In the recent white paper, Our strategic vision for operational and non-financial risk, we outline strategies for developing innovative risk capabilities and insights. This initiative will require new resources and creative thinking, but it is essential for ONFR to genuinely enhance its value.
There are five elements to this layer of successful ONFR management
1. Bringing the outside in
In the future, ONFR will play a major role in bringing outside risk information in, expanding
the scope of automated data collection, analysis and monitoring. This data will come from the
ecosystem (partners, third parties, etc.) and the wider external environment such as economic
change indicators, geopolitical evaluations, regulatory sentiment reports, etc., to help identify and
manage outside-in risk.
2. Managing change safely
Over the past five years, firms have devoted increasing resources and capabilities to change-risk
management. Risk leaders have been trying to understand the risks of delivering change and
the impact of those changes on risk. This is an area where new capabilities are needed. Some
firms are already mandating change-risk managers to be single points of contact for fast-moving
projects and to make judgement calls.
3. Seeing and managing emerging risk early
As the pace of change increases, the emerging risk horizon moves closer. This makes it both
harder and more important to identify new threats. Today, much of the focus is on identifying
headline threats. This is important but needs to create traction for action. We expect more
effort to be expended on building emerging risk into strategic decision making, identifying future
threshold triggers for action and on building the capabilities to respond quickly.
4. Managing “whole risk” impact
ONFR practice has evolved focusing on the direct financial impact of events. Yet, as we have seen,
a digital business environment amplifies the importance of reputation, data and technology as
assets, the value of which is hard to quantify. As ONFR moves forward, the impact on these areas
must be a priority for the risk function. Few players have made significant progress with this;
those that have focus mostly on reputational and customer impact, which is far from easy given
that impact can be erratic and heavily dependent upon context and timing.
5. Connecting the dots
It is a critical strategic challenge for risk managers to break down the barriers and develop a
single view of risk to the business. To date, solutions have focused on aggregation, i.e., breaking
down institutional barriers and data silos, standardising impact metrics and aggregating reporting.
Moving forward, solutions may focus on interconnections and concentrations of risk. Greater
access to data and new technology may accelerate progress here. Simply, risk needs a better
answer when the board asks, “What are our top 10 risks?”.
"ONFR needs to be managed at scale, at speed, and deliver new insights and capabilities to the business."
Our strategic vision for operational and non-financial risk
