Insurance Business speaks to Gary Anderson about key strategies in risk management.
Video transcript below:
Interviewer: Gary, thank you, for joining us. What are the key risks that businesses face today?
Gary Anderson, Protiviti
Gary Anderson: [Hello], we expect most businesses should look at their own risks, to match their particular environment and situation but probably the three most common risks we see would be, Business Competitiveness, IT risks and typically large project risks as well.
Interviewer: What risk management strategies can organisations put in place?
Gary Anderson: Business Competitiveness, a lot of the risks around there are around cost pressures, so for example Australia now is recognised as a fairly high cost country. So, there is pressures around labour costs, electricity and things like that coming up. So, you have got to be thinking about what things could your competitors be doing to lower their cost structures in those areas and how are you keeping on top of those trends? So, initiatives like outsourcing opportunities, looking at alternative supply mechanisms for yourself to take advantage of currency at the moment. Those sorts of things you need to have active strategies working in those.
In the IT area, the common risks are there around security, downtime and the overall cost of IT as well and there is a range of strategies for each of those. In IT security, you are looking for proper governance approaches to be implemented as well as technical security mechanisms to be put into place, with cost, there is a lot of different cost structures possible in IT. Many companies, a few years ago started to work with major outsource providers and there was big cost savings possible by sharing cost infrastructure across some major companies. However with developments of in cloud computing now, even those cost structures may not be competitive against other options around cloud computing. So, you have got to keep re-evaluating what your strategies may be and how you can stay on top of those.
Interviewer: What are the key regulatory changes that businesses can put in place from a compliance perspective?
Gary Anderson: The major compliance initiatives I think probably fall into two main areas - one for financial services companies and one for the general sort of corporate industrial companies. In the financial services area there is a lot of international regulations, everything from the new Basel rules, liquidity management rules, in Australia, the future of financial advice rules etc. So there is a, they have got virtually their own compliance environment to work within. For the general industrial companies there is a lot of new compliance rules coming from both the UK and US that also impact on Australia, such as the Bribery Act, The Foreign Corrupt Practices Act from the US as well are both starting to have a big impact in Australia.
Interviewer: Are there any emerging trends affecting the risk management arm of businesses?
Gary Anderson: I think one of the trends is that the risk professionals within most businesses are starting to get a more significant seat at the table. They have been integrated more with senior management. Senior management are actually taking on those roles as well directly in explanations to board members. The board members are asking tougher questions of management and they are expecting more substance in answers than perhaps what’s been done in the past. The fact that there is more focus being applied to it as well, is putting pressure on those risk people to come up with more cost effective ways of dealing with risk and staying on top of it as well. So, hence the move in the risk area to be more efficient in the way things are done and that applies with common systems across various risk and compliance and audit areas within business, common approaches, use of common sets of people. So, for example in the past the occupational health and safety group may have been doing one thing and internal audit group may have been doing another. In industrial compliance area an engineering group may have been doing another one. Now, companies are starting to think, you know, there is a lot of commonality between these groups, can we get the risk and compliance and control people under common platforms, common approaches and better reporting up through management and to the board.
Interviewer: Gary, thanks for joining us.