Thought Leadership - June 2019
In collaboration with McKinsey & Company, we interviewed 16 Chief Risk Officers from leading financial organisations to see how they are managing change.
During the last quarter of 2018, ORX and McKinsey conducted in-depth interviews with 16 Chief Risk Officers (CROs) from leading financial institutions, around the world. We wanted to understand how these CROs, from both banks and insurers, are meeting the challenge of risk-managing change.
Our results have been written into a detailed report which explores current approaches to the risk management of change. Download the report on risk-managing change, and the accompanying Checklist for Change, to find out what you need to be aware of in this emerging area of practice.
"The financial services industry is undergoing a transformation that is rapidly introducing new business models, new technology, new competitors, and, as a result, new risks. Not changing is not an option; indeed, it could be the biggest risk of all."
Risk-managing Change report
No consensus on how to risk-manage change
To what extent is change itself – both the process and the outcome – a risk that should be managed? And, if it should be proactively managed, then how and by whom?
There was widespread agreement among the CROs in our study that change risk is an issue, that it is rising in importance, and that it is a priority for most. There was less agreement on the best way to address this new challenge.
We had expected that the focus to be on how to keep up with the business. This was a concern, and many CROs are focused on helping the business grow and “change safely” by delivering the change strategy rather than just prioritising avoiding loss. Most felt their institutions have a clear view of how major individual transformation projects are progressing, and there is no great need to increase oversight here.
Instead, many CROs are focusing more on getting better at assessing and mitigating the risks that result from the effects and outcomes of these transformational projects – the “delivered risk” – rather than the risk of not delivering the project on time, to specification, or on budget – the “delivery risk”.
Content, concerned or active
No institution claimed to have a comprehensive worked-through approach to risk-managing change, but broadly, the CROs split into three groups.
Roughly a quarter are content with their existing approach to change-risk management. About half are concerned about their institutions’ change-risk management but are seeking to address these concerns by using and enhancing existing processes and practices. The remaining quarter represent those institutions that are most actively improving their change-risk management processes. These CROs are typically most concerned about delivered risk and are actively developing new processes and practices to manage it.
Learn how your peers are managing change risk
No one expressed any appetite to create a formal new discipline or risk silo with a new framework. They frequently argued that their portfolio of operational risk (also known as non-financial risk), is already fragmented enough. Nevertheless, all the CROs were curious to learn more about what their colleagues in other institutions are doing. The report, Transforming safely – the emerging practice of risk-managing change, should support CROs and other operational risk professionals in understanding the approaches of their peers.
By the end of this study, both ORX and McKinsey & Company were convinced that risk-managing change is an emerging trend. It creates a valuable opportunity for operational risk to become involved in an activity that influences the future operational risk profile, makes a real difference, and where risk’s contribution is valued by the business. It could even be that good change risk management will make the difference between those who transform safely and those who don’t.
Download the report
We’ve documented our findings in a report, Transforming Safely: the emerging practice of risk-managing change, and we've also created a Checklist for Change for organisations to use as an internal agenda of possible action points.
How prepared you are for change? Eight key questions
The Checklist for Change is a list of topics for you and your team to consider when addressing change-risk management. We created it after completing our study to help you see if you're ready for the challenge of risk-managing change. The checklist identifies the key questions you need to ask yourself and the business.
Disclaimer: ORX has prepared this resource with care and attention. ORX does not accept responsibility for any errors or omissions. ORX does not warrant the accuracy of the advice, statement or recommendations in this resource. ORX shall not be liable for any loss, expense, damage or claim arising from this resource. The content of this resource does not itself constitute a contractual agreement, and ORX accepts no obligation associated with this resource except as expressly agreed in writing. ©ORX 2023
Senior Board Advisor, ORX
People and Operations Director, ORX