In March, Mark Robins (IRMSA Exco member and Senior Vice President of Risk at AngloGold Ashanti) delivered presentations at the IRMSA Breakfast Presentations in Durban, Cape Town and Johannesburg. Speaking in his personal capacity, Robins challenged risk professionals to not only re-evaluate their risk processes but to find creative ways to better engage stakeholders and to make Risk Management practices a ‘way of life’ in their respective businesses.
Robins started his talk by exploring factors affecting business such as the Global economic meltdown and labour unrest in South Africa. He then looked at the risk management approach which places emphasis on corporate governance and risk reporting. This, coupled with the company’s ability to identify and manage incidents was the older approach in evaluating the competency of the Risk Management function.
The newer approach, which is also based on ISO31000 principles, places more emphasis on Risk Management’s ability to inform strategy, deliver on business plans and ensure that the process meets corporate governance demands and board expectations. Robins believes that this newer approach can be achieved by entrenching Risk Management best practices at every level of the business.
Applied correctly, the process is likely to also unveil new opportunities that can be exploited by the company. He notes though that the key huddle is to develop and maintain a strong ‘risk awareness’ culture that is ably supported by a competent Risk team. In this way, there is certainty that risk mitigation actions are implemented and opportunities are exploited.
The new approach also requires a commitment to make risk registers a ‘live’ database of relevant information can be used by the company, at both divisional and group levels. "Unfortunately, the previous approach of risk was largely compliance driven, managed in silos and autonomously. The newer approach is strategy focused; where strategic risk defines the ‘governance-risk-compliance’ linkage and process application”, explains Robins.
According to Robins, the ten critical success factors to the new Risk approach are:
•Top level support and sponsorship
•Right seamless and integrated process determined via benchmarking
•Definition of policy and minimum standards
•Full definition of all accountabilities
•Appointment of competent risk champions
•Effective risk analysis, management and reporting
•‘Live’ information risk register
Furthermore, he recommends that going forward there should be concerted effort in integrating the risk process into every aspect of the business and removing ‘silos’. "There has to be a ‘seamless’ link with other core business systems in order to align their role with strategic goals. The process can be structured such that it is bottom up, lateral and top down,” says Robins. In addition, the updated risk registers have to be regularly updated and made available to all stakeholders.
Other enhancements could be to include an external view of risk, supported by a continuous and global benchmarking process. The risk owner has to be available for consultation in order to understand manner in which each discipline and area of business assesses and manages risk.
"A word of caution though is that Risk Management can quickly become overly complicated and the key challenge is to keep it simple and focused. Clarity and accountability by the functional owners as well as the ability to learn from incidents can help the company to better predict and anticipate issues of the future,” adds Robins.
Risk expects have to focus on building trust and have the right balance between being firm and being amenable. Ultimately, successful Risk Management is about enabling the organisation to meet its objectives and the risk function is central to this.