As I reflect on an article I wrote in 2018 on “Turning Risk and Compliance function into a competitive edge”, I notice that the world has significantly changed over the last five years due to black swan events (like Covid-19), geopolitical upheavals affecting supply chains (like situation in Middle east and Eastern Europe) and tech advances (like AI, robotics) have reshaped the risk landscape. Risk professionals must now adapt faster than ever to navigate these disruptions to ensure business resilience.
Here, I highlight five aspects that can help us better prepare for the future:
1. Single Lens on Business Objectives:
Organizations excel when they prioritize business objectives and obsess over solving real-life problems. As Risk professionals, we must view all our deliverables (e.g., risk frameworks, methodologies, policies) through the same lens and align them with business owner objectives. For example, each item in the risk and control self-assessment (RCSA) should link to a business problem and how it mitigates the risk of not achieving a business goal. This alignment ensures that business owners better appreciate risk and control functions and helps maintain organizational focus.
2. Customer Centricity:
While most commercial entities claim to focus on customers, this focus often gets diluted throughout the operational value chain. A customer request may bounce between functions due to internal processes, delaying outcomes. Moving forward, it’s crucial for us to perform risk assessment on processes with focus on customer requirements (beyond standardized risk events) and create a unified mitigation strategy from a customer’s perspective. This approach can help management break down silos and re-evaluate risk appetites.
3. AI and Technology:
AI and technology are now intertwined with our operations, with most major tech companies incorporating AI plugins into their tools. On a broader scale, technology has become foundational to the economy, from consumer activities (e.g., authentication at airports to e-commerce). This development creates two imperatives for risk and control professionals:
a) Systems and processes are now major sources of risk, particularly regarding customer privacy, data security, and cyber threats,
b) Shorter lead times for providing mitigation and addressing issues due to the fast-paced digital economy.
4. Continuous Education: Risk professionals must continuously upskill and become more tech-savvy, either by taking short courses on systems or databases or by taking on additional roles within different departments (think “wearing two hats”) such as operations or financial control. This will help professionals relate to business challenges and gain specialized skills.
5. Proactive Engagement and Governance:
Despite the changes taking place, one constant is the importance of strong governance. This involves establishing adequate, fit-for-purpose structures and teams to maintain oversight of the business. Additionally, risk and control teams must proactively engage with business leaders (e.g. predictive monitoring systems or reporting dashboards) periodic scorecard management before things “take a turn for the worse.”
Conclusion:
The demand for Risk professionals will continue to grow due to the uncertain and volatile nature of the 21st-century economy. It’s up to us to seize the day!
