Before the turn of the century, risk managers were mostly behind-the-scenes personnel tasked with acquiring insurance coverage for environmental, product liability and property issues. The younger generation did not desire to be risk managers: in the United States, there were around 12 college programs devoted to the field. The global pandemic has single handedly elevated the function to its current importance. The risk management function is now on the minds of boards and has a prominent position in strategic planning moving forward. It is commonplace to see Boards forming risk advisory committees to address and manage crisis planning, supply chain, cyber risk and data privacy for remote workers.
The role of risk management is multifaceted, requiring a diverse set of talents. Risk management executives require analytical prowess to evaluate everything from distribution to hiring practices; the ability to maintain relationships with insurance brokers, law firms and other key vendors; the ability to effectively communicate with fellow executives; the ability to communicate effectively with employees and the media during a crisis; and financial savvy to understand the company’s balance sheet and effects on said balance sheet should they incur a loss or catastrophic event. In addition to responding to investors and government authorities who are questioning risk managers about global catastrophe preparations.
While the pandemic has brought risk management to the forefront, the field has been slowly growing for years, pushed on by a series of national catastrophes beginning with 9/11. Corporations and government entities have been expanding their crisis and business continuity planning initiatives.
Large organizations began hiring a risk manager who were typically part of the legal or finance department reporting to the chief legal of financial officer. Their role was to amass a wealth of data from across the firm in order to do insurance and risk analysis and purchase insurance on behalf the company. Proactive risk managers reported potential exposures the company faced to management, who frequently ignored the issues.
The 2008-2010 housing market meltdown shifted the functions focus to more enterprise risk management, and more recent cybersecurity breaches expanded risk managers’ oversight into new areas such as hacking and data privacy, although the career path remained constrained.
A decade ago, an experienced risk manager could achieve a vice president or, depending on the organizations structure, a senior vice president role. Fast forward to today, corporations are seeking chief risk officers to manage risk at an enterprise-level and are officers of the company.
From an educational perspective, college business degree programs historically were not required to include risk management coursework. With recent national and global events like the pandemic, it is getting the attention of boardrooms and corporate headquarters worldwide. I believe we will see a healthy trend with institutions incorporating risk management into the business curriculum in addition to making it a requirement.
The function of risk management will continue to grow and evolve as organizations address current and future risks – further broadening its position in their ethos.