Green, Partner, Advisory at KPMG says risk teams of the future need to up skill now, and demonstrate the powerful insight that risk can offer in this disruptive environment.
“As organisations become more complex, and data influences more decision making, the need for chief risk officers (CROs) and their teams to take a strategic position is fundamental,” he says. “Businesses will need people who understand the bigger picture, how to turn data into business intelligence, and how to manage risk.”
New regulations can be costly and they usually require new data – data that can be tapped to better understand and grow the business. CROs should seize the opportunity to be a more proactive player in this environment, to help shape policies and processes, realise better insight and at times competitive advantage.
“When you look at actuarial modelling, risk management, planning and integrated reporting requirements, companies should be asking themselves ‘what are ways we can leverage these changes to rethink how we look at value and how can we better serve our customers?’,” Green says.
As technology speeds up and customer demands grow, emerging risks such as cyber risk and reputational risk are becoming more prevalent. There is also a need for organisations to take calculated risks, perhaps in finding new markets or innovating new products, in order to remain competitive.
“To do that, the risk function needs to change the way it operates and the risk professionals must broaden their skills,” Green says.
For risk to take a leadership role, understanding technology is vital – both in terms of how the organisation is engaging it, and how the risk function itself uses it to be more insightful and efficient. Anu Kukar, Director, Advisory at KPMG says an obvious change needed is how the risk functions test and measure control environments in a digital world.
“As new risks and controls are required, the risk professional of today can’t just go and test or monitor the controls, or monitor risk the way that they have traditionally done,” she says. “They need to understand how to undertake that process with the digital and technology based controls or create new digital/technology based controls.”
In addition to embracing technology, the risk teams of the future will need to adopt a strategic outlook beyond the risk function and into the whole business. Green explains that they must have involvement in how the broader business operates, the value drivers and aligning risk thinking with the overall strategy.
“What the leaders of businesses are seeking from CROs and their risk teams is the ability to really understand where technology and data can be valuable to the business, and where can you turn that data into better business intelligence around risk. This will ensure the CROs and the broader risk function are considered to be more value adding,” he says.
A KPMG survey of nearly 1300 CEOs, the Global CEO Outlook 2016, showed that risk leaders need more tailored personal development training to ensure they are equipped to be front and centre. Green says there was a view that many CROs didn’t have the depth of knowledge to step up to the role of chief executive officer, for example.
“As a result, many organisations are trying to put in place the appropriate talent and capability frameworks that help people in their career pathways to become more rounded in their skills – the behavioural and strategic capabilities can often be more important than simply the technical capabilities,” Green says.
Kukar says organisations need to do a ‘current state’ assessment of where their risk function is positioned in terms of leadership ability. They should assess the skills and behaviours that are required for the organisation and implement a tailored leadership action plan.
A common skill that risk teams of the future need to develop is agility.
“Risk teams must learn how to adapt and be agile in how they assess risk and support their business partners,” Kukar says.
A second skill flows on from this, and includes the need to adopt and develop new processes that deal with ambiguity and uncertainty.
“With all this disruption, social media and cyber-attacks, risk will need a way to deal with the changing business environment,” she says.
A third skill is to move from expertise silos (i.e. strictly focusing on one type of risk) into a broader view of risk. They must consider the interlinking risks across an organisation and the dynamic nature of risk.
“The risk function needs to adopt the mindset of continuous learning about what is changing in the world,” she says.
The change required to create well-equipped risk leaders of the future is significant. Kukar says the challenge is largely because it requires disruption of the risk team itself.
“Until today, the risk people have been rewarded in their jobs for being technical experts. And we are saying that is not the way forward. You are disrupting something in its entirety,” she says.
Mike Ritchie, Partner, Advisory at KPMG says the change must be supported by the broader leadership, and must fit into the organisation as a whole to be a success.
“Some organisations are not even thinking of the risk transformation on a holistic level,” he says. “This will lead to a situation where the organisation limits the benefits they can achieve.”
Moving the risk function to the front and centre of leadership will take effort, but the benefit for the function and for the organisation could be vast. Green says the most advantageous change is holistic and sustainable.
“How do you think about it in terms of quality of services – what can we do for our customers? What is in it for our shareholders? How can it impact the cost of production? What is the employee value proposition? How are we improving the quality of our people? Can it change career opportunities?” he says.
Kukar says building risk teams of the future can reduce the noise around the value that the risk function adds to the business.
“This can allow risk to be a function that that is key for decisions around strategy and growth of the business,” she says.
Ritchie echoes this sentiment.
“It is about making risk relevant to the critical thinking of the business. It is about a true partnership. Having the risk function as a leadership role in the business is critical, rather than risk being the handbrake.”
In addition to preparing risk leaders of the future, the risk function must reposition itself to bring powerful added value to organisations beyond compliance. Find out more in our article Adding value – the next frontier for risk.