The Institute of Risk Management (IRM) has reported that there is a shortage of candidates for senior level positions within risk management and has urged organizations to ensure that their professional development schemes and succession plans are set up to ‘nurture sufficient talent for the future.’
However, growing talent from within, if a framework isn’t in place, may not always be a practical solution. A recent survey from insurance firm Gallagher, questioned 250 UK business leaders, and found that only one in five companies had a Chief Risk Officer (CRO), a surprisingly low number.

Instead, the research found that Chief Executive Officer’s were more likely to take on the responsibility for identifying existing and emerging risks, despite many having limited knowledge or experience within risk management. This obviously leaves such businesses in a position where they could be exposed to potentially devastating commercial and operational risks.

A business-critical skill set
The skills of a CRO are now needed more than ever and according to Carol Richmond, Gallagher’s Chief Risk Officer:

“At a time when technological change, rapid digital adoption and a whole host of other risks are presenting new and complex challenges to UK businesses, many organisations don’t have the specialist knowledge to identify what these emerging risks could mean for their business.”

“It’s not simply about identifying risks facing the business. A key part of what a risk specialist will do is identify risk issues that should be prioritised. All businesses deal with risks on a regular basis, but it’s as important to have the knowledge to understand those that can be a game changer for the business either in a positive or negative way.”

She added a lack of robust risk management and identification can greatly undermine the achievement of strategic goals, and with the current lack of risk management skills in many businesses, it raises questions about the capacity of some of the UK’s senior leaders to take a strategic view.

Gallagher’s research showed, for example, that some 75% of business leaders saw loss of reputation as a growing risk to their companies. However, without a CRO’s leadership, they may well be unable to see how these risks sit within the business, how to mitigate them, as well as put in place corrective actions should such incidents occur.

This coupled with the power of social media and rising cyber threats, puts many firms in a vulnerable position. Other future risks include workforce shortages, climate change and emerging technologies – areas that can only be mitigated with clear strategic planning.

Why the shortage?
Risk management is generally considered a less established profession compared to the likes of law and accountancy, having traditionally been seen as a technical ‘back room’ role up until the mid 80’s/early 90’s. Today, however, it is an area that businesses cannot afford to live without, with CRO’s being among the most senior appointments made in organizations.

Despite this, risk careers do not always appeal, with some feeling that there is often a stronger focus on compliance within risk management rather than on the overall business strategy. Businesses therefore may look to appoint someone with transferrable skills, such as a regulatory legal or someone with a high-level compliance background, but in both these sectors, there are also skill shortages.

Pressure from rising salaries could also put off some employers. Recruiter Randstad Financial Services said last year that the very best compliance professionals were now able to command salaries of up to £400,000 compared to £250,000 for the previous year. This is an incredible leap and clearly not a common occurrence, but pay is undoubtedly on the increase.

Trade association Airmic, which represents insurance risk professionals, agrees there is a shortage. Chairman Tim Murray states that the sector has been adapting to the fast-changing business environment but that the demand for ‘high-calibre risk professionals’ is higher than ever, adding that more is needed to be done to promote the profession, as “varied, challenging and exciting.”

Even with these changes, the question still remains as to whether CEOs who thrive on risk are prepared to hand over such responsibility to senior risk professionals. A strong case should be made that such a change is not just a requirement but essential to ensure organizations remain agile to the ever changing business environment.