Looking back over the past five editions of the IRMSA report, it is disappointing to see that so many risks have materialised.
Disappointing because, first, the South Africa and Industry risk profiles have remained largely the same and most of them materialised over this period − so the risks were well known and yet the risk responses were overall ineffective, says Christopher Palm, chief risk advisor at IRMSA.
The risks − which include unemployment, fraud and corruption, income disparity, and failure of governance − have not just already materialised, they have actually deteriorated, for example unemployment.
Looking ahead, risks that are making its way onto the South African and Industry risk radar are climate change, which has sporadically been included on South Africa’s risk profile, social disobedience, and pressure on South Africans’ Chapter 9 institutions, which include the Public Protector and the South Africa Human Rights Commission.
‘South Africa needs effective Chapter 9 institutions which uphold and enhance democracy on our behalf. IRMSA believes that a strong, ethical and independent leadership that visibly holds key role players accountable within the roles they have been voted into, is needed,’ says Palm.
While the risk profession in South Africa isn’t lagging behind its international peers, board members, executive committees and CEOs of South African organisations should expect more from their risk managers.
This is however a ‘tango’: business must actively involve their risk managers (not just expect of or enable them to tick the boxes) and to be actively exposed to the business-critical information so that they can bring value to decisions.
‘Internationally, a risk manager will not be appointed if they cannot add value to the organisation’s performance. Risk managers are expected to confidently comment on the strategy and performance of an organisation and contribute to the company’s agility by delivering quality, timeous and relevant information. Local companies should demand more from risk managers, and we should deliver,’ says Palm.
‘For example, a risk manager with quantitative analytics skills who takes this approach can be more predictive and support the business’ strategy with alternative futures, which will lead to better decision-making. If businesses know what their options are and these options have been quantified, it gets easier to make the right decisions.’
He says the risk manager who adds the most value to an organisation’s performance is the one who has accepted the notion that risk is about the future and that uncertainty is not confined to a risk register but that the integration of strategy, risk and resilience is a critical next step, if not already adopted.
Reflecting on the risks that have materialised over the past five years, many things have to be done differently. The first is ethical leadership, accompanied by pervasive and persistent accountability and consequence management. A very critical paradigm shift required by leadership is that risk responses that were effective in the past are not guaranteed to address the risks and opportunities of the future,’ says Palm.
Thriving in a dynamic environment
Palm concludes by saying there are three key requirements for companies to do more of the good and less of the bad, and to grow resilience to thrive in an ever-changing landscape.
‘First, everyone needs to start talking about strategy, risk and resilience. Second, we need to clearly understand who our stakeholders are, the rules they play by, and the context in which this will happen. Finally, organisations will need more agility and robustness in their governance processes,’ he says.