Featured Pathways

More pathways

Banking Essentials - Part I

This pathway will walk us through the basics of banks, starting with some of the different types and their main functions, then starting to look at the regulation faced by the banks, both before and after the Global Financial Crisis.

Greenwashing

Greenwashing is the act of distributing false information about something being more environmentally friendly than it actually is.

More pathways

Book a demo

Ready to get started?

Our Platform

Expert led content

+1,000 expert presented, on-demand video modules

Learning analytics

Keep track of learning progress with our comprehensive data

Interactive learning

Engage with our video hotspots and knowledge check-ins

Testing & certification

Gain CPD / CPE credits and professional certification

Managed learning

Build, scale and manage your organisation’s learning

Integrations

Connect Finance Unlocked to your current platform

Featured Content

More featured content

Tackling the Cost of Living Crisis

In this video, Max discusses the cost-of-living crisis currently enveloping the UK. He examines its impact on households as well as the overall economy.

CSR and Sustainability in Financial Services

In the first video of this two-part video series, Elisa introduces us to sustainability. She begins by looking at the difference between sustainability and corporate social responsibility, two terms that can be easily confused.

More featured content

Book a demo

Ready to get started?

Featured Pathways

More pathways

Banking Essentials - Part I

This pathway will walk us through the basics of banks, starting with some of the different types and their main functions, then starting to look at the regulation faced by the banks, both before and after the Global Financial Crisis.

Greenwashing

Greenwashing is the act of distributing false information about something being more environmentally friendly than it actually is.

More pathways

Book a demo

Ready to get started?

Our Platform

Expert led content

+1,000 expert presented, on-demand video modules

Learning analytics

Keep track of learning progress with our comprehensive data

Interactive learning

Engage with our video hotspots and knowledge check-ins

Testing & certification

Gain CPD / CPE credits and professional certification

Managed learning

Build, scale and manage your organisation’s learning

Integrations

Connect Finance Unlocked to your current platform

Featured Content

More featured content

Tackling the Cost of Living Crisis

In this video, Max discusses the cost-of-living crisis currently enveloping the UK. He examines its impact on households as well as the overall economy.

CSR and Sustainability in Financial Services

In the first video of this two-part video series, Elisa introduces us to sustainability. She begins by looking at the difference between sustainability and corporate social responsibility, two terms that can be easily confused.

More featured content

Book a demo

Ready to get started?

Book a demo

Ready to get started?

Changing the pattern of risk management
5 mins to read

Changing the pattern of risk management

Hans-Kristian Bryn

35 years: Strategic risk management and governance

Maximising the value of the half-year and full-year risk processes

Changing the pattern of risk management

Start free trial

Unlock access to all content by signing up to a 7-day free trial

There is currently a rich seam of content available in the public domain which addresses key aspects of the changing risk landscape and the specific risks that the Executive Team, Audit Committee, and the Board should consider as part of their half-year and full-year risk discussions. These risks include for example, AI, concentration, complexity and uncontrollables such as sustained inflation and geopolitical uncertainty.

Based on recent client discussion and interactions, one of the topics that have arisen is whether the risk discussions to support half-year and full-year disclosures are leading to improved decision-making and behavioural change. If this is not the case, it would appear that organisations are focusing too much on meeting governance code requirements rather than leveraging the insights and outcomes of the risk discussions to turn the dial on performance, both from a managing downside and exploiting upside perspective.

It is useful to step back and consider whether the above hypothesis applies to your organisation as we are rapidly approaching the half-year point for businesses with December year-end reporting. Firstly, as set out above, it seems that the focus of many risk processes is to achieve a degree of compliance with rules and regulations rather than focusing on how the effort invested in identifying and assessing risks feed into day-to-day planning and decision-making. Secondly, despite the increased complexity of the risk landscape and the emergence of multiple external (e.g. geopolitical) and disruptive (e.g. business model) risks, many risk processes are overly focused on business-as-usual risks, often characterised by high frequency and low impact. This is reflected in the risks that organisations are focusing on as well as the reluctance to invest time on risks that might have one of more of the following characteristics:

  • High impact and low probability (tail risk)
  • Impact can be direct and indirect (and the indirect might be significantly more important than the direct)
  • Organisations can’t control or influence the probability of the risk occurring (e.g. the risk response is to increase resilience)
  • Risk has previously been under the radar (e.g. concentration risk)
  • High complexity in assessing and modelling the risk and its interaction with other risks (e.g. limited or unstructured data on risk and correlations)
  • Mitigation might include strategic re-positioning (e.g. near shoring or diversification)

If some of these characteristics are present, it is very unlikely that a compliance or code-based approach will generate additional insight and changed behaviour for these risks. Somehow the organisation needs to find a new way of looking at the risks without being constrained by the existing risk inventory, or a perception that the risk process only has value because it maintains or meets the licence to operate requirements.

A forward-looking approach to risk identification, anchored in the strategic and commercial reality of the organisation, has a much better chance of shifting the focus away from business-as-usual to a more strategic look at the context in which the organisation is seeking to deliver its strategy, commitments and objectives. A pre-mortem discussion should, if well crafted, bring previously unidentified risks to the fore, in particular external, strategic and disruptive risks.

colleagues strategising

The outputs should also provide a more robust basis for scenario analysis and the consideration of the aggregate level of uncertainty from the risks – this would also help to improve the viability modelling to support the disclosures that listed companies have to make at year-end.

However, on its own, the pre-mortem will not change behaviour unless the organisation is willing to consider the appetite for these risks. Many organisations that have expressed their preference for the level of risk they are willing to take to achieve their objectives, do not explicitly test the impact that business cases and decisions could have on the utilisation of risk appetite. Or in the extreme, are they sanctioning business cases or decisions that contradict the organisation’s appetite for risk? From the Board’s perspective, encouraging and incentivising management to address risks where the exposure exceeds appetite is a critical element in discharging their responsibilities as well as supporting sustainable value creation.

Organisations that perceive that their risks discussions are ‘thought provoking and interesting’ should also test whether they are putting in place the enabling mechanisms to demonstrate a clear commitment to incorporating the outputs and learnings in planning and decision-making. In previous articles on risk management and governance, Carl Sjöström and I have set out the need for aligning risk management intentions with how reward is structured to ensure that the right behaviours are signalled to deliver the intended outcomes. In this context, our article on risk and reward might be of interest.

Businesses that are seeking to move their risk management process from a periodic ‘meet the requirements’ activity to embedding it in planning and decision-making, should consider the following steps:

  • Incorporate risk analysis and risk appetite into the business case discussions and decision-making criteria, be that for organic and inorganic growth, R&D, tech & AI investments, innovation or market entry decisions
  • Anchor decisions in the agreed risk appetite for the business
  • Have robust discussions about the mitigations for risks with exposure above appetite
  • Make risk management an explicit item on the Exco agenda

These simple steps would make risk management an integral activity to underpin both value protection and value creation. The importance of Exco role modelling both in terms of its own agenda and the questions that they ask in performance reviews and decision-making fora, is a key signal of intent and demonstration of the behaviours they expect.

In summary, this article makes the case for revisiting how the risk management process is conducted currently and some of the changes that can add considerable benefit to performance management and value creation. It also emphasises the role of Exco and the benefit of risk management being an integral part of the Exco agenda and discussions.

Hans-Kristian Bryn
About the author

Hans-Kristian Bryn

Hans-Kristian Bryn is a strategic risk and governance advisor with over 20 years of partner level advisory experience. He is currently a senior advisor to Boards and ExCo's listed on the FTSE 100 & FTSE 250 on risk management and governance related matters. Prior to private advisory, Hans was a partner at firms such as Oliver Wyman and PwC and worked across a wide range of sectors.

Share "Changing the pattern of risk management" on

Latest Insights

Insight

The value of risk appetite

31st October 2024 • Hans-Kristian Bryn