@ the IERP® Global Conference, October 2022
Presented by Ramesh Pillai, Chairman of the Institute of Enterprise Risk Practitioners, this session covered ten trends that could significantly alter the risk landscape and change how firms respond to and manage risk. Explaining that there were two parts to the presentation, Ramesh said that it would cover current general trends and trends that were expected to develop over the next ten years. The ten trends he presented revolved around three themes: organisations’ responses to risk; the consequences of risk; and the onslaught of risk. The entire nature of the risk discipline was evolving, Ramesh said, but the conversations about risk were changing in tandem.
Organisations today were becoming aware that risk was not something to be avoided but could instead be an effective tool to create value and help firms achieve better performance.The ten trends he identified were:Human decision-making increasingly augmented by cognitive technologies;Controls becoming pervasive;Risk insights increasingly informed by behavioural science;Vigilance and resilience complementing prevention as leading practices;Broadening in scope and application of risk transfer;Innovation leading regulation;Risk becoming a performance enabler;The networked economy demanding collective risk management;Disruption dominating the executive agenda; andReputation risk amplifying and accelerating.
“Risk is good. Risk is not bad,” he asserted. “But risk is only good if we are in control of it and not if the risk is controlling us. Some people seem to want to avoid risk because they think risk is bad, but the reality is – no risk, no returns. We have to manage the risk. Sometimes we want to increase the risk. The challenge is how much of it to take on. This discussion will provide a guide to where the potential opportunities lie, and also where the potential pitfalls may come from.” With the quantities of data now becoming increasingly available, smart systems are likely to be applied more to risk management. Controls will thus become more pervasive, to monitor and manage risks in real time.
Risk perceptions, risk behaviours and risk-related decision-making will be spurred by behavioural sciences, and organisations will realise that risk cannot be completely prevented; thus vigilance and resilience will increase. They will also use a wider range of risk transfer instruments such as insurance, contracts and a range of financial instruments for better protection from cyberattacks, climate change, geopolitical risks, terrorism and business disruption, among other things. The consequences of organisations’ responses to risk will result in innovation taking the lead over regulation, i.e., things will be invented and used first, before regulation can be put in place to manage or police them.
“The pace of innovation is accelerating and can no longer be held back by regulation,” Ramesh said. “Regulators have to find a way to keep up with this. The problem is that regulators often over-control, and the minute you over-control, you stifle innovation. The minute you stifle innovation, you stifle value creation.” He pointed out also that risk will become a performance enabler because when risk is identified and managed, it drives performance and strategy. “People are starting to understand that when you do sustainability risk management, it is just about doing good risk management.” The networked economy will demand collective risk management to identify, manage and reduce risk.
As businesses are increasingly interconnected to partners, vendors and suppliers across global markets, any significant risk in one area or industry could have a ripple effect on other areas, industries or categories. Emerging technologies, transforming business models and changes in ecosystems are all causing disruption at unprecedented levels. All this is forcing organisations to make significant strategic choices to improve their competitiveness and sustainability. Today’s hyper-connected world also makes it necessary for organisations to be more proactive about addressing accelerated, amplified risks because these may have a significant impact on their reputations.
Many businesses, realising that risks today are more connected, and recognising that disruption is set to continue while the business environment increases in volatility and uncertainty, are more concertedly re-assessing the risks they face. Addressing the issue of what organisations should prepare for, in the face of the rapidly advancing digital world and the parallel need for resilience and agility, Ramesh presented the Top Ten Risks for 2022 and 2031.
Top Ten Risks for 2022
- Pandemic-related government policies and regulations impact business performance
- Succession challenges, ability to attract and retain top talent
- Pandemic-related market conditions reduce customer demand
- Adoption of digital technologies requires new skills or significant efforts to upskill/reskill existing employees
- Economic conditions, including inflationary pressures, constrain growth opportunities
- Increasing labour costs impact profitability targets
- Resistance to change operations and the business model
- Inability to utilise data analytics and ‘big data’ to achieve market intelligence and increase productivity and efficiency
- Cyber threats
- Shifts in expectations about social issues and diversity, equity and inclusion (DEI) outpace organisational response
Top Ten Risks for 2031
- Adoption of digital technologies requires new skills or significant efforts to upskill/reskill existing employees
- Succession challenges, ability to attract and retain top talent
- Rapid spread of disruptive innovation outpaces our ability to compete
- Substitute products or services arise that affect our business model
- Economic conditions, including inflationary pressures, constrain growth opportunities
- Entrance of new competitors and other industry changes threaten market share
- Impact of regulatory change and scrutiny on operational resilience, products and services
- Resistance to change operations and the business model
- Hybrid work environment and changes in nature of work challenge ability to compete
- Inability to utilise data analytics and ‘big data’ to achieve market intelligence and increase productivity and efficiency
“People and culture are at the top of the agenda,” he said, contextualising the risks on both lists. “Whatever happens, it’s all about people and culture now, and in ten years. We need to deal with this. Concern with the pandemic continues, and we will still see supply chain disruptions.” Emerging risks are important, and risk managers need to think differently. “The problem with risk managers is that they are too analytical in their thinking approaches – which does not support effective emerging risk identification practices. What is required is more synthetic and syncretic thinking for effective emerging risk identification,” he said. “We also need to support the entrepreneurs in our organisations so that our organisations can do better.”
Ramesh concluded by explaining there is increasing focus on ESG, particularly in the area of climate change; the pandemic has permanently altered the business landscape and global supply chain; and volatile geopolitical environments are exacerbating these further. Factors like cyber risks, sanctions, rising costs, shortages and a changing work environment are adding to the disruption. Organisations have to deal simultaneously with internal and external transformation challenges. They will have to adapt more quickly, and develop greater agility and flexibility to build better resilience and more effective sustainability.