Change has always been a common part of business; and yet today, companies are feeling overwhelmed by the pace of development and technological change. As a consequence, only a few risk departments think they are adequately prepared for technological change, and that they also enjoy the support of their organization. In such circumstances, how will we manage the risks tomorrow?
What are the biggest challenges ahead?
Let’s go back to the beginning. If we aim to manage risks well, we must first know which risks need managing. What are the biggest challenges for our company? When looking at various survey results, I came across some interesting information.
The Risk Survey in Organizations for 2025 found that the greatest uncertainty lies in the technological change. The fact is, we now live in an era of new technologies, reaching from self-driving cars to medical consultations online. Internet of things (IoT), blockchain, artificial intelligence (AI), robotics and big data are already changing the way we work, and how we work and therefore represent both, opportunity as well as risk. However, five to ten years is a very long period to predict. Who in 2009 could have imagined the scope of success for companies like Uber and Airbnb?
The survey also found that only 24 respondents said they evaluate the risks. Only 20 percent use risk modeling, and 12 percent said they didn’t have a formalized process for identifying risks. Below there is a list of issues that businesses consider the most pressing, and as you can see, after a few years of pause, the economic crisis is again in the first place.
These are the risks that companies are facing. However, the obstacle that most of them will have to cross is the change in the traditional mindset of risk managers and all those who manage the business so they begin to perceive risk as an opportunity to achieve business goals more effectively. In doing so, risk management will no longer be a mere “reporting”, but a shift on to understanding where and why each problem arises, and what are the necessary challenges to overcome similar problems.
To do this, we will need to integrate risk management into the core of a particular business and its decision-making. This paradigm shift will place risk management at the value chain higher, as risks will become part of the discussion at the highest levels. Then, the risk managers will be able to provide a deeper analysis of breaches and give the managers the means to understand how and where the strategy implementation leads to failure, rather than simply reporting the risk values. Likewise, such a risk management system will already to some extent include culture, involvement in strategy formulation and value creation as part of the risk management agenda. Only that way, organizations will be able to move from preventive behavior to integrating the risk appetite debate into the decision-making phase, which will enable them to consciously consider the risks and their impact.
This is why, despite the negative outlook and the significant rise in the number of risks, my answer to the question of how will we manage risks tomorrow is – better. Why? Because we will be equipped with the right information at all times, and able to make better decisions.
To know where we are going, we first need to learn where we are (and were)
The first risk managers were merely buying insurance for their businesses. They were dealing with a so-called net risk, which describes potential losses that occur in the event of fires, floods or lawsuits for defective products. All those liabilities were then protected by the company through a proper form of insurance. That is why it is often said that the traditional concept of risk management is only related to the identification of the risks in the business environment, and risk management through the mitigation controls.
Nevertheless, the approached changed over time. If the system in 2013 was still focused on internal risk controls, the modern system is already focused on enterprise-level risks and is therefore much broader. It no longer deals with net risks, but also with speculative risks.
These include business risks, such as currency fluctuations, market embargoes, and damage to reputation, or in other words, the types of risks where companies are not only hedging against losses but are also looking for profit opportunities. This type of risk management can also be called entrepreneurial risk management and has gained considerable momentum in recent years.
What does the “new” approach to risk management bring?
Today, in small and mid-sized companies, the responsibility for managing insurance, security, and risks is usually transferred to the employee in the company’s finance department. Similarly, in larger companies, the HR directors are hired to take care of business risks. An improved process will lead to a positive outlook for risk management only when companies understand and decipher how risks positively affect their business.
Increased involvement of risk managers in achieving the business goals will also mean that the risk managers will once know risks better than the staff. At the same time, this means increased involvement of risk managers in achieving the business goals of the organization.
What will be the role of the digitalization?
In my opinion, the digitalization of risk management is also the key to answering the question of how we will manage risks in the future, since the process, and therefore the entire experience will significantly change. We may be risk managers or even CEOs today, however tomorrow we will all do our jobs differently:
– Risk managers will be able to focus on more strategic and high-value decisions as the routine work will be automated, with fewer exceptions that require manual management. Using advanced analytics, they will be able to visualize information that is difficult today (such as demanding correlations and trend analyses) to help an organization or department optimize their decisions and offerings.
– We will introduce a centralized “brain” center representing a central information point that will be able to learn intelligently and provide us with improved connectivity and extraordinary risk sensing (credit, market and operational). The assessment of these risks will be immediate, followed by the establishment of risk mitigation strategies and dynamic adaptation to constraints. Such a center will, therefore, improve the identification of future risks and the management of different types of risks. The risk managers will use their own highly customizable displays to access these centers which can delve into the most important numbers and perform real-time analyses of their definitions.
– Management of the organization or individual areas will be able to receive automatically generated strategic advice on risk-related business decisions, such as identifying risk-taking opportunities, reducing unwanted exposures, managing investment portfolios and allocating capital. Here too, leaders will rely on their visual tools to provide advice at any time and with an appropriate level of accuracy (such as specific markets, portfolios, or products). These tips will be based on active analytical processes, meaning that CEOs will rely on a tool that directly displays results related to their specific work, such as the impact of credit and market risk-taking on a country’s risk under different macroeconomic scenarios.
– Customers and partners will be able to receive individualized experiences that meet high expectations. We will be able to be present at key moments in their work, helping them to make more informed decisions, skilfully anticipate their needs and provide customized solutions. Customers will not have to communicate over large channels or browse through piles of paper.
– Regulators will be able to move beyond receiving reports to (near) real-time data reporting. Regulators will be able to immediately perform ad hoc analyses (such as improved stress tests) and enable improved management of systemic risks. Similarly, they will be able to control affiliated organizations in the same, digitally supported way.
What is the most likely future?
The future holds many possible scenarios, however, in the next five to ten years there is still a wide range of possible end-states. Organizations will probably continue to do as they do today, whereas the winners will differ in their ability to take advantage of new digital opportunities and the interface of competition with new digital players in the areas where they have established their presence.
The changes described above will also mean that the skills needed for the risk management of tomorrow will be rather different from those of today by refocusing skills beyond traditional “manufacturing” activities and through flexible analytical and consulting skills. Therefore, risk management teams should be seen as a company’s strategic partner, fully involved in the strategic planning process and agile in managing change.
Risk managers should evaluate where each of their current and future activities can be pursued. Can the task that remains in-house be relocated? Can you automize the tasks, or even rely much more on third-party applications?
How can we help you manage risks?
All these changes, as well as our many years of experience, have led us to the decision to create a new platform that will support the enterprise risk management process in all possible versions of the future. Our goal is to provide risk managers with an ultimate tool for tomorrow. What does that mean?
Such a risk management platform has to be highly adaptable to enable you to work in a cloud or using an internal network; it must meet the needs of one or thousands of users; it must be modular so each organization can mold it to its needs; it should also be open to integration with all types of other existing and future systems; adaptable for maximum automation of data entry and processing, safe and accessible to all at any time or place; full of pre-set good practices, yet able to expand further, complex in performance but easy to use. And, the latter may be the biggest challenge.
Why all this? Because we want to add value to the organization using the SBR platform. We wish to give you the tool that can help you solve serious problems arising from the lack of the right information in everyday decision-making, thereby reducing the time it usually takes to acquire the latter, and last but not least, increasing your value.
PS: If you have a question about risk management or you just want to leave me a comment, feel free to send me a message directly at igo[email protected].
Contact our team if you need help with risk assessment.