IRMSA’s 2021 Call To Actions – It’s time to step up!



By Sean Pyott, Managing Director of thryve

The new risk report from The Institute of Risk Management South Africa (IRMSA) is their best yet. Part of that credit can go to the experience of releasing seven editions of what has become a definitive and internationally-recognised paper on South Africa. Creating an authentic local context was the report’s genesis, as IRMSA CRO Christopher Palm told me during an interview about the new edition.

But the 2021 report also stands out for the times we are in, where uncertainty and existential threats have taken their place alongside the more familiar problems we face. It’s full of exciting and important insights, most of which I’ll leave to you to discover.

Still, there is one section I want to give a closer look at: the report’s Call To Action chapter. We’ll be unpacking these five CTAs in the future, reflecting how thryve can help meet their requirements. But even as an objective study, these are worth highlighting.

The five Call to Actions are:

  • Integrating Strategy, Risk and Resilience
  • Adaptiveness and Agility
  • Beyond the Risk Register
  • Risk Culture and Maturity
  • Leveraging the Risk Professional

Integrating Strategy, Risk and Resilience

Strategic decisions are about making decisions in a context of uncertainty. But companies are often neglectful of strategy. They excel at developing and deploying strategy, then find evaluation and changes to strategy as too taxing or destabilising. This is partially because strategy does not use risk to its advantage, as risk is often in the back, softening blows to the company. But suppose we accept that risk is also about identifying opportunity (manifested in sense & respond risk management). In that case, the relationship between risk and strategy become clear – and the outcome of that relationship is resilience.

Adaptiveness and Agility

Even before the pandemic, organisations already faced a substantial threat. Digital transformation and digital disruption already began separating the future’s winners and losers. In some ways, all the pandemic did was bring this reality to roost much sooner. All those companies that could adapt work-from-home cultures quickly were investors in some level of digitisation, making them more agile and adaptive. Digital technology adoption is key to this as it reduces costs and improves efficiencies, such as through process automation. But this is also a question of company culture – agile companies require a mindset that will make them competitive for the future. That mindset will come from integrating risk and strategy.

Beyond the Risk Register

A risk professional can often feel like a waiter at a high-end restaurant. There is so much they can tell you about the meals and beverages, but patrons gruffly just refer to the menu and send the waiter on their way. Risk professionals can have similar anxiety whenever the exco or board reach for their risk register. A risk register is important but also one-dimensional. It records visible and often run-of-the-mill risks yet doesn’t reflect the many other ways the risk profession can help organisations make the right decisions in time. Risk registers also encourage risk silos and permit many people to think risk is someone else’s problem. That may cut it for reactionary risk. But the world today needs proactive risk management that has champions across the company and informs stakeholders in near real-time.

Risk Culture and Maturity

Risk is not solely for the risk department, just as company computer systems don’t exist only for the IT team’s sake. Both are a means to an end, the end being to enable individuals and help them run a successful company. Traditional business culture has separated risk from the rest of the business and created a silo for it. Perhaps it was too technical or cumbersome to bother the average employee with. Yet, that has changed on three levels. First, today’s world moves too fast to leave risk in a silo. Second, that pace means employees will benefit greatly from engaging with risk-based thinking and processes. Third, modern technology makes risk management much more accessible, even to laypeople. At the very least, an organisation should assign risk-related responsibilities and roles across the company, backed by a well-articulated accountability framework.

Leveraging the Risk Professional

These CTAs are not isolated. They are all different dimensions to the same central argument: risk management needs to be expanded, made accessible, and empower everyone strategically. Central to this view is the narrative that the skills of risk professionals are woefully under-utilised. Fortunately, the pandemic has given many companies reason to expect more from their risk people. In this spirit, IRMSA calls on the industry to focus on developing more risk professionals as well as spread the risk competency into other areas. For example, many business degrees still offer little to no attention to risk management.

As I mentioned earlier, thryve will be unpacking these five CTAs in more detail over the coming weeks. We’ll look at how technology has made many of these ambitions possible and affordable, especially when coupled with a skilled technology partner. This last element is crucial, since there are no quick remedies. What IRMSA calls for, and what we at thryve have also been pointing out, is for the very attitudes, prominence and cultures around risk to change.

That’s no small feat. But it’s possible in ways that never existed before, and now that we’re armed with the lessons of the pandemic, we have the attitudes and appetite for change to match.