The changing face of risk management

Written by Matt Roberts Wednesday 15 September 2021
A risk management expert and CMI Companion reveals how the pandemic has changed what we need to plan for
Matt Roberts

The pandemic has caused individuals and their organisations to constantly assess and manage new risks. It’s an area of particular expertise for Valerie Dias CMgr CCMI, who was chief risk officer at Visa Europe and now holds non-executive director roles at Hastings Direct, Monzo Bank, financial services firm Elavon and insurance broker Aston Lark. Valerie has also just completed a stint on the CMI Board of Trustees where she chaired our finance and audit committee, and she kindly joined me for our latest Better Managers Briefing, to share her views on how the pandemic has changed the way in which we think about risk management.

Watch our conversation and read the summary below.


Shape-shifting risks

Few business continuity or resumption plans were prepared for the world in which we found ourselves 18 months ago, says Valerie. The most common risks ranged from people risk, revenue sustainability and capital and liquidity risk to operational resilience, conduct risk, customer harm and fraud risk. “Many of the main risks were still there, but they changed the way they manifested themselves,” she explains. “Management and boards have had to be focused on the short as well as the medium term, which has necessitated a lot of changes and adaptability. But I was amazed by how all the boards I sit on focused on their people and how to help and support them to adapt to the new environment, whether that was handing out laptops or supplying office chairs, or giving as much thought to people’s mental health as their physical health. People risk has been at the forefront of most organizational thinking – and I think they have, for the most part, handled it well.”

Multi-dimensional risks

Most organisations – particularly those whose revenues took a hit – hunkered down, concerned with the short-term management of their business plans as they dealt with the here and now, says Valerie. They shrunk costs or furloughed staff, ceased some of their usual activities or found shortcuts and workarounds. But with that came added risks such as security, cybercrime and fraud. “In my executive career, we carried out lots of business continuity testing but it was usually one-dimensional, such as what happens when one site or one server goes down,” she explains. “But we have seen in the last 18 months that just about everything changed… and it changed overnight. So we have learned that we need to adapt on a multi-dimensional level and that this is the new norm. We also need to consider that while our own businesses may have handled the pandemic well, third parties, such as suppliers or the companies to whom we outsource, may well have been impacted differently. Once we come out of this pandemic, we may find that some will fall by the wayside because they do not have sufficient capital or liquidity. And if we are relying on them, then we need to consider what our different points of failure might be.”

Hybrid working risks

Hybrid working may well become the new normal, where people have greater choice on whether they come back into work or work from home. But managers will still have businesses to run, warns Valerie. “So, managers, executives and boards will need to think carefully about how they develop the potential of their staff, when previously most of that activity was done face to face,” she says. “We also have to consider their mental health, because while many of us have infrastructure and people around us, others are introverted or working alone at home.” Valerie’s personal preference is asking people to work in the office at least once or twice a week. “It means they have an opportunity to interact with others, get ideas from talking to others and enjoy a greater level of discussion than they might do at the end of a phone. But it’s something managers will need to consider carefully.”

ESG risks

The EU’s Sustainable Finance Disclosure Regulation (SFDR), which came into effect in March, is likely to lead to greater corporate reporting of environmental, social and governance (ESG) risks – for large firms, the deadline could be as early as next year. But for Valerie, ESG is not just about risk management. “It's about businesses managing with strong awareness about their culture, about doing the right thing and having it in their DNA,” she says. “So governance, for example, is how we ensure we pay our people appropriately, that we have the right level of diversity and inclusion, that we have robust internal controls, a zero tolerance on bribery and corruption, that our board structure is balanced by ethics and culture. If we’ve got gaps, that’s where the risk management comes in as we challenge ourselves on what we are doing to mitigate risks in the short term while we get our act together.”

Matt Roberts

Matt Roberts

Matt Roberts is CMI's director of membership.

Don’t miss out - get notified of new content

Sign-up to become a Friend of CMI to recieve our free newsletter for a regular round-up of our latest insight and guidance.

CMI members always see more. For the widest selection of content, including CPD tools and multimedia resources, check out how to get involved with CMI membership.