The document discusses the evolution of risk management, emphasizing the need for organizations to adapt to complex, interconnected risks in a rapidly changing global environment. It highlights the importance of organizational resilience, effective leadership, and robust risk governance to manage not only anticipated risks but also unforeseen 'black elephant' threats. Key questions for board members are posed, encouraging a strategic approach to risk that transcends mere compliance to enhance overall organizational performance.

1. The Fourth Revolution
Managing risk in a changing world
Are you a tenant or an owner?
Julia Graham
Technical Director and Deputy CEO, Airmic
Immediate Past President and Board Member, FERMA
5th April 2016
Moscow

2. The way ahead

3. World Economic Forum Global Risks Report 2016
Source: World Economic Forum Global Risks Report 2016

4.  Business becoming more global
 Pace of change increasing
 Increasing dependency on technology
 Greater connectivity
 Risks becoming more intangible and virtual
 Risks increasingly complex
 The balance of risks on the Boardroom table is changing
The "New Normal" is more sophisticated and challenging
The new normal

5. Risk at the corporation level
Source: Aon Global Risks Report 2015

6. The failed company
1. Board skill and NED control
2. Board risk blindness
3. Poor leadership on ethos and culture
4. Defective communication
5. Risks arising from excessive complexity
6. Risks arising from inappropriate incentives
7. Risk "Glass ceilings"
Source: Airmic, Cass and others - Roads to Ruin 2011

7. Resilience is about opportunity,
adaptation and evolution as well as
managing disruptions and crises
• Less resilient companies prone to failure
• Companies are more complex and
impacts materialise faster
• Companies cannot be expected to
address all risks
• Resilience for many means focussing on
operational issues, missing the more
strategic ones
Source: Airmic, Cranfield and others - Roads to Resilience 2014
The successful company

8. Exceptional risk radar to detect changes in the external and
internal situation
1
Diversified resources and assets to facilitate alternative
approaches and adaptation to change2
Strong relationships and networks, both internally
and externally3
The ability to respond rapidly and decisively to an
emerging crisis4
Review and adapt based on experience and changing
circumstances5
Source: PwC 2014
Principles of resilience

10. Why do so many organisations appear unprepared and
unresponsive when a crisis hits?
It’s all about the state of mind….

11. Risk Governance perceptions- before the crisis

12. The reality - after the crisis

13. Black Swans
• Black swans represent 'unknown unknowns'
• As such, how can you plan for them?
• But research shows that you do not need to
• It's not black swans which are the threat!
• It's ..............

14. Black Elephants!
• The black elephant was always in the (board) room
• But nobody saw it!
• Or if they did, they chose to ignore it
• But this black elephant had been visible to many within the
organisation
• And obvious to all once the crisis had hit

15. • Most risk failures are directly or indirectly a
consequence of inappropriate behaviours
• Effective risk governance is achieved through
the promotion of effective cultures and
behaviours
Culture and Behaviour

16. Spotlight on board responsibilities
• There remains a deep reluctance, or
‘executive myopia’, to see and contemplate
even the possibility that ‘unthinkables’ might
happen, let alone how to handle them
• Yet a majority agree that something of
seismic scale and significance now
challenges many assumptions that leaders
traditionally make about their abilities to
spot, identify and handle unexpected, non-
normative events
• Leadership has not necessarily failed when
judged by the qualities and skills that
qualified it for the top. But the world has
moved on dramatically

17. Questions for the Board
1. What does the concept of “risk management” encompass? Is this
the responsibility of select functions or an enterprise-wide
responsibility?
2. Does your organization see risk as an opportunity or a threat?
3. Is your approach to risk focused solely on compliance, or does it
provide strategic value that improves performance?
4. How confident are you that the organization is managing the risks
that really matter?
5. Do you know which risks, if managed well, will increase — or
decrease — the value of and results for your organization?
6. How do you know that you are getting the most from your risk
management strategy?

18. Implications for Risk Managers
• Risk leaders and trusted advisors
• Effective networkers
• Business focused
• Connected to the Top Management and strategy
• Recognised as risk professionals
• Knowledge and skills fit for the role

19. Fragmented
• Compliance focussed
• Silo approach with no
organisational process
• Operational viewpoint
on process risk but no
strategic or external
view
• Unclear stance on risk
appetite
• Static controls for
operational risks,
which do not take
account of changing
circumstance
• Partial treatments of
risk which consider
only some areas of
risk
Co-ordinated
• Reactive and responsive
• Risk process in place
across organisation
• Principal risks identified
• Risk coordination across
teams (H&S, BCM etc.)
• Working relationships
between departments
and functions
• Board involved at set
review points for sign
off, with little or no
structured discussion
Influential
• Proactive
• Cohesive process and
controls for all areas of
business
• Strategic and tactical
risks considered
• Principal risks identified,
with agreed mitigating
actions
• Board engagement
throughout risk
management cycle, with
board discussion of risk
and clear flow of
information
• Excellent relationships
and engagement across
functions
• Risk culture embedded
across organisation
• Clear risk communication
process
Leadership
• Proactive and insightful
• Integrated process
across all departments,
functions and levels
• Risk culture embedded
and measured
• Involved in all strategic
decision making and
business planning
• Integral business
function
• Future planning and
horizon scanning
completed
• Appropriate reward
structures in place to
ensure risk mitigation
achieved
• Monitoring and review
process in place for all
risk activity, including
annual effectiveness
review
Roadmap to risk leadership

20. • Ability to see ‘out of the glasshouse’ and to
engage widely with broad networks
• Ability to provide independent support for
the board through objective, fact based,
assessment and research
• Scope to assess "reputational risk"
exposures
• Scope to plan appropriate crisis responses
Tomorrow’s risk leader

21. Inputs
• Financial
• Manufactured
• Intellectual
• Human
• Social and
Relationships
• Natural
Consider:
- Supply and
demand
- Cost
- Availability
- Quality
Business
activities
• Strategy
• Processes
• Projects
• Incentives
• Distribution
Consider:
- Changes to
activities
- Process
- People
- Technology
Outputs
• Products
• Services
• Finances
• Infrastructure
• Intellectual
Property
• Brands
Consider:
- Supply and
demand
- Quality
- Consistency
- Distribution
- Distinctiveness
•
Outcomes
• Market Share
• Reputation
• Profitability
• Share price
• Customer
Satisfaction
• Sustainability
Consider:
- Stakeholders
- Risk and
reward
- Long-term
viability
Managing risk through the business model

22. Source: Mature Risk Management Drives Financial Results 2013
Mature risk management drives financial results

23. Organizations exhibiting mature risk
management practices - as assessed
with the RIMS Risk Maturity Model -
realize a valuation premium of up to
25%.
USING INTEGRATED RISK
MANAGEMENT TO CREATE
AS WELL AS PRESERVE
VALUE
Risk management creates value
Source: RIMS 2015

24. A four pillar structure

25. 6 Modules of examination
Choice between 3
optional modules for
advanced candidates

26. The choice of an ambitious technology
ID authentification
The system records pictures of
the test taker and his/her
photo-ID. candidates are
shown the pictures and asked
to confirm that the pictures can
be used to authenticate
identity.
Exam proctoring
The system records and stores
the video and audio from the
test session and generates a
video stream displayed on the
student’s computer screen