Are We There Yet?

October 2, 2015

Risk management as a studied and documented practice is believed to have started evolving in the 1950’s, largely resulting from the reality that insurance, the risk management option of choice for a large part of the previous four centuries, had become an increasingly costly, and rather imperfect solution. A large proportion of business risks had become simply too expensive, or even impossible to insure. Very large companies began to develop and implement methods to self-insure against risks (e.g. co-operatives, employee benefits such as UIF, self-funded healthcare plans and policies, executive compensation, pension funding, etc.), the thinking being that by calculating the costs of the risk, and paying any “claims” out of an internal pool of funds, the process would be more cost-effective than buying commercial insurance. This practice of internalising risk management as it was understood at the time, had the knock-on effect of leading organizations to dedicate more and more resources to the mitigation of these risks.

If one goes back to before the 1600’s, superstition and religious beliefs were the order of the day when making both commercial and personal decisions. The future was determined by fortune, instinct and divine decree, with our fates controlled in an unclear and pre-ordained manner. The renaissance, and its effect on the world of science, and how we view the universe we live in, had a profound impact on risk management and the quantification of risk as we now know it. Just one discovery, the theory of probability, enabled people to make decisions based on numbers and statistical data, ensuring the old methods of divination, ritual dances and sacrifices as appeasement to the gods suddenly became antiquated and unfashionable. There was a rampant passion for science and the future, leading to religious instability, bourgeoning capitalism, and a flourishing quest for knowledge. And with this came rapid development in human understanding of probability, from the purely mathematical realm, advancing into the nefarious world of gambling, and betting in line with the odds of an occurrence, life insurance assessed using the timeline of mortality, through to the modern world of statistical analysis, modelling and scenario planning.

The global financial crisis in 2008 ensured that risk management became a far broader discussion. One of the factors that played a major role in the crunch was a growing obsession with very detailed aspects of risk, without enough contemplation of the broader, enterprise view. Senior risk professionals now consider a universal, all-inclusive view of enterprise risk (ERM) to be far more pertinent and effective than narrowly-focused, traditional risk management endeavours.

Modern risk management has also seen these principles develop beyond just the realms of finance, and the impact of financial losses. From an approach meant to manage and mitigate downside losses to the bottom line, far more consideration is now been given to risks throughout the organization on a holistic level, and their impact on the strategy of the company. Upside risk has also been given far more attention, and strong argument can be made that upside risk is risk management in its purest form, with well-controlled and calculated risk-taking being prioritized over risk mitigation or avoidance in certain risk areas. As opposed to just focusing on the achievement of a single objective, upside risk management ensures that attention is paid to a much larger range of potential outcomes.

Upside risk seems to be a concept that is being embraced more readily within the corporate culture, offering greater control of the compromises being made, and encouraging a more flexible, nimble method of dealing with uncertainty and responding to risk factors.

So, we’ve moved from a position of leaving our fates in the hands of the gods, to taking control of our corporate destiny, and driving the achievement of our commercial goals. What is the next step on this incredible journey that is risk management? Just as the advent of scientific research kicked off the wave that we’ve ridden till now, perhaps, as in most spheres of life, technology will be the driver that guides risk management down the path of uncertainty that lies ahead. Technology that enables the risk manager to take the guesswork out of the rating process, providing in-depth analysis throughout the organization’s environment, both internally and externally, and empowering better decision-making up and down the executive chain of command. Just one example of this is the way that cloud computing has begun to revolutionize the way we store and access big data, coupled with the advent of cyber and data security measures to protect one of our organization’s most valuable resources – data.

Globalisation has made an in-depth level of understanding, and a well thought out control strategy essential if an organization is to negotiate the minefield that is the global market. Enterprises who don’t take cognisance of their risks and the impacts they have, are and will continue to fall behind and struggle to adapt or survive. As business continue to innovate, and competition becomes fiercer, it is logical that more risk will need to be taken on. And don’t believe for a minute that throwing up the defences will ensure survival. Going on the offensive, and taking risks that add value, in a controlled, managed way won’t just encourage organizational growth, but also go a long way to creating a far more palpable link between the functions of risk management, and the strategic growth and blueprints for success.

The rising level of education in risk management, through the work of universities, colleges, industry associations, and public and private sector corporations provides some level of comfort that the management of risk is being taken far more seriously, and there is a significant drive to professionalize the industry and encourage young, up and coming school leavers and graduates to consider risk management as a career. This is bound to have a knock-on effect by ensuring that risk management is not a new concept for employees entering the workplace, supporting an enterprise wide approach to risk, without the constant change management challenges.

So where are we going and when will we get there? Give me a minute, I’ll run it through my predictions app…