COVID-19 highlighted the value of risk management across all businesses and consequently brought a heightened awareness of risk and responsibility. However, many organisations are still lacking when it comes to the updated skills and knowledge needed to deal with the ever-changing risks of the modern world. Asia Insurance Review spoke to Risk Management Institute of Australasia’s Mr Simon Levy to find out how businesses can improve.
Risk is a fact of life, and business fork out a good amount of money to minimise and mitigate the risks they face. However, risk is also something that continually evolves and changes and risk professionals need to be constantly updated and upgraded in order to do their jobs.
“The skills and knowledge gap within the risk profession is becoming more pronounced as the pace of change accelerates,” said Risk Management Institute of Australasia (RMIA) CEO Simon Levy. “Many traditional techniques and data are no longer relevant. The rise of artificial intelligence and automation demands specialised skills that outstrip the existing talent pool’s capabilities. To keep up, businesses need a fresh approach to workforce development.
“This means focusing on skills development and leveraging professional associations to raise the bar. We must anticipate emerging skills, foster a culture of continuous learning and embrace innovative training methods like e-learning and reality simulations. By collaborating with technology partners and research institutions, we can identify skill gaps and design targeted educational programmes.”
But the risks associated with the skills gap must be addressed. The impact can be devastating when combined with other factors such as supply-chain disruptions or cyber security breaches. A comprehensive risk assessment considering these interdependencies is vital for effective risk management.
Surveying the region
According to a survey conducted by RMIA – the most extensive survey of its kind undertaken in the region – cyber threats were considered the greatest growth challenge for the next three years. The survey’s 500 respondents also said that top issues facing the sector were the knowledge and skills gap, uncertain economic growth and changing customer behaviours.
With technological advancements, globalisation and interconnected systems, organisations (regardless of size or complexity) face threats, including cyber attacks, data breaches, geopolitical uncertainties and supply-chain disruptions. These risks transcend traditional boundaries, making them easier to identify, assess, and mitigate with the right capabilities.
“One of the major hurdles is the speed at which risks can emerge and change, often leaving traditional risk management practices inadequate. Additionally, dealing with new threats poses challenges due to a lack of historical data or experience to draw from,” he said.
The commitment of boards to risk management varies across organisations. While some proactively invest in innovative technologies and hire skilled professionals, integrating risk management into their decision-making processes, others underestimate its importance. Unfortunately, for the latter, risk management is seen as a cost centre rather than a strategic function, resulting in insufficient resource allocation.
At the same time, many organisations view risk management as a mere compliance-focused exercise, overlooking its potential as a strategic enabler for long-term objectives. This short-sightedness can hinder their ability to navigate the business landscape effectively.
“Surprisingly, our research study reveals that 70% of risk teams in the country consist of fewer than five individuals. It’s about more than having adequate resources; it’s crucial to equip risk professionals with the skills and knowledge needed to thrive in the changing business environment,” he said.
Elevating the profession
“Risk management has become integral to everyday decision-making in today’s fast-paced business environment. The increasing presence of non-functional risk professionals highlights the recognition that sound risk management practices contribute to overall business success. And the recent experience of the COVID-19 pandemic has demonstrated the value of risk professionals in supporting organisations through challenging times, presenting a new frontier for the risk management field,” he said.
The risk professionals gained significant goodwill and positive sentiment, aligning with the broader perception of the industry. In the post-COVID-19 era, there was a growing appreciation among industry risk professionals regarding the profound impact of risk management. Risk management is now fully integrated into every aspect of business operations, which reinforces the fact that risk is everyone’s responsibility.
While the industry faces broad and complex risks, success hinges on deep expertise in risk management and the ability to influence business outcomes and decisions. However, Mr Levy said that it was essential to address gender disparity within this profession and work towards creating a more diverse and inclusive workforce.
Despite the efforts that risk management professionals made to enhance and improve their field, problems still abound.
“Here we are, more than halfway through 2023, still facing corporate failures and royal commissions with findings related to poor decision-making, toxic cultures, questionable ethics and integrity and ignoring company policy,” he said. “The driver for this, organisations still need to understand the importance of risk decisions. Making the profession’s role even more critical in guiding this failure to do so will continue, exposing them to significant reputation damage from cyber attacks or being too occupied with green hushing.
“This is why there is a fundamental need to raise the standard. This is no longer a choice. It is an essential step towards creating resilient organisations that can withstand the complexities of the modern world.”
Taking action
Effective risk management is a significant concern that board members must address. With diverse backgrounds, these individuals need a comprehensive understanding of risk-oriented principles. “By harmonising strategic deliberations and risk management, we strike a delicate balance. But we must recognise the challenges of immediate performance and long-term risk perspectives,” he said.
Corporate failures underscore the crucial role of organisational culture in risk management. Culture shapes an organisation’s risk inclinations and biases, often relying on past achievements. In today’s complex business landscape, interconnected risks abound, and boards need more resources to navigate these challenges.
To overcome these hurdles, organisations should prioritise enhancing their risk acumen and fostering proficiency among management. Cultivating a risk-aware culture becomes paramount. Long-range aspirations must align seamlessly with risk-mitigation strategies. Additionally, leveraging technology and data analytics empowers informed decision-making.
“In summary, boards must embrace risk management with vigilance. By fostering a culture of awareness and
leveraging innovation, we navigate the intricate web of risks that define our contemporary business world,” he said.
Dealing with cyber
The ever-changing landscape of cyber security is shaped by the ever-evolving tactics of cyber criminals and the increasing interconnectedness of our digital systems. The risks that emerge in this domain are constantly surprising, with new attack vectors and malware variants appearing astonishingly. This rapid evolution requires a dynamic and adaptable cybersecurity strategy that quickly responds to emerging threats.
“To tackle the velocity of emerging risks, businesses must adopt a proactive approach by continuously monitoring their systems, sharing threat intelligence, and developing rapid incident response plans. As cybersecurity experts suggest, collaborating with industry leaders, participating in information-sharing forums, and investing in innovative security tools are essential steps towards staying ahead of cyber threats,” Mr Levy said.
“Furthermore, we must recognise the aggregating effect of cyber security risks. A single vulnerability within our interconnected ecosystem can expose multiple cyber attack entry points. This underscores the importance of implementing a comprehensive cyber security framework encompassing technology safeguards, promoting employee awareness, conducting vendor assessments, and managing third-party risks effectively.” A