Risk managers must play strategic game to avoid overload in polycrisis
Profession under stress as risks mount
Risk managers are coming under huge strain from the never-ending polycrisis but can meet this challenge, and shouldn’t fear overload, as long as they adapt and focus on best practice, say leading figures from risk management associations.
The experts told Commercial Risk Europe that risk managers must collaborate, not least through their associations, to help each other through this difficult time. It is also vital that they prioritise risk, think long and short term and make use of new technology, while leaning on insurers and other risk experts for advice.
Crucially, risk professionals were urged to take advantage of their growing prominence to drive strategic risk management, despite some barriers still in their way.
The comments followed news that advisory firm Control Risks believes risk management overload is one of the top five risks facing companies this year, as they deal with the ongoing polycrisis and mounting global tensions. It warned that the sheer number and diversity of crisis events anticipated this year will test the resilience of risk management functions like never before.
Risk management therefore faces overload, under pressure of rising expectations from boards, partners, customers and even employees, argues Control Risk. And all this while organisations are focused on reducing costs. But the company was clear that overload is not inevitable if risk managers reboot their operations and take advantage of their rising status.
Franck Baron, president of the International Federation of Insurance and Risk Management Associations (Ifrima) and board member of the pan-Asian association Parima, agrees that the big risk facing his profession is adapting to what he called the “permacrisis”.
Ferma CEO Typhaine Beaupérin said companies and risk managers are coming under “huge strain on a multitude of risk fronts”, ranging from the deteriorating global outlook and potentially irreversible environmental changes, to growing polarisation, evolving technological threats and expanding geopolitical tensions.
Julia Graham, former Ferma president and now CEO of UK risk management association Airmic, said today’s risk landscape can feel overwhelming as organisations bounce from “one major risk-fuelled event to another”. She said risk managers could be forgiven for feeling like they are working in a “risk pin-ball machine”.
And Carlo Cosimi, president of Italian risk management association Anra, agreed that a host of international, systemic polycrises and widespread geopolitical tensions are putting a real strain on corporate resilience and internal control systems, not least risk management.
But he and others clearly believe that while things are tougher than ever before, risk management overload can be avoided if companies and risk professionals take the right course of action.
“Action must be taken on two levels,” said Cosimi, who is head of group risk and insurance at Italian multinational engineering group Maire Tecnimont. “We need to spread the culture of risk in an increasingly pervasive way in the company system at all levels, to strengthen the ability of each risk owner to deal with risks and strengthen the structures of the first line of defense.”
“We must also acknowledge that the situations within the polycrisis are not short term but are destined to become permanent… where the ability of companies to compete in the long term will lie precisely in their ability to manage risks and opportunities,” he added.
Jurrit Herber, board member at Swiss risk management association Sirm and head of risk at Eviosys, said the polycrisis is making life more complicated for risk managers and risks harder to manage, but he doesn’t fear overload as long as his profession can adapt.
He urged his peers to come together, not least through national and regional associations, to help each other and share best practice, and stressed that risk engineering services from insurers are more important than ever.
“Yes, there are so many events creating the polycrisis where the sum of all the risks exceeds the individual risk. But is it too much to manage? Of course not. Is it harder to manage? Clearly yes,” he said.
“We need to lean on our fellow risk managers for help and advice, and to share solutions. That is why risk management associations are now vital, so we can come together to organise workshops and training sessions to share our knowledge. Instead of each of us inventing our own wheel, we should share the knowledge. Everyone has a piece of the puzzle and together we can complete the jigsaw,” he continued.
“So while we can’t manage the macro risks, we can partially mitigate the risk on our company. We can come together so we are confident that as far as possible we have been able to manage a specific risk within the polycrisis and the impact on our company to a more tolerable level,” added Herber.
He said this will require more flexibility from risk managers and the range of experts that help them do their job – particularly insurers. “Insurance companies need to step up more, especially when it comes to risk engineering. These risk engineering services have always been vital but they are now more vital than ever,” he said.
Baron said risk managers must break down silos, boost collaboration, receive a clear risk strategy from the top and use emerging technology to overcome the permacrisis.
“Permacrisis is certainly an apt descriptor of the state of the world. High energy prices, supply chain issues, inflation, geopolitical conflicts, pandemic impacts, climate change, natural catastrophes and cyberattacks all seem to be combining to create one big, interconnected mess, where risks collide and their interdependence is strongly felt,” said Baron, who is risk manager for International SOS.
“This calls for silo-breaking, collaboration with other departments, clear strategic risk guidance from top management and use of new technologies to adapt and cope with this new level of volume and magnitude. This is where GenAi can help,” he added.
Graham said there are ways to play and win the “risk pinball” game. “Today, the risk professional’s answer to winning the ‘risk game’ is to not play alone, to look at the short and the longer-term horizon and think about the tactics and patterns of how the game works,” she said.
“And you must not overly obsess about the downside of moves in the game to the exclusion of using opportunities. We can deploy tools, techniques and standards that exist and can still be very useful, but enhance these by appreciating the technology used in the machine on which the game is played,” she added.
Graham agreed with others that it is vital risk managers collaborate to manage risk, working with peer professionals and organisations that have shared but different experiences and outlooks. “We need to harness knowledge and experience that collectively can help to create and protect value – which remain at the heart of managing risk,” she said.
Ferma CEO Beaupérin believes risk managers can put organisations ahead of the risk curve by helping to plan and collaborate at strategic level. Risk professionals need to put in place comprehensive plans for priority risks that can reduce their impact, while also facilitating potential restructuring to become more resilient, she added.
“The key disciplines of risk management – the ability to monitor the risk landscape continuously, to identify risks in advance across the entire value chain, to quantify the potential exposures, and to prioritise risk mitigation and management activities – are paramount to the ability of organisations to build the level of resilience required to withstand this extremely pressurised environment,” said Beaupérin.
But she said there is still “much work that needs to be done” to ensure organisations can adapt their business models to “effectively address the unique and evolving dynamics of a world on the brink of polycrisis and to position the risk manager as a central component of the strategic decision-making process that supports that adaptation”.
She added that despite the growing prominence of risk managers, not least as the polycrises mount, it is important to recognise that the transition to strategic risk management is still evolving and the profession has not yet scaled the peak.
Graham agreed that there remain barriers to strategic risk management within many companies. She believes some of these barriers are self-imposed by risk professionals. Firstly, risk management is still not universally regarded as a profession, which is not helped by operational terms like risk manager. In addition, there is often too strong a focus on insurance buying, which is an important part of the job but increasingly limiting as the risk protection gap widens, she added.
Herber agrees with Control Risk and his peers that risk professionals can take advantage of their rising prominence since the start of the polycrisis and Covid-19 to help ensure their function is heard and delivers at the strategic level. But he cautioned against overplaying your hand.
“There is momentum to drive risk management, but if you bombard management with too much information it will be overkill, in my opinion. Yes, you have a spot at the top table now and people are much more happy to listen and discuss topics, but that doesn’t mean you should overdo it. You need to gradually progress and point out the importance of your risk management. And then going forward, board members will accept that this is a crucial function within the organisation that you should weave within the everyday working structure of the company,” he said.
Graham also urged risks managers to tread carefully when dealing with the board and top management.
“Risk professionals are now well positioned to lead the strategic risk charge – as typically curious and courageous. However, being courageous can be a top five risk for risk professionals and the organisations they work for if the risk professional doesn’t have the competence and justification to be professionally confident. If you don’t understand what you’re doing, why you’re doing it, and misuse the trust of others and take them with you unwisely, any invitation to the boardroom might be a one-off, not-to-be-repeated risk management experience,” she said.