Upgrade to receive CPD certificate + full access

Learn More
UPGRADE
RISK AWARENESS WEEK 2024 RISK AWARENESS WEEK 2024

5 Concerns for Risk Managers in 2024 and Beyond

business meeting

It is that time of year again. We will soon start seeing the top 5, 10, and 100 risk lists from every broker and consultant on the planet. Let me guess: It will say something like geopolitics, interest rates, cyber, and logistics. Boooooring. I wanted to take us in a different direction. Here are 5 things risk managers really should be concerned about yesterday, today, and most likely tomorrow.

Being Excluded from Planning and Decision-making

By far, the biggest challenge risk professionals need to overcome is convincing the decision-makers to allow risk views to be heard at the table and inviting risk managers to make the decision. Most business processes involved in planning, forecasting, budgeting, decision-making, or performance management have been inherently designed to ignore uncertainty.

Open most books on strategic planning, guidelines for budgeting, or procedures for performance management, and you will be amazed at how risk is almost never mentioned or seen as a parallel afterthought. Management disciplines are deterministic, not stochastic, which means pretending there is a single predictable future as opposed to multiple uncertain futures. To most decision-makers, the value of risk analysis is not obvious.

So, what risk managers need to be concerned about is how to get involved in important decisions, justify the time and effort required to perform risk analysis, and convince decision-makers to use the outputs in their decisions.

Often, this will require significant process reengineering. I did it for insurance, procurement, investment decisions, strategy, operational risks, and maintenance. Every time, it is a different story; what worked in one organization didn’t in the next; it is a constant reinvention. Book a quick chat and ask me how, or just watch one of the videos I recorded for the RISK-ACADEMY YouTube channel.

Being Unable to Produce a Timely Quant Risk Analysis

The next big concern is delivering once the risk manager is invited to the decision table. In fact, being concerned about not having the right competencies is often the roadblock preventing many risk managers from asking to be at the table in the first place and settling for mindless risk list reporting and risk register updating.

There are four options that I can think of to overcome this concern:

  • Hire a quant to join the risk team (this is what I did in my previous job)
  • Outsource the quant and model building (this is what I do now)
  • Use software that has a solid quant methodology behind it, where someone already did the hard math for you (Archer Insights does that)
  • Upskill and become a quant (RAW2024 is a useful starting point for this)

Selling the promise of valuable risk insights is hard, but not being able to deliver on the promise is even harder. Sometimes, getting people in the room and getting them to talk and share is enough to generate insights, but the real value, savings, and groundbreaking ideas come from a comprehensive risk analysis that cannot be done qualitatively. This brings me to the next point.

Model Error

This is what any risk manager on the planet should be concerned about, but clearly isn’t. Risk management methodology and frameworks almost feel like they are free for all. So many books have been written about the personal experiences of a single risk manager or a specific company. And, naturally, every consultant has their own unique methodology.

Last year, just for fun, I went around the markets asking for backtests to see how well the methodologies actually performed. Imagine my surprise when most companies not only couldn’t produce them, they never even heard about it. Sarcasm.

Anyway, model error is a title I used to describe the performance of risk models, methodologies, and approaches. And this is something any risk manager should be very concerned about. Because, surprise, surprise—most of the ideas behind common things like ERM, ESG, or common techniques like heatmaps have actually been proven to add so much error that companies are better off not doing any risk management at all rather than using them. Not my words; quoting from a published research.

Good risk managers back-test their models and are very transparent about the limitations. For example, I know some of my models work at CI90% and don’t work at higher confidence intervals. You want methodology and software that can share back tests.

Decision-makers Ignoring the Results of the Risk Analysis

Another huge concern is that decision-making is still human. This means that no matter how good or useful risk analysis is, in the end, it is a human being who makes the decision—a human being with its own risk appetite, perception, biases, and preferences. To add fuel to the fire, behavioral economics research tells us that when faced with the choice to do something about risks or do nothing, many people will go for the option that requires less effort.

The math behind risk analysis is usually pretty straightforward and consistent. However, how you package the conclusions depends on the decision maker. I, for example, spent a lot of time and effort figuring out how to best present outputs from risk analysis and how to use software to build dashboards that drive decisions.

Focusing on Too Many Risks

A risk management team has a limited bandwidth, so the decisions they get involved in and the type of risk analysis they perform have to be carefully selected. My personal risk implementation worked best when I was allowed to have a narrow mandate with specific risks that we focused on.

All other risks were managed by the risk owners or 2nd line responsible for these risks, who always had the option to reach out to my team for methodology advice. For example, I couldn’t dive deep into cyber risk, and it was the responsibility of the IT department.

To get real value and savings from mitigating a risk, one needs to really deep dive into the topic. Weeks and months of building models and running simulations. I call it STANDARDIZED and ADVANCED approaches to risk analysis and talk about it at RAW2024. Most risks should be covered by the BASIC approach, only a few by STANDARDIZED, and only a handful by ADVANCED.

Elevate and innovate with RAW2024! Join industry pioneers in redefining risk management with AI-powered strategies designed for immediate impact. Sharpen your skills, expand your network, and take charge of making your risk team well-prepared. Register now to be part of the transformation and step confidently into the future!

Talk to our AI risk management advisor 👋 🕵🏽‍