Is Your Risk Team the Slowest Cog in the Machine?

August 16, 2021

Written by Prince Shonhiwa and his team Principle Specialist: New Business Risk Vodacom South Africa

Change is always a constant that businesses must contend with, and the pandemic that decreased South Africa’s GDP by 7% in 2020, highlighted just how important a business’s agility and speed of execution in responding to change is.

As businesses forge forward on their way to recovery from the pandemic, the challenges will include the effects of macro-environmental factors such as, disruptive technologies, hyper-competition and the effects of globalisation. Many will be forced to enter new markets, change their business models, and offer new services – and do all this at accelerated speeds.

Risk Managers will find that they will be required to support these business priorities under conditions of very limited time, with very limited information and with ever increasing degrees of uncertainty as business explores different growth strategies.

Business becoming Agile:

Business will need to adopt Agile practises for managing and delivering projects that will enable them to deliver projects quicker and more efficiently.
Agile practices, which are founded on the principles enshrined in the Agile Manifesto aim to deliver requirements iteratively and incrementally with shorter delivery cycles, thus enabling businesses to get to market faster – compared to traditional approaches – which has a positive impact on the bottom line and the competitiveness of a business.

Un-Agile risk management:

The challenge for risk managers is that the adoption of agile practises in their organisations often does not prioritise how assurance functions are integrated into the accelerated project delivery processes or how risks are managed within such projects. Common tell signs that your risk team is not part of the agile transition agenda include:

  • Risk managers are not a part of the project delivery squads driving new initiatives.
  • Risk managers do not have the latest and up to date information on new initiatives.
  • Risk managers’ feedback is considered slow and delaying the project.

These indicators are signs that the risk management function may not be considered an ‘agile’ enabler that can support change and innovation. For risk management executives this a clear call to ‘adapt’ your approach to the agile philosophy rather than simply attempting to apply traditional practises to this new way of working.

Risk Management geared up for change – Here are 4 tips for risk managers to adapt an agile mindset to supporting their business to change rapidly.

  • Influence the strategy – agile organisations excel at rapid execution and will change and adapt incrementally based on the close feedback cycles. Operationally these changes will be frequent but strategically not as much. Risk Managers must begin to influence higher, and earlier at the strategic level especially during the planning stages of projects. If key risks are identified earlier and at the right level, it becomes easier to manage them at project delivery stages.
  • Enable a fast learning environment – as businesses explore new growth strategies a lot of efforts will be exploratory seeking to validate needs and demand. This is the nature of innovation. Risk Managers must support the business to learn fast in order to minimise current risks and potential future risks. This is done by ensuring that the points of validation & uncertainty are clearly mapped and linked to feedback mechanisms. Most importantly the learnings must feedback into future initiatives. By creating a learning organisation that iteratively learns the management of risks is continually improved.
  • Create safe learning spaces – business exploration which is important for growth will have an inherent potential for failure and depending on your operating environment the consequences may be severe and outside of your organisations risk appetite. Risk Managers must support the spaces by ensuring that the nature and area within which experimentation will occur is understood and accepted as a tolerable risk for the business balance with returns traded for the risk. Risk should make business comfortable with the taking risk in pursuance of strategic goals.
  • Leverage the best available information – Project delivery teams will worker closer together meeting more frequently and as a result will have access to the latest and best information. Risk Managers who will often be shared functions will not have the benefits of this advantage. Risk Managers will need to revise their engagement processes by leveraging the power of technology and agile practises. This can be achieved by integrating into the same communication platforms that projects teams use. This will enhance the quality of information risk managers have, and shorten the feedback cycles. Another good practise is to engage in cadence session with project teams for regular communication.

In conclusion

As organisations increasingly adopt agile practises, it transforms their business. The need for speed must be balanced with robust risk management. Risk managers must embrace the agile shift and ask themselves How do we become an agile risk function? How do we support in building an agile organisation? Because now more than ever risk management is needed as the trusted partner in navigating uncertainty.

Written by

Prince Shonhiwa and his team
Principle Specialist: New Business Risk
Vodacom South Africa


Communication of risk to internal stakeholders under agile project management in a South African telecommunications organisation, Wits, P. Shonhiwa, (2019)
Risk Management in Agile Projects, ISACA Journal, Alan Moran, (2016)
GDP: Quantifying SA’s economic performance in 2020, Stats SA, (2020)
Manifesto for Agile Software Development, (2001)