To print this article, all you need to do is be registered or log in to Mondaq.com.
Risk appetite, culture and accountability are key to establishing a proactive, value-added risk management function.
At the heart of any entrepreneurial endeavor is the fundamental relationship between risk and reward. And while every successful company has minds at its head who have managed risk, differences in the maturity of risk functions between different companies abound. Although the most mature risk models manage risk effectively and efficiently, we believe that today’s organizations need to rethink risk management so that it becomes a value creator in its own right.
The risk landscape facing our businesses is indeed rich. Key areas of risk include cybersecurity, sustainable finance, regulatory, people, operational resilience, fraud and financial crime, third party management, to name a few of the risks currently consuming the major part of the bandwidth of the three lines of defense within organizations. Added to this are areas of risk that have existed for years and continue to require our attention: credit, liquidity, corporate governance.
Today’s chief risk officer must keep an eye on a growing list of risks: some will become increasingly important, others will be more stable, and others will become less relevant over time. And while the list of ‘back of the envelope’ risks presented above will apply to different industries in different ways, implication is inevitable – the risk function plays a crucial role in helping the business manage its risks.
In all of this, risk management is usually structurally separated from front-line decision-making. Often, risk functions are reactive and viewed by business decision makers as those that “put the brakes on” business. While some organizations manage to bridge this gap when making initial investment decisions, fewer manage to maintain that strong partnership bond between First and Second Line for ongoing risk (and compliance) processes. It is certainly not the optimal use of the resources employed to manage the risks. It’s time to unleash the hidden potential in risky jobs.
The greatest value to be obtained from the risk function is when gambling is believed to be one of the opportunityinstead of riskone of proactivity rather than reactivity. Seizing opportunities means that every risk decision becomes a means not only to achieve business growth, but also to gain the trust of external stakeholders. An “offensive” posture consists of spotting potential risks early, making good strategic decisions thanks to information drawn from useful and relevant data.
To achieve this change in risk management, the company must take the right measures in terms of Risk appetite, risk culture and Risk responsibility.
Risk appetite needs to be defined from the top and translated into an enterprise-wide risk strategy and risk management framework. It must also be communicated firmly, unequivocally and consistently to all levels of the organization, including the Board of Directors. This communication can take various forms ranging from print/online messaging to information sessions and ongoing alignment of compensation, incentives and KPIs with this appetite to ensure appropriate behavior is reinforced. Despite the pressures to do so, organizations cannot fall into the trap of achieving short-term goals without considering long-term ones.
Establishing the right risk culture is also key to enabling risk management to deliver greater value. The culture of risk within companies tends to oscillate from one extreme to the other. And right now, with the most scrutiny from external stakeholders, risk functions (and the workforce in general) tend to be very risk averse. Rather, we should aim to make the organization “risk aware”: fully informed of the entity’s risk appetite, the business should be in the hands of people who are fully aware of the risks and the parameters within which operate and seize opportunities.
This leads to the reversal of the siled way in which business functions often operate from risk and compliance functions. Risk management should certainly not be the sole responsibility of the second line – it is the responsibility of everyone within the organization. For their part, second line functions must continue to foster a valuable business partnership with the first line, keeping business objectives at the center of the day-to-day execution of their work.
Changing the mindset to proactively manage risk requires a transformation that will launch the risk management approach your organization needs to have in place. KPMG’s risk function reference model is based on a number of components covering:
- the general elements of the strategy, vision and risk management framework;
- the organizational framework of the function;
- operational and day-to-day elements of the function; and,
- performance monitoring in place for the function.
Data and technology underpin the success of this transformation. Important data is created within organizations – but without proper tools, data mining becomes impossible. The right technology enables the organization and analysis of this data, while ensuring that data quality is maintained at a high level. When a platform allows different parts of the entity to access this data, further alignment of different parts of the business is achieved. One such application is KPMG’s Risk Hub, a managed service developed through a global alliance with IBM. Risk Hub is particularly powerful in that it integrates information and data at all levels of the company and provides users with a holistic view of risk. Risk Hub uses artificial intelligence capabilities to provide continuous monitoring of an organization’s risk profile, as well as to automate a number of processes to free people to focus on higher value tasks added.
Achieving this transformation will not happen overnight. It needs a clearly designed trajectory, proportionate investments and continuous monitoring. It is, however, the path that leads to a return to the resources employed in a risk function because it makes it possible to identify and seize opportunities.
The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.
POPULAR ARTICLES ON: Performance of Malta Legal Department