CIOAdvisor Apac

  • Home
  • Conference
  • Newsletter
  • Whitepapers
  • News
  • Subscribe
  • About Us
  • Specials

  • Menu
      • Application Security Testing
      • Artificial Intelligence
      • Augmented and Virtual Reality
      • Backup and Storage
      • Blockchain
      • Cloud
      • Contact Center
      • Data Analytics
      • Digital Marketing
      • E-Invoicing
      • Ecommerce
      • Emerging Technology
      • Enterprise Mobility
      • GIS
      • Govt Tech
      • Human Capital Management
      • Human Resource
      • IoT
      • ISP
      • IT Service Management
      • Leadership Development
      • LMS
      • Logistics
      • Machine Learning
      • Machine Vision
      • Managed Print Services
      • Marketing Technology
      • Mobile Application
      • Parking Management
      • Payment And Card
      • Risk Management
      • Robotics
      • RPA
      • SDN
      • Staffing and Recruitment Services
      • Telecom
  • Cloud
  • Contact Center
  • GIS
  • ISP
  • Logistics
  • Machine Vision
  • E-Invoicing
Specials
  • Specials

  • Application Security Testing
  • Artificial Intelligence
  • Augmented and Virtual Reality
  • Backup and Storage
  • Blockchain
  • Cloud
  • Contact Center
  • Data Analytics
  • Digital Marketing
  • E-Invoicing
  • Ecommerce
  • Emerging Technology
  • Enterprise Mobility
  • GIS
  • Govt Tech
  • Human Capital Management
  • Human Resource
  • IoT
  • ISP
  • IT Service Management
  • Leadership Development
  • LMS
  • Logistics
  • Machine Learning
  • Machine Vision
  • Managed Print Services
  • Marketing Technology
  • Mobile Application
  • Parking Management
  • Payment And Card
  • Risk Management
  • Robotics
  • RPA
  • SDN
  • Staffing and Recruitment Services
  • Telecom
×
#

CIO Advisor APAC Weekly Brief

Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from CIO Advisor APAC

Subscribe

loading
  • Home
  • Risk Management
Editor's Pick (1 - 4 of 8)
left
Creating Integrated Workflows for an Evolving Company

Mike Everly, CIO, D&H Distributing

Risk Management for Cloud Computing and Data Services

Ramesh Munamarty, Group CIO, International SOS

Risk Assessment - Keeping Cyber Bully Away

Paul Ernst, CIO, Sandler Capital Management

All Roads Lead to Risk Assessment

Christopher R. Barber, EVP & CIO, Commonwealth Business Bank

Cyber preparedness starts with your crisis plan

Sean Duca, VP and Regional Chief Security Officer, APAC, Palo Alto Networks

How an Effective Approach to Enterprise Risk Management can Improve Risk and Business Outcomes

Peter Deans, Chief Risk Officer, Bank of Queensland

Help Customers by Managing Risk Well

Xavier Saldoni, Chief Risk Officer, Medibank

Overcoming the Hurdles of Implementation of AI Solutions

Dominic Wu, Chairman of Asia Financial Risk Think Tank

right

THANK YOU FOR SUBSCRIBING

Risk Management in Perspective

By Syahril Nizam Hasan, Chief Risk Officer, Manulife Malaysia

Tweet
content-image

Syahril Nizam Hasan, Chief Risk Officer, Manulife Malaysia

What is risk management? Is it a pre-audit function or is it a close associate of compliance? Why do we manage risks? Is it a necessity to have dedicated personnel in managing risks for a particular company? I’d like to say that risk management is a distant cousin of both audit and compliance and it should be embedded within business or risk unit instead of outside the business units. In short, risk management is seen as a vehicle that drives business to an optimum decision—keeping intact the threat, opportunity, weakness, and challenges in perspective.

High-risk, matured businesses could reduce dependency on independent watchful eyes tracking and observing the adherence of risk management’s expectations. In short, if the company is matured in managing its day-to-day challenges and weakness, business as usual’s (BAU) resources are more than adequate in managing risk management’s expectations. However, would that mean that it is the end of risk specialist? I still beg to differ. As long as businesses leverage on human capital to manage risks, there will always be on-going questions on integrity and discipline.

In today’s continuous business evolution, managing the uncertainty to avoid vague and less unpredictable outcome is of essence. The ability to predict and foresee the worse in the unforeseen market outlook becomes increasingly crucial for business continuity. For instance, how much capital would a company need to set aside to manage risks? How long does a company expect to tolerate interim losses from its long-term investments to avoid liquidity crisis? What are the steps and mitigations required to manage the foreseeable barriers? It may work wonders if anybody could time the disasters with such precision. While risk management provides tools to measure foreseeable weaknesses and challenges, the unforeseeable risks are what matters most. Innovation and performing beyond norm are new frontier that makes evolving/emerging risk management crucial. By late, stress and scenario analysis has become a norm in accommodating the gauging impact of unforeseeable factors or the evolving risks beyond the normal market conditions.

Disruption to the ordinary line of business is becoming a persistent threat to company’s survival. As such, new ways of managing risks and the need for new business strategy which would outline weaknesses and challenges are crucial to ensure the continuity and survival of a business.

A good CRO should know when to escalate risk to a higher authority with guided and structured framework


The days, absolute monopolies in the business industry are gradually coming to an end as continuous business enhancement comes into demand. This in turn requires robust evolving/emerging risk management that has clear business continuity in mind. Having said that, the question arises, “Could my product line become obsolete/irrelevant?”

As risk management stands in between good governance and acceptable business objectives, it is important to keep the balance between these various expectations. If it is overly skewed towards one goal, risk management then becomes less effective. In order to mitigate uncertainty in the decision making of risk management, the Chief Risk Officer (CRO) or head of equivalent position must command the right experience, the technical know-how of risk management and the strong trait of leadership to ensure its continued independence.

Being independent is easier said than done. An effective CRO would know how and when to intervene and escalate material that matters to various levels of authorities. Senior Management Team and Board member have various different approaches in managing as well as understanding a particular risk. An effective CRO would take the time to evaluate and understand each and every member of the committees to gauge the right amount information for sharing. Additionally, a good CRO should know when to escalate risk to a higher authority with guided and structured framework. The use of key risk indicators/risk tolerance limits/risk appetite should guide and facilitate the CRO on when, whom and what needs to happen when certain tracked risks emerge and requires immediate action and attention. To bear in mind, Senior Management and Board members dislike escalation of false alarm which triggers unnecessary action and attention.

In earlier write ups, I mentioned about KRIs/risk tolerance limits which forms a foundation for what, when and how to measure risks as well as the set of action plans to mitigate risks. While that may sound easy to understand, the challenge lies in the details of appropriate KRIs for the use of the risk taking units. The advantage of KRIs/risk tolerance limits is that it can be used to track all types of risks; financial and non-financial risks.

Similarly, risk tolerance limit could also be mobilized to gauge and assess level of market risks (which is financial risk in classification) which requires immediate attention or level of alert when it hits certain risk threshold - value at risk or earning at risk. Incident, loss date or event is another popular tool to assess and gauge the strength of the existing or current internal controls to manage foreseeable risks. This tool is also useful in gauging whether the risk taking unit has already gauged and assessed the newly identified risk for consideration. While traditional risk management tools focus entirely on normal market conditions, these tools are meant to assist in gauging situations that are beyond normal market conditions. One of the worst case scenario analyzes that could lead to the question of business continuity is imaginary situation of massive customers’ information leak leading to legal actions as well as punitive regulatory action. The key scenarios are basically the worst case situations that are beyond business appetite risk that they are willing to take. Robust risk management provides stewardship to strong business acumen that could forecast business opportunities. Risk management does not tell the risk taking unit what to do exactly however it alerts them of the potential consequences. Even if risk is materialized, business could still accept risk by increasing its appetite for more risk exposures that are beyond its pre-agreed threshold.

The key is to escalate such situation to a higher authority with clear set of action plans if the increasing level of risk is accepted.

Check out: Top Risk Management Solution Companies

tag

Risk Management

Read Also

Cyber preparedness starts with your crisis plan

Cyber preparedness starts with your crisis plan

How an Effective Approach to Enterprise Risk Management can Improve Risk and Business Outcomes

How an Effective Approach to Enterprise Risk Management can Improve Risk and Business Outcomes

Help Customers by Managing Risk Well

Help Customers by Managing Risk Well

Overcoming the Hurdles of Implementation of AI Solutions

Overcoming the Hurdles of Implementation of AI Solutions

Weekly Brief

loading
ON THE DECK

Risk Management 2018

Top Vendors

Risk Management 2017

Top Vendors

Previous Next

TECH News

  • Data Safety: Different Types of Storage Solutions
    Data Safety: Different Types of...
  • A Step-by-Step approach to Web Application Security Testing
    A Step-by-Step approach to Web...
  • 3 Ways to Improve Your Customer Experience
    3 Ways to Improve Your Customer...
  • How E-invoicing will turn India's Economy into a Digital?
    How E-invoicing will turn India's...
View More ›

Copyright © 2019 CIO Advisorapac. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy |  Sitemap

follow on linkedinfollow on twitter
This content is copyright protected

However, if you would like to share the information in this article, you may use the link below:

https://risk-management.cioadvisorapac.com/cxoinsights/risk-management-in-perspective-nwid-593.html