Here are the top 10 common issues and concerns associated with risk management today that I commonly hear about from clients in private, public, and not-for-profit sectors.

1. Siloed risk management: In many organisations, different departments handle different types of risk independently, leading to fragmented risk management. This approach can make it difficult to identify and mitigate risks that cut across various business units.
2. Inadequate consideration of non-financial risks: Risk management can tend to focus principally on financial risks. Non-financial risks like operational, reputational, regulatory, and geopolitical risks are often overlooked, even though they can have a significant impact on an organisation.
3. Lack of scenario analysis: Some risk management practices do not consider a wide range of possible scenarios or are not prepared for extreme events, like natural disasters or pandemics. Failing to account for such scenarios may lead to vulnerabilities. 
4. Overreliance on quantitative models: Too much emphasis placed by the organisation on quantitative risk models, such as Value at Risk, which may provide a false sense of security. These models often make simplifying assumptions that can’t capture the complexity and interrelated nature of risks.
5. Inadequate data quality and governance: Effective risk management relies on quality data. Organisations may struggle with sub-optimal data quality, inconsistent data governance, and a lack of integration between various data sources.
6. Cognitive biases: Decision-makers can be subject to cognitive biases that affect their risk perception and management decisions. Confirmation bias, overconfidence, and loss aversion, for example, can lead to ineffective risk management strategies.
7. Lack of adaptability: Some risk management frameworks are too rigid and do not adapt well to changing environments. If risk management isn’t dynamic and responsive to changing and emerging risks, then those risks looming over the horizon can quickly throw the organisation off course.
8. Short-term focus: Organisations prioritising short-term goals over long-term risk management can lead to a skewed focus on short-term objectives (eg quarterly earnings). Long-term sustainability and resilience become neglected.
9. Regulatory compliance as opposed to true risk management: Some organisations view risk management primarily as a compliance function, driven by the need to meet regulatory requirements. This can lead to a checkbox mentality rather than a genuine commitment to managing risks effectively.
10. Insufficient Board oversight: Boards of directors in some organisations may lack the expertise and knowledge necessary to oversee effectively and challenge the risk management practices of the organisation. This can result in inadequate risk governance.

How do you address these challenges?  

The clients with whom I work have learned that it's essential for their organisations to adopt a holistic and adaptive approach to risk management. Why? Because of the complexity and dynamic nature of the connectivity and inter-dependencies of outcomes and risks at all levels of contribution in their businesses.  

In brief they:

• ensure that risk management is an integral part of their strategic planning and decision-making processes to promote long-term sustainability and resilience  
• start with a clear and unequivocal picture of what outcomes  the organization needs to deliver
• make certain that data quality and governance is enhanced, and a risk-aware culture is fostered throughout the organisation by ensuring that the focus of the range of risks is on the required outcomes
• ask the question, “what would prevent or cause deviation from our delivering the outcome?”
• transparently and visibly show the causes of success, so that the probability of a required outcome being delivered is objectively predicted
• focus Internal Audit on assuring the validity and accuracy of the data, ensuring that the organisation’s management has implemented real time feedback on the trajectory of outcome delivery.

In this way they have the headroom to make necessary adjustments to ensure that required outcomes’ delivery is always kept on track.  

Neville de Spretter FCCA, CPFA - Managing Director, AdLibero2 Ltd