@ the IERP® Global Conference, August 2024
“It’s no point talking about one year. That’s not a trend,” said speaker Ramesh Pillai at the outset of his presentation. Instead, he spoke about what participants were likely to see over the next ten years. “The reason for this is that if we can see the direction we are moving in, we can plan better. Boards, management and C-Suites will have a better idea of what they should be preparing for.” The trends he spoke about, however, were not generally standard for the whole world, he added, pointing out that while they were generally common, different parts of the world had different concerns.
In Latin America, the current concern is the change in interest rates. North America, Africa, and Asia were concerned about economic conditions, including inflationary pressure. Europe, India, Australia, and New Zealand were concerned about attracting, developing and retaining top talent, managing shifts in labour, and addressing succession challenges. “The one striking thing is that things come down to fundamental uncertainty,” Ramesh said. “There are multiple sources of uncertainty, a wide range of near-term horizon risks, and a global environment facing significant change.”
This changing, uncertain world was also being driven by geopolitical developments such as the situations in Israel, Palestine, Lebanon, Russia and Ukraine. There were many economic concerns, and because we now operate in a technologically driven environment, technology risks were critical. “Cybersecurity is top of mind,” he cautioned. “There is no such thing as (having systems that are) absolutely impenetrable. If you have that attitude, it is very worrying.” Businesses were becoming more dependent on outsourcing, further intensifying the issue of security.
All technology risks are interrelated; boards and management must understand this, but with people at the front and centre of everything, systems fail because people fail. “Controls are executed by humans,” he said. “When humans fail, everything is left wide open. We have to make sure we have the right people in the right place at the right time.” That means besides upskilling employees and improving or replacing legacy systems, we also must find ways of working with different generations of workers to leverage different skills.
This race for talent is driving up labour costs; everyone is competing for a limited talent pool. This has led to many organisations taking the outsourcing route to keep costs down but this sets another challenge: making sure that the third parties you rely on, are doing their jobs properly – which again raises costs. While large organisations can manage this, SMEs or micro-SMEs will find it difficult. “Anyone can manage a business in good times but the challenge is how you manage the business when things go wrong, but in today’s environment, everything goes wrong simultaneously,” Ramesh said.
Additionally, regulators were becoming more demanding as they strove to protect the public. Regulatory scrutiny was also likely to increase, as regulators intervene to better manage the economy. “It’s all about good governance and transparency,” he said, urging the setting up of proper compliance management programmes, following ISO 37301 guidelines, for instance. The risks we face now are likely to have a lingering effect over the next decade or so; we are still living in uncertain times, and the uncertainty is unlikely to go away.
There are multiple sources of uncertainty as everything is interconnected. Two of the main issues are technological disruptions and geopolitical risk; new technological developments are going to drive the disruptions. “We need to remain vigilant,” Ramesh advised. “Resilience is key. Because of the concept of fundamental uncertainty, you can’t look forward based on past experience. All the constructs and assumptions you used to make concerning relationships and business functions don’t work. Geopolitical risks are critical; geopolitical events are driving notable changes. We have absolutely no idea what will happen.”
Generally, rising labour costs, skilled labour shortages, outsized or undersized government stimulus, general uneasiness in the direction of business, cybersecurity, data privacy and big data are all critical issues. “There has been an explosion of data but…we haven’t seen greater protection of data privacy,” he continued. “How do we know our data is secure?” People-related risks are top of mind; there is a skills shortage; prices are going up; there is disruption because of technology, which is exacerbating the skills shortage even more; and there are changes in work patterns.
“People don’t want to work in the office, they want to work from home, but for innovation to thrive, ideas have to collide – and you cannot do that virtually,” he pointed out. “You must be physically present for ideas to collide. Third-party risks, regulatory changes and scrutiny, climate change and sustainability risks are very important and must be dealt with. While some people think it’s not real, companies have to deal with it from a corporate perspective.” The question we need to address is, “What must be done in the near term to ensure agility and resilience in the next decade, when there is going to be significant disruption?”
Ramesh urged Risk Professionals to focus on getting reliable information for decision-making, build reliable forecasting and re-forecasting capability, and monitor customer and vendor strength. “Don’t forget employees. Without them, you have nothing,” he warned. He also urged Risk Professionals to understand the substantial threat of ransomware. “When it comes to ransomware, your people are one of your biggest risks,” he said. “You have to assume you will be impacted at some point, and you need to make sure you can recover quickly.”
Other areas of concern include generative AI, quantum computing, cybersecurity, and retaining suitable talent in these fields. Organisations need autonomous, cross-functional teams to review opportunities, formulate strategy, establish evaluation frameworks, and initiate pilot programmes. Ramesh stressed that Risk Professionals needed to drive innovation, hence the ability to manipulate technology, and have the appropriate mindset when seeking talent. He advocated instituting rolling talent forecasts and deploying new skills.
An eye should also be kept on the geopolitical landscape; no one is isolated any more. “Be aware of what is going on, stay informed, and include geopolitical risk in your risk assessments,” he advised. “Develop contingency and resilience plans, especially in relation to your supply chains. Be mindful of escalating legal, credit and reputational risks because of the geopolitical situation, and consider your responses.” Doing all this requires proper oversight, so the Board and senior management must keep watch.
Oversight must cover ensuring the robustness of risk management considering the evolving business and geopolitical environment. “Assess and make sure you are aligned with strategic planning, that there is proper accountability for risk ownership and effective Board communication,” Ramesh said. “Ensure there is proper tone from the top. Assess the impact of leadership and culture on the risk management process. The risk trends in the 2024 to 2034 decade are intricately connected; most of the risks we face in 2024 are still going to be there in 2034.”
