How to foster a risk-intelligent culture in an era of uncertainty

Audit Partner, Niall May, featured in Business & Finance Magazine with an article on risk management. Niall offers insight on why it is critical that business leaders change how they manage risk and tips on building a risk-intelligent culture. 

"In this era of uncertainty, building a risk-intelligent culture will help organisations weather the worst storms and still come out on top."



The role of risk management within a business has undergone dramatic changes in recent years.

Today, risk management is seen by many as a key enabler of growth and profitability whilst it is also considered a tool for value addition in forms of assurer, assessor and advisor.

Since the global financial crisis, the regulatory and business environment has become more complex, volatile and unpredictable. The planned exit of the United Kingdom from the European Union and the potential that the US may renegotiate trade agreements have increased the geopolitical risks. In addition, Financial institutions have faced a significant amount of new regulatory requirements which have driven up compliance costs, whilst increased capital and liquidity requirements have reduced returns.

As a result, financial institutions need to decide if they will continue with business as usual or rethink their approach to risk management.


Opportunity for change

To date, a lot of companies have implemented several processes and systems as a reaction to the new regulatory requirements rather than taking a coordinated and holistic view. In many cases this has resulted in a disjointed and inefficient structure. In addition, legacy risk technology, infrastructure and the difficulty in gaining access to timely, accurate and aggregated risk data, creates complexity and additional cost.

The new environment provides an opportunity for companies in the financial services sector to transform how they manage risk to become more efficient and effective. This requires companies to identify opportunities related to strategy, people, the three lines of defence model and technology in a coordinated way.

Emerging technologies including robotics, AI, data security, blockchain and social collaboration are expected to fundamentally transform risk management.  In addition to substantially reducing operating costs, these and other technologies can provide risk management with new capabilities, including building controls directly into processes, prioritising areas for testing and monitoring to ensure the risks to the companies are appropriately managed.

If the emerging technologies are implemented in the correct way, they can also help offer foresight into emerging risk issues.

As companies plan for the new era of risk management, it is critical that the Boards of these companies support management to develop a holistic approach to risk across the business. The following key activities should be considered as part of an integrated strategy:

  • Articulate the information needs – The issue is not lack of information but too much information. Boards need to communicate to executive management teams the information they need to properly govern and oversee risk. The Board needs to understand the likelihood and impact of actual risks, expressed in a common language.
  • Develop the capability to view risk across functional barriers – Boards need to have visibility of the risks across the business to gain a holistic view. This will require the risks to be presented in an integrated way so they can be prioritised, and resources allocated appropriately.
  • Encourage businesses to see and work beyond silos – As risk should be managed in an integrated manner, the relationships and interdependencies among risks across functions must be understood from an enterprise perspective.
  • Link risk taking to performance – Linking risk management and compliance together can restrict growth and innovation. Boards should encourage management to identify and manage strategic risks so as to achieve growth and profitability whilst protecting value.

Risk management continues to evolve, and in the future, it will involve business units having clear ownership for the risks they take.  A high performing Risk Management function must collaborate closely with businesses to act as a centre of excellence in analytics and de- biased decision making.


The optimal Risk Management function will have:

  • Full automation of decisions and processes with minimal manual interventions
  • Increased reliance on advance analytical models
  • Close collaboration with businesses and other functions to provide enhanced regulatory preparedness
  • Strong advocacy of corporate values and principles supports by a robust risk culture that is clearly defined and reinforced
  • An effective talent pool


Companies that fundamentally transform how they perceive and manage risk will become more dynamic and capable of responding to new developments. This is critical if the risk management function is to:

  • Play a vital role in the company’s strategic making process
  • Expand risk management capabilities through all three lines of defence
  • Recruit and retain talent with the tight risk management skills and experience
  • Be agile to react quickly to new developments including regulatory ones
  • Leverage emerging technologies on an ongoing basis to proactively manage risks


As featured in Business & Finance Magazine, December 2018