Effective risk management requires strategic collaboration with the board. But this remains easier for some than others. Risk must professionalise, says Typhaine Beaupérin, to be taken seriously.
For more than seven years, Typhaine Beaupérin has steered FERMA as its CEO through a rapidly evolving risk landscape.
This has been characterised by an explosion in cyber security attacks, heightened nat-cat incidents, increasingly interconnected supply chain exposures and, of course, COVID-19.
There’s no denying that we’re in a new era of polycrisis, but Beaupérin suggests that one bright spot is that organisations are now taking risk management far more seriously.
She explains: “Definitely the risk landscape has evolved, but for me what this has driven is more of a focus on these risks than there was seven years ago.”
“Since globalisation, there’s been an increase in dependencies and the level of interconnection between different risks. And people are more aware of all these risks, many of which are actually not new, but which are changing in frequency and in severity.”
”Companies know that they must be resilient, and they have to invest in all the elements that can support this aim, and risk management is one of them”
“At board level, such risks are regularly on the agenda. There is more awareness by companies of the need to anticipate and be agile in response to unforeseen events that can severely impact parts of the organisation and result in significant financial loss.”
“They are experiencing it and they are willing to invest in new capabilities to enhance their overall ability to withstand adversity and bounce back, because for them it’s the licence to operate that is impacted.
“Companies know that they must be resilient, and they have to invest in all the elements that can support this aim, and risk management is one of them.”
Board scrutiny
This increase in respect for the role of risk management in managing uncertainty does mean that the profession is gathering increased C-suite attention.
This has been accelerated by recent crises in the financial sector, such as the Silicon Valley collapse, which demonstrated the importance of having a chief risk officer on board.
”Risk managers need to look at all the objectives of the company, and how to support their delivery”
Beaupérin says this scrutiny at the board level means the risk management industry needs to ‘professionalise’, with risk managers taking the opportunity to demonstrate how they can add value to decision-making processes.
Beaupérin says: “Risk management will achieve this strategic step up through driving greater collaboration. You need to leverage the enterprise-wide view that the risk manager can bring.
“Risk managers need to look at all the objectives of the company, and how to support their delivery. Some risk managers are doing this already and that’s why we want to invite them to share their examples of good practices with others who are eager to learn and to develop their risk function.”
Professionalisation of risk
FERMA research shows that the profile of risk managers differs significantly from firm to firm. About a third of the sector is focused solely on insurance buying, a third is responsible for enterprise risk management (ERM), and a third does a mixture of the two.
For risk managers that are struggling to get the attention of the board and want to move into a more strategic ERM role, Beaupérin suggests learning from other CROs who’ve already made the jump.
”Look to demonstrate the value you bring on key projects of strategic importance for the company”
In particular, she says finding small ways to show their worth is critical.
“If a risk manager has a willingness to do more and to be more strategic, the question is ‘where can I start?’ and it’s a long process. If you don’t have the mandate or the responsibility, you might want to begin by looking at those risk managers who have been successful.
“Look to demonstrate the value you bring on key projects of strategic importance for the company. Start small and then look to collaborate with other departments in order to develop relationships and show what you can bring.”
Looking to the future
Cyber risk and climate change are two key priorities for Beaupérin.
From a cyber risk perspective, she has two clear goals: first, advancing cyber risk governance to identify and manage cyber risk effects from a business standpoint, and second supporting risk transfer to financially mitigate the exposures.
She says: “There are some concerns that risk managers are not getting what they want, either because of the price, the coverage or because there’s not enough capacity. So we need to address that.”
When it comes to climate, Beaupérin says the priority is raising awareness of the severity of climate change. This means educating on the need for businesses to reduce financial losses due to nat-cats and for the risk management profession to improve resilience in the face of increasing disaster risk.
”HR personnel will have to work together and we will inevitably see the development of a stronger, more regular relationship”
Looking longer-term, Beaupérin says that two key emerging risks are secondary perils and human-related risks, both of which are keeping risk managers up at night.
“There is no crystal ball, but what we hear from risk managers is that every primary cause has a secondary impact. To be more specific, we see growing concern about cyber attacks causing physical damage or bodily harm, for example, or how installing solar panels might alter the overall risk profile of a company or building.
“Another key concern is the human resources component. During the pandemic, we focused on the future of the working environment, and the increased focus on finding and retaining talent.
“That’s high on the agenda for companies at a strategic level. Risk managers and HR personnel will have to work together and we will inevitably see the development of a stronger, more regular relationship in place of an ad-hoc one.”
No comments yet