Unnikrishnan P, Global Director – IT & Financial Risk Advisory Services, Hewlett-Packard
The complexity of today’s business is a key contributor to heightened risk exposure for organizations. Higher complexity also means the creation of new risks or mutation of existing risks leading to businesses not meeting their objectives. Organizations are increasingly re-defining their risk management approach to keep pace with the change in the business environment and adapt to the surrounding complexities to maintain relevance and demonstrate value. Organizations have started to look at risk management, not only through a ‘Compliance’ lens, but also as a driver of value and to ensure survival in a competitive business environment.
The two key things, among others, successful companies do are managing risks proactively and adapting themselves quickly to the changing market conditions. The payoffs of managing risks are bountiful and companies are focused on risk management activities.
In this article, I am outlining some of the emerging trends in risk management that will have an influence on business outcomes across industry segments in the coming years.
#1: Technology, a source of risk and an enabler for effective risk management
Traditionally, the business models were enabled through the use of technology. Today, innovative technology drives new business models. Technology is increasingly becoming the source of business disruption for e.g. Uber is using technology to disrupt the taxi market, Amazon uses technology effectively to disrupt traditional retailers. In the realm of risk management, technology has dual emerging considerations. One, wherein technology is playing a key role in transforming firms to move from compliance to performance and adopting more effective and efficient risk management practices. Other emerging consideration for risk managers, is to look at the rapidly changing technology landscape as a source of significant risk to the organization’s existing business model and long-term survival.
#2: Convergence of risk oversight with strategic planning
Organizations appear to be struggling to integrate their risk oversight with their strategy development and execution. There needs to be explicit focus on the interrelationship of risk-taking, strategy development and execution. Looking at the relationship of risk and return, organizations are extensively considering risk management inputs for strategic planning. Emerging trends to this regard are, boards embedding risk oversight into the management compensation structure and Chief Risk Officers (CROs) expected to validate the assumptions underlying strategy and use this to advise the business on risk taking.
#3: Treasury as a strategic business partner
Proactively managing risks have led to changes in the responsibility of many groups within the organization. One of the trends we see related to risk management is, the role played by treasury dept. Treasury is becoming more of a business partner, working with business units and across functions to ensure that sound decisions are made, particularly in the realm of financial risk management. Today treasurers are moving away from merely focusing on liquidity issues to becoming more strategic for the organization. They present to Board, work closely with top executives, business unit heads, Procurement etc. to increase the overall organizational risk intelligence. For example, corporate treasurers are working with Procurement for commodity risk management to mitigate risks beyond Procurement driven supply chain negotiations with vendors that can adversely impact margins due to supplies price fluctuation.
#4: Risk Analytics: data-driven risk management
One of the emerging trends in risk management is Risk Analytics i.e. use of advanced analytics and data mining techniques to achieve risk management objectives. Organizations are increasingly focused on using a data-driven approach for unlocking the maximum amount of information hidden in their data to effectively manage their risks. The key benefits of risk analytics are the ability to expand risk factors to include granular specifications which provide a more holistic and factual basis for risk management. Additionally, it can be used to supplement behavioral scorecards with predictive models to analyze transactions in order to further refine and enhance early warning signs.
#5: Increasing role of Board in defining risk management strategy
Boards are demanding an integrated view of risk across the enterprise. Enterprise Risk Management (ERM) is an adoption of a holistic approach to risk management. ERM is different from traditional approaches that focus on risk oversight by managing silos or distinct pockets of risks. ERM emphasizes a top-down, enterprise-wide view of the inventory of key risk exposures potentially affecting an organization’s ability to achieve its objectives.In coming days, Board would expect that an effective ERM process will be an informative tool for them to execute their strategic plan.
#6: Focus on emerging risks
Many organizations do no formal assessments of emerging strategic, market, or industry risks. Organizations need to be more proactive in integrating emerging risks into daily business operations. It’s not enough to focus only on those events for which the probability of occurrence and likely impacts can be identified. Risk assessment is largely inward focused as compared to being forward looking and externally focused. Detailed analysis of competitor strategies/ benchmarking and scenario planning are not widely used. Organizations now have started evaluating the “unknowns” by identifying exposure and correlation between external trends and risks that could ultimately result in a catastrophic impact on their own survival. Some organizations use scenario planning and stress testing extensively in their risk assessments to objectively evaluate impact due to emerging risks.
#7: Increased regulatory compliance requirements
Organizations across the globe understand that regulatory compliance is an important and critical concern. As the regulations change, there is a greater focus on transparency and an increased risk of non-compliance. Compliance to Dodd-Frank, IFRS, Basel III, etc. influence organizational decision making. Going forward, compliance to newer or changing regulations will be a critical component driving risk oversight within an organization.
The inclusion of risk management into the mainstream helps the organization play more offensively. Businesses are beginning to look at risk management as a value add rather than simply protecting the business from risk. Successful organizations view risk management as a strategic component of their value chain, delivering long-term sustainable growth and innovation.