The fact that 36% of organisations plan to increase investment in risk and compliance says it all – risk management challenges haven't gone anywhere.
But you already know that. As a risk manager, head of risk, or even chief risk officer, you’re responsible for business success, reputation management, the safety and security of employees, and loads more.
Whether you manage risk for a small to medium-sized enterprise (SME) or a global business, many of the challenges are the same, spanning from operational annoyances to business-threatening risks.
We’re here to break them down and solve them for you.
👉 Aligning risk management with business goals
👉 Risk processes that are clunky or slow-moving
👉 Cyber-attacks are risk are on the rise
👉 Lack of risk ownership and accountability
👉 Environmental, social, and governance (ESG) risks
👉 Communication and collaboration difficulties
👉 Reporting and data insufficiencies
A tale as old as time.
If we could recommend anything here to focus on, it’d be this.
Too often, business objectives are decided on in isolation. Risk management either goes forgotten about or intentionally dismissed, for fear the company’s GRC professionals will put a dampener on its grand plans.
Not very nice, eh? We’re just realists, that’s all.
In our experience, the organisations that successfully align their risk management and business goals are those that properly utilise their data (we’ll get to that), involve risk management at every phase of decision-making, and communicate, communicate, communicate.
Geopolitical tensions aren’t going anywhere, and the impact of Covid-19 is still felt (it did, after all, have a negative impact on 72% of businesses’ supply chains).
It’s as simple as this: supply chain difficulties are one of the biggest challenges to effective risk management today.
But post-pandemic, businesses are investing more than ever in their supply chains, with a study by EY pointing to a particular focus on efficiency and visibility (top priorities over the next year for 65% and 61% of respondents respectively).
In fact, their study provides a useful, five-step framework for future-proofing your supply chains – a crucial goal for all risk managers, we’re sure you’d agree.
Risk management should never be reactive – but it should still be agile.
There’s a difference between knee-jerk reactions and the ability to recognise risks, rally your resources, and tackle them in a timely, data-driven manner.
That second bit? That’s your job as a risk professional.
But legacy processes (spreadsheets you’ve outgrown), a lack of data (either scattered or simply non-existent), and an excess of stakeholders (too many cooks) can mean when sign-off arrives, it’s already too late.
The solution?
“Keep it simple”, says Sakir Salih, Head of Compliance at Bondsmith.
Having worked at firms like Goldman Sachs and Barclays, he knows a thing or two about what makes a good risk process. But his history in the profession also means he’s experienced the full spectrum of agility.
“I’ve seen risk management solutions grow into something all-consuming, eating up time, energy, and resources.
“The most important thing is a simple interface that’s understood by everyone who needs to understand it.”
If you’re looking for a risk management platform with an interface the former Chief Risk Officer at Visa described as intuitive and efficient, click here to book a no-commitment demo of RiskSmart.
You don’t have to look hard to find a boatload of terrifying cyber risk stats.
You know the story. A highly remote workforce means cyber concerns are here to stay. New technologies in businesses are rolled out slower than ever. There’s less overall control of company devices.
We spoke to Chris Eastwood, co-owner of the Rybec Group – a leading cyber security consultancy – on the best course of action.
Here are his four recommendations:
Bonus tip: “Consider cyber insurance”, says Chris. “It can help protect you from the financial losses associated with a cyber-attack. Just Cyber Essentials certification alone can give your business free cyber insurance cover up to £25k.”
A common issue we hear on our discovery calls.
But it’s more than the fact no one wants to be the fall guy – it’s usually a practicality thing.
Risk processes often aren’t mature enough to allow for ownership. Spreadsheets certainly don’t, unless there’s a given column reserved for each member of the GRC team. To be honest, we’ve never seen it work well – except for on software.
There are no quick fixes here. Instead, look to establish a more mature risk culture in which risk is understood – not shied away from – throughout the business.
Consumers are demanding more than ever.
In fact, 88% prioritise buying from companies that have ethical sourcing strategies in place.
But the fact remains: getting ESG right is … kinda difficult.
Environmental risks, for example, may be universal, but they’re also less tangible. That means they’re hard to measure. And us risk managers like measuring things.
But even considering climate risk as part of your overall risk management strategy will, at least for now, put you ahead of 90% of businesses, both in terms of risk avoidance and business smarts.
Because outside of the moral imperative of impending climate disaster, there are opportunities to be found in engaging with ESG more openly.
For example, a joint study from McKinsey and NielsenIQ found that products boasting ESG-related claims averaged 8% more cumulative growth over the past five years than those that didn’t. A “solid business decision” indeed.
But don’t just start throwing hollow claims around, because those very same consumers are increasingly skeptical of brand claims.
Instead, we recommend partnering with climate consultancies like TBL Services, along with pushing for the continuous discussion of ESG and climate risk in both your risk management and business-wide decision-making.
This is a biggie.
Communication is at the heart of effective risk management and needs to be understood from the top to the bottom.
The problem is that most risk processes aren’t built with collaboration in mind. Spreadsheets are usually structured to the original owner’s taste and permissions are easily confused.
The majority of risk solutions out there are no better, either – your GRC team’s true potential can be easily gatekept by systems built around pay-to-play, with extra users costing way into the thousands.
To make communication and collaboration challenges a problem of the past, you and your team should consider the following:
Remember what Chris told us earlier?
Identifying your risks and putting controls in place isn’t enough.
How do you know they’re working? How do you know they’re as effective now as they were six months ago? How do you know they’ll still work a year from now?
Sure, be confident that you have data, but just knowing it’s there isn’t enough. Effective risk management is all about constant monitoring.
So familiarise yourself with your data. Understand what you have access to. Become intimate with it. Not in a weird way.
And, again, if the need to produce monthly or quarterly presentations for meetings is eating into too much of your time, scope out the GRC platform market for a solution with powerful reporting capabilities, so you can be ready to go at the push of a button.
Because no one became a risk manager so they could do makeshift graphic design on PowerPoint.
Quick fixes rarely exist in risk management.
But by addressing the common challenges listed here – and you’re sure to resonate with some of them – you’ll be freeing up time, enabling more business, and, importantly, enjoying your job more than ever.
Ocean Finance was experiencing several of the challenges listed here before making the switch from spreadsheets to RiskSmart – find out how it turned its GRC efforts around here.