We are living in a world of uncertainty and the ranges of possible outcomes of many of the events we are facing are not known. What will the impact of generative artificial intelligence on society be, for example? Historical data and statistics cannot help us determine the likelihood of any particular outcome occurring when we are faced with uncertainty, so traditional risk management techniques such as stress testing will be of limited use in the circumstances; stress testing relies on the notion that we know the range of potential outcomes. Kathryn Kerle advocates storytelling and supplementing traditional approaches with reverse stress testing as useful techniques that can help us manage risk more effectively when dealing with uncertainty.
Read More
The value of risk management - where is the evidence?
Is there really any evidence suggesting that mature, more successful organisations tend to operate more mature risk management frameworks? A recent Risk Coalition Risk Committee Chairs Forum (RCCF) discussion explored this question. The discussion highlighted the crucial role boards play in setting the right tone at the top, as well as the importance of fostering a risk-aware culture, where challenging assumptions and discussing risks openly are encouraged.
Read More
Enhancing audit quality: a new risk-based approach leveraging big data
Audit failures have appeared in the press headlines far too often, yet concerns raised about the effectiveness of the auditing profession - and its ability to identify and address potential risks - have never gone away. Olivier Beroud asks why audit failures happen, and how can they be prevented. He argues that an approach based on big-data mining, combined with powerful analytics, could provide the foundation for a risk-based approach that could enhance audit quality and that restores confidence in auditing.
Read More
Artificial intelligence: the challenges of existential AI
Artificial Intelligence (AI) has emerged as a powerful tool that holds immense potential to transform various aspects of our lives. As much as the benefits it can bring, Dr Hammou Messatfa points out the crucial need to recognise and address the existential threats associated with AI’s advancement. He discusses the distinction between trustworthy AI and existential AI, and explores the concept of ‘unaligned AI systems’ - noting that the risks associated with this could be greater than existential threats such as pandemics, climate change, and nuclear war.
Read More
What's the value of risk management… and why hasn’t anyone been able to prove it?
There seems to be relatively little conclusive evidence to prove the value of all the risk management activity that Is going on. The Risk Coalition’s newly established CRO Forum recently considered how risk management activity can move beyond simply being seen as a cost to the business to become genuinely value adding. As Chris Burt explains, participating risk leaders believe that a shift in mindset is needed, and there also needs to be a change in the role of risk management to facilitate strategic decision-making.
Read More
Transition plans: engagement is key to insuring the transition to Net Zero
The most recent of the Risk Coalition’s Risk Officers Sustainability Forum (ROSF) roundtable discussed ‘Transition planning and associated risks’. Alex Hindson sets out his key takeaways from this discussion, pointing out that it is important to start by acknowledging transition plans will be complex. He says to be successful requires effective engagement whilst being transparent about progress is also critical. He identifies three key questions that all organisations should be asking themselves in relation to their transition plans.
Read More
Navigating Not Easily Quantifiable risks: the role of the Board Risk Committee
In an increasingly complex and uncertain business environment, not easily quantifiable risks pose significant challenges to organisations and their boards. The role of the board risk committee becomes paramount in addressing these risks effectively by facilitating exploration, encouraging alternative perspectives, and advocating for a comprehensive risk management approach. Chris Burt from the Risk Coalition summarises discussions from a recent roundtable meeting of the Risk Committee Chairs Forum,
Read More
Data and digital risk prevention: a business risk and a business opportunity
Data breaches and digital controversies can severely damage an organisation’s brand and its company valuation, so boards need to be vigilant to ensure the safety of their data and the continued success of their business. Steve Sanders and Lisa Burton explain that taking appropriate pre-emptive steps to protect data will minimise risk and create a safer, more secure environment for all stakeholders involved. They advocate the creation of a Digital Risk Committee, an internal multi-disciplinary team that avoids the risk of siloed working, and which delivers real benefit within an organisation.
Read More
Risk management – a special discipline, a culture, just boring, or what?
Despite the focus on risk management organisations keep stumbling over risks that subsequent analysis shows were identified at the time, and which could have been prevented or mitigated. Merlin Stone says it is often projects or products which might infringe risk appetite of an entity that are the most successful, and adhering to a formal risk appetite might otherwise prevent potentially successful opportunities being pursued. He proposes an alternative approach.
Read More
Risk-driven application security testing - four steps to securing business-critical applications
Board members will often say that a cyber attack is top of their ‘worry-list’. Richard Hollis explains that 84% of cyber-attacks occur at the application layer. He adds that this is the easiest to attack and the hardest to defend as it is the most exposed and accessible. Consequently, applications are the primary attack vectors for threat actors today. He suggests a straightforward and pragmatic 4-step process for ensuring the security integrity of business-critical applications prior to launch.
Read More
Risk in the spotlight again: banking failures and lessons for risk committees
The banking sector has been hogging the headlines in the last week or so. Silicon Valley Bank and Credit Suisse, amongst others, have been rescued or propped up as their customers were fleeing. A number of factors may lie behind the collapses but, as Garry Honey argues, risk oversight by the board in each case was left wanting. He argues that foresight was lacking in their analysis of risk and, as a result, boards failed to see the inevitable.
Read More
Bringing risk into the heart of the organisation using rituals
Her extensive work in the area of purpose, people and culture has shown Alex Walker the important role that workplace rituals play in embedding culture. She points out that rituals increase team bonds, boost performance and lead to an increase in meaningful work and organisational citizenship behaviours. This is good news for an organisation’s risk culture, she says, as introducing appropriate rituals can influence attitudes to risk and help create a more risk aware environment.
Read More
Seven-year itch - reflections of a chief risk and sustainability officer
After seven years in role as a Chief Risk & Sustainability Officer, Alex Hindson has recently moved on. Much (but not everything) has changed in this time so he has taken this opportunity to reflect on his tenure and the role he has undertaken. In this Risk Coalition blog, he considers how things have changed in the world of risk and sustainability. In the final analysis, Alex recommends that organisations work out what ‘Sustainability’ means for them and that they define their own ambition. He also cautions not to over-promise or to over-commit. Do less but do it well, he says, and at all times be authentic and be proactive.
Read More
When dominant CEO meets weak Chair, risk inevitably follows
Successful organisations are typically led by strong chief executives but when this ‘strength’ veers towards a dominant style, unhealthy board dynamics often ensue. Michele Gorgordian explains that this highlights the importance of good dynamics and a constructive relationship between chair and chief executive, and that this means an effective chair that orchestrating proceedings is essential. Without this, there will be substantial governance risks.
Read More
Greenwashing - to disclose or not disclose, that is the question?
Each group of a company’s stakeholders will have differing levels of influence, and will each contribute to shaping the context within which an organisation determines its sustainability strategy, says Alex Hindson. This sustainability strategy will drive what each organisation prioritises and reports on. But how does management determine what is relevant and appropriate to disclose? Alex says a risk-based approach can help companies determine their sustainability agenda and focus on priorities.
Read More
Boards, risk professionals and internal audit must work together to navigate the ‘perfect storm’ of high-impact interlocking risks urges Chartered IIA
The Chartered IIA’s recently released ‘Risk in Focus 2023’ report provides an excellent picture of risk trends. Cybersecurity remains the top risk for the fifth year in a row, but the most dynamic rising threat to watch out for is Geopolitical and Macroeconomic Uncertainty. With an increasingly challenging risk landscape, Emma Expo considers what should internal audit, risk professionals and boards could do to navigate the more risky, uncertain and volatile times ahead.
Read More
The changing role of risk executives at board level as a result of Consumer Duty requirements
The introduction of the Consumer Duty by the Financial Conduct Authority has highlighted a changing and more strategic role required from chief risk officers, says Nicola Wee. The Consumer Duty has far-reaching impacts on regulated firms, affecting everything from operations to culture. Drawing on a recent survey of senior risk and compliance executives by regtech firm Aveni, she explains chief risk officers are perfectly placed to lead and implement the data-driven strategy that is now expected and she discusses the nature of changes they are implementing.
Read More
The board’s role in reputation risk management
So where does a company’s reputation fit in its risk framework which comprises risk strategy and risk appetite, risk management policies and procedures, and that the culture and behaviours that support it? David Butler argues that organisations’ reputation risk doesn’t appear on board agendas often enough, nor does it get proactive attention from boards. As a result, it is usually too late into a crisis situation that the board gets involved. He discusses the issues and suggests what needs to be done.
Read More
Losing sight of culture-related risks
The last iteration of the UK Corporate Governance Code really brought corporate culture and purpose into focus. However, the Financial Reporting Council’s recent reviews of corporate governance reporting showed many businesses were slow to respond to the new reporting requirements, raising questions about whether these matters were given sufficient attention by some boards. Rafal Budzinski reflects on this progress and offers some suggestions for boards to take matters forward pragmatically.
Read More
Energy resilience - a risk boards cannot ignore
It is becoming increasingly evident that UK and European energy system will face significant risks this winter as Europe attempts to replace Russian gas that it has relied heavily upon in recent years. Boards have a key governance role to play, providing effective challenge in the area of energy supply, asking the right questions. Nigel Hobson sets out the context and explains what questions boards should be asking.
Read More