• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact

Risk 2.0: Rebooting for Modern Risk Management (part 1)

August 11, 2022

The time for CROs and Risk teams to change the approach to their work is now well overdue, and is now becoming essential given the changing, challenging and increasingly dynamic environment organisations face.  In the first of two blogs for the Risk Coalition, Keith Davies sets out the case for change given the different risk profile organisations face in the modern world.  In his second blog (to follow), he will discuss how Risk teams need to change to ensure they remain relevant to their boards and businesses.

A time for change

Risk teams have traditionally focused on identifying the most significant threats to an enterprise’s current financial and operational position, and reducing them – at times in line with the “As Low as Realistically Plausible (ALARP)” seen in industries with physical hazards.  However, with the geopolitical, macro and technology environments all changing at an accelerating rate, and stakeholder capitalism raising the importance of firms’ social licence to operate, Risk teams now need to manage a raft of emerging, complex, and inter-connected tangible and intangible risks.  To date, there has not always been the commensurate change in activities and mindset of risk functions needed to protect and optimise firms’ long-term value in this new post-pandemic world.

Risk coverage for the modern world

The scope of risk activity has to reflect the changing risk profile of firms and encompass all drivers of a firm’s long-term value.  This requires refreshing existing non-financial coverage to reflect the changing nature, location and dynamics of business operations: including the increased importance of supply chains, digital distribution, servicing and communications, data as an asset, innovative technology (artificial intelligence (AI), machine learning, IoT etc), cryptocurrencies etc  – all of which can create risks and opportunities for firms.

In addition, risk teams must also focus on those less tangible, non-financial risks that have previously not been explicitly quantified or managed but which have a material financial impact: for example, reputational risks are estimated to comprise a third of the balance sheet of many companies[1].  The required changes in activity include:

  • extending the scope of people risk beyond people processes to cover all factors (e.g. company purpose, culture, hybrid working environment, DE&I, etc) that drive a firm’s ability to hire, motivate and retain talent

  • assessing strategic risks - such as geopolitical risk, climate and sustainability risk – and their impact on other risks holistically, rather than managing them tactically or as add-ons to certain operational and financial risks

  • understanding the (sometimes conflicting) expectations of different stakeholders and the importance of social license to operate, trust, ethics and reputation in a world where harm to any stakeholder can be instantly recognised and amplified by digital media

  • not covering risks in individual silos, but also taking a holistic view of how they combine and interact with each other (e.g. AI and ethics, cryptocurrency and financial crime and reputation risk, and geopolitical impacts on the market, cyber & supply chain risks), and looking for ‘stacked risks’ – where the combined impact of an event is greater than the sum of its individual impacts

  • extending risk management to include oversight and understanding of complex supply and value chains and any risks by association.

Consequently, the modern risk team needs to look at a much wider range of risks than the traditional financial and operational risks, both within the firm’s perimeter and beyond. Indeed CROs should be interested in all aspects of the business environment that are material enough to concern the CEO.

The CRO’s new challenges are to join the dots to provide holistic foresight, be more commercial, give greater focus to resilience and to embrace new tools that are available to better equip the Risk team in undertaking its work. These aspects will be considered next week, in the follow up to this blog.

[1] The 2021 UK Reputation Dividend report estimates corporate reputation contributes a third (33.8%) of FTSE-350 market capitalisation, versus 25% (a Covid-driven 10-year low) in 2020 and 35.3% in 2019.

Keith Davies, Chief Risk & Compliance Officer at Federated Hermes Limited, is a commercially-focused CRO with a passion and track-record for change and implementing risk frameworks that support all aspects of business strategy – including financial, operational, digital, behavioural, reputational and ESG/sustainability risks. He has worked for over 20 years in global insurance, asset management and banking.

Tags: Keith Davies
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson