Event wrap-up: Managing risk in global expansion

The latest instalment of StrategicRISK’s 2016 Asia-Pacific Risk Forum Series was held in Melbourne recently, focusing on managing international risk from the chief executive to the supply chain.

The day kicked off with a presentation on identifying and managing international risk by Will Gurry, director of risk and assurance at resources and energy giant WorleyParsons.

Gurry was the perfect person to discuss this issue and provide some real-world case studies, as his organisation not only operates in many high-risk areas but also engages with joint ventures, agents and contractors around the world.

He explained that risk management was central to the transformation of WorleyParsons from an Australian business to a global one. WorleyParsons began its overseas expansion in Asia in the eighties, “taking opportunities as they cropped up”, as Gurry put it. “It was very different to the formality and protocol that we have today,” he said. “But it was risk management by management at its best.”

He explained that while the company’s business was 70% domestic in 2004, it was now only 12%. “It is now a truly global business employing 28,300 people in 134 offices in 44 countries,” he said. Gurry added that international risk was “so pervasive in everything we do” that WorleyParsons didn’t categorise international risk differently to any other risk area.

When asked how risk managers should manage the optimism of business development people in their firms and not be considered an impediment to growth, Gurry said it was best to “facilitate rather than dictate”. “That is, helping risk owners to determine whether the risk is acceptable to them,” he explained. “We are trying to be more of an enabling institution rather than a handbrake, but it’s hard.”

There’s “very little that we say no to as a business”, Gurry said of WorleyParsons. He clarified this to mean that, while conservative, his firm allowed its “business development guys to seek out opportunities, they are not allowed to commit the company to anything”. “We need board approval to do that,” he said. “We have walked away from contracts or not bid for contracts where there was a misalignment of views that created unsafe situations.”

A sustainable and repeatable model was required to cope with growth through acquisition as well as organic growth through entry into new markets, Gurry said. “The organic growth is really where we have to deal with the consequences of international risk,” he added.

Gurry pointed out that his firm and many others used eternal providers such as Control Risks to help inform decisions relating to geopolitical risks. This proved to be a good segue to the next speaker, Cory Davie, who is managing director, global client services, at Control Risks.

Davie spoke about the key political risk issues in 2016 and listed Control Risks’ top risks for the year ahead as ‘terrorism’, ‘cyber’, ‘China’, ‘European Union’ and ‘losing perspective’.

On terrorism, she saw the main threat drivers as Islamic State setbacks, Jihadist competition and foreign fighter dynamics. Foreshadowing this week’s Brussels attacks, Davie said: “We’re going to see more high-impact, high-profile terrorist attacks, such as the recent Ankara and Ivory Coast attacks.”

Davie also pointed to a persistent ‘lone wolf’ threat in West. “More soft targets and active-shooter style scenarios will encourage aggressive police response,” she added. “So, as businesses, you have to prepare for responses such as no more negotiating.”

Control Risks expected to see about a 30% increase on cyber attacks on hardware systems in 2016, Davie told the audience. She provided examples such as German steel factory and Ukrainian power grid attacks “targeting the system, not the data”. Davie pointed out that Australia was tied with South Africa at the top of the global list for vulnerability to ransomware attacks, according to Control Risks analysts.

On China, Davie suggested that while the traditional risk assessment was that slowing growth and reform were the big ticket items, the Control Risks assessment indicated that “politics do matter again”. Davie also said that Control Risks forecast “lots of aggressive enforcement of some very vague laws, but we expect clarification on a number of laws, such as bribery and corruption”.

On the topic of risk management, Davie said that appropriate threat and risk identification was important, but that firms should be wary of what she called “shiny new risks”. “Board members watching the news is scary,” she said. “What they bring up at meetings [must be judged by] what is really a risk, [and] what’s the value/likelihood to your business?”

Furthermore, Davie cautioned against turning a blind eye to facilitation payments. “If you need to have a person as your main contact who gets paid, or bribed, you don’t want the deal,” she said.

The AIG and XL Catlin-sponsored event formed part of StrategicRISK’s 2016 Asia-Pacific Risk Forum Series, which will continue across the region throughout the year.