Interview: Andy Bulgin, Chief Risk Officer

Global World


How is risk management changing and what new challenges does the world today present?

The world is becoming increasingly interconnected and volatile, while issues are developing at a much greater velocity than ever before. This means the risk manager must be looking ahead even more frequently, forecasting potential impacts and looking at ways to soften those impacts. One key challenge is how to filter the overwhelming amount of knowledge available to ensure we have the right information to support the businesses we work in. We also have to make sure that what we deliver is relevant to our organisation and facilitates our overall strategic objectives.

This is influencing the profile of the risk manager. Many risk managers today come from senior non-risk positions and have broad business backgrounds, which is essential if they are to grasp the bigger strategic picture. I think this trend will continue.

Risk and opportunity are intrinsically interlinked. Tell me about this… is there a risk of not adapting quickly enough to a changing world?

We are seeing an increasing focus on the upside of risk. Risk managers can no longer simply be ‘nay-sayers’ – they have to be business enablers. They have to have a full understanding of their business not only to avoid potential pitfalls but also to help improve overall performance. Yes, we have to recognise that we operate in a highly regulated environment and work within compliance
parameters, but even there, we have the potential to generate business advantage. There is always a risk of not adapting quickly enough – particularly given the rate of change. To keep pace we need to focus on real time reporting and market intelligence. Our role is not simply to compile risk registers, but increasingly it is about knowing what is happening in the world and how we can adapt
to that better than our competitors.

Future gazing is increasingly important for any major global organisation. Looking ahead what do you think will be at the top of the risk agenda over the next decade?

Future gazing is part of risk management best practice. If you look at the FRC 2014 Corporate Governance Code, there are numerous references to the importance of horizon scanning. Boards are now very much focused on what lies ahead and we have to facilitate that discussion. In terms of the risk agenda, cyber remains a concern, although we will probably reach a point where the evolution of cyber standards should mean that most organisations are much more resilient. Speed of disruption is also a big issue – industries can be brought to their knees almost overnight by new technologies.

Geo-political instability and the re-drawing of borders will be a key issue, particularly for those organisations with a global supply chain; while the movement of people and the growth of cities will also be a challenge. Terrorism will also remain a threat, and we must accept that at some point there is likely to be an event much greater than anything we have seen to date.
As a risk manager, you cannot perfectly predict the future, so you should focus on perfecting, as far as possible, your incident response capabilities, particularly communication. The digital age in which we live makes the need for immediate, appropriate response even more vital.


June 2016