Institute of Risk Management

Institute of
Risk Management
Risk Predictions 2022
Resilience, Risk & Recovery

Developing risk professionals

Contents
Introduction - Stephen Sidebottom, Chair, IRM 3
Launching Soon - Armed Forces Community Group 4
Charities Group 4
Climate Change Group 5
Construction and Infrastructure Group 8
Cyber Group 10
Energy and Renewables Group 11
Environmental and Social Governance Group 12
Enterprise Risk Management Insurance Group 13
Financial Services Group 14
Innovation Group 15
Nuclear Group 18

Global View
South Africa 19
India 20
Middle East 21
North America 22
Iraq 24

2
Introduction
Stephen Sidebottom IRM, Chair, provides an overview of the global risk
landscape in the early months of 2022

I would highlight five areas of risk that boards should have high on their agenda for
2022.
1. Geopolitical uncertainty and instability
2. Inflation
3. The mixed pace of global post-pandemic recovery
4. The changed relationship with the workforce
5. Environmental, Social, and Governance (ESG)

One of the challenging things about these risks is that they play out over multiple time-scales. All boards and
executive teams have to balance things that are urgent against things that are important. The response to
the pandemic crisis has been extraordinary, and companies now generally understand the risks associated
with this as we start a faltering recovery.
Other urgent issues include assessing the impact on inflationary pressure on your business. It’s been thirty
years since we’ve seen this type of sustained inflationary pressure, and many management teams therefore
won’t have direct experience of the significant risks it can create.
I think much more attention should be given to the complex issue of engaging with people in the workforce
and their changed post-pandemic needs and expectations. The frequently used language of ‘return to
work’ rather than ‘return to the office’ is symptomatic of a simplistic managerialist response that misses
the business risks inherent in what’s changed. Whether that manifests as experiencing your own ‘great
resignation’ or a more gradual failure to win the best talent, this requires deeper thinking. What’s more this
is only one element in the broader ESG agenda. 2022 has to be the year boards recognise the consequences
of ESG failures as an existential risk for most major companies.
In terms of businesses and their supply chains, the ripple effects of the pandemic and surges in coronavirus
(Covid-19) infections, combined with cyber-attacks and extreme weather events are testing business
resilience. The risk of business failure remains high. But most major companies will have a good view at this
stage of the pandemic of their ongoing risks and the strength of their business resilience plans and practices.
Post-pandemic recovery, environmental risks, and cyber should all be significant areas of risk management
focus.
My final piece of advice to businesses in terms of moving from a crisis response to the pandemic to business
continuity would be to step back and look at how your management model works to build sustained
performance. Think about what leadership practices have had the most positive impact, and do more of
that.
In particular, focus on inclusive leadership, becoming much more deliberate about increasing engagement
and collaboration, and exploring how to encourage a step-change in innovation and experimentation, which
most organisations really don’t do at all well.
In what seems like an increasingly fractious and changing world, I envisage the business response to global
risks evolving throughout 2022 and beyond through an investment in risk management capability; assessing
and evolving your risk frameworks, continuously improving data insights, and building risk management skills
throughout your workforce.
I would like to thank all of our contributors from our Groups for this year’s contributions to this document
and for their ongoing support to the institute.

3
Launching Soon - Armed Forces Community Group
Inspired by the signing of the Armed Forces Covenant in 2019, the Armed Forces Community Group will look
to form a network of like-minded individuals who have ever been engaged with any aspect of the armed
forces. This can include serving members, reservists, or veterans along with those who support cadet forces.
Additionally, we are open to close family members as we recognise the support that families provide to
service personnel. We would like the group to be internationally focused, so we are open to membership from
around the world.
The purpose of the AFC Group is to support its members in their professional development as well as to
provide a social dimension. This will include identifying routes into risk management professions for service
leavers, supporting those risk professionals with ongoing development ideas, and enabling like-minded
people to network and benefit from more social interactions.
The Group would also look to support the IRM with its ongoing communication with the Armed Forces
Community.
The AFC Group will hold its inaugural meeting under the Chairmanship of Chris Blockley-Webb in the first
quarter of 2022.
To join the group please visit: https://www.theirm.org/join-our-community/special-interest-groups/armed-
forces-community/

Charities Group
Richard Evans
Partner, Head of Risk & Assurance
Crowe U.K. LLP
When considering emerging risks, whilst the inherent diversity of the sector is recognised there are a number
of recurring themes which apply throughout. Various risk surveys (including our own) and organisation
insights unsurprisingly cite people related risks as being the most significant they have been for some time.
Staff wellbeing, and the risk of burnout is being cited across the sector – so many people have been running
at pace for an extended period, with changing delivery models and ways of working, as well as maintaining
the day-to-day role having a significant impact upon staff, particularly within (but not limited to) the health
and social care sectors.
This is compounded by the buoyant labour market and whilst the “great resignation” has not impacted as
some have predicted there are some areas of the sector, particularly those with a high proportion of living
wage employees, who are viewing challenges in vacancy levels, directly impacting beneficiaries and service
users. This is also being seen across highly transferable roles, such as finance, technology, fundraising and
marketing (to name but a few).
These workforce risks are being exacerbated in the immediate term (which we know is less severe)
Covid-19 (and wider sickness) related absences and dealing with the immediate impact of the new variant.
Consequences include poor customer experience and being unable to deliver face-to-face services, such as in
respect of mental health and welfare related. There are also the longer-term risks driven by Covid-19 which
are being considered on the horizon – for charities these include backlogs driven by a range of structural
factors which will impact both directly and indirectly to the organisations staff, fundraising and service
delivery. Examples include delays to NHS patient services, cancer, and heart services, the ongoing and
exacerbated delays in the justice system and delivery of face-to-face services – all of which challenge the
funding environment and the ask upon an organisations’ resources.

4
Whilst a number of these risk factors target the outputs and expenditure of charities, there are challenges
in respect of income and funding models. A number of funders are pivoting their strategies towards issues
related to the pandemic, rather than established services and sectors. There is further risk when considering
wider economic factors, including inflation potentially pressurising the capacity for established fundraising
models. Political uncertainty and the ongoing uncertainty in supply chain and societal risks arising from
Brexit all present a watching brief for risk manager’s horizon scanning.
Covid-19 and the pandemic period have accelerated digital transformation to meet the demands of hybrid
working and service provision. However, this in turn has created new cyber risks with the move to cloud-based
approaches alongside legacy systems.
As such, cyber and information security should be a recurring point of focus for risk managers. The shift to
remote and potential longer-term transition (rather than an extended pandemic emergency response) to
hybrid and new ways of working present further technology risks to both assess and importantly – translate
these to risks and issues that the organisation understand.
An emerging area for risk managers to navigate includes Equality, Diversity, and Inclusion (EDI) risks and
what these mean for the charity, both for your existing staff and when looking at recruitment, funding,
and delivery of services. Facilitating the debate and response, including ensuring the risks are captured and
understood, represents a new area of activity.
Adopting virtual or hybrid delivery models represents both upside and downside risks, but the pandemic is
also driving demand for specialist services, which has a further impact upon resources and costings. Risks to
both changing ways of working and how the charity assesses the effectiveness of response are critical – this
includes avoiding the risk of subjective bias in determining workforce strategies and being data led in terms
of feedback and performance.
Despite the challenges the forthcoming period presents a significant opportunity for risk professionals to
make a real contribution to their organisation. We have viewed an increased sector focus upon risk as an
enabler – particularly in the consideration and application of risk appetite. More Boards and management
teams are having active conversations as to what their risk appetite is and what it should be – identifying
that in the majority of cases that the actual level of risk being taken is lower than it should be.
This also highlights and strengthens the recognition that not everything will work and that in 2022 there is
a need to be bold and take opportunities – a clear risk appetite position helps to provide the framework for
leadership and the wider organisation.

Climate Change Group

Martin Massey MIRM, Chair, Climate Change Group
Managing Director OneRisk Consulting Ltd
In 2021 the Group helped design and launched the Climate Change Risk management course in conjunction
with Imperial College, Grantham Institute and the IRM, and we also published a guidance report focused
on climate change for risk professionals. Both the course and guidance aim to equip risk managers with the
knowledge with the latest tools and techniques to help translate the complexity and uncertainty of climate
change to support their organisations in identifying, assessing, and managing their climate-related risks and
opportunities and integrating them within existing ERM frameworks.
In 2022 economic challenges flowing from the pandemic still persist and will continue with market risks such
as financial market volatility and interest rate uncertainty being a major area of focus in the year ahead.
Human capital risks will continue as organisations need to work out their work-from-home policies that seek
to maintain staff retention rates.

5
In respect to climate change 2021 was also a big year with United Nations Climate Change Conference
(COP26). The conference succeeded in getting 197 countries to align on the Glasgow Climate Pact and
other landmark pledges, but even these new commitments are expected to miss the 1.5°C goal established
in the 2016 Paris Climate Agreement and increase the risks from a disorderly climate transition.
The economic overhang of the Covid-19 crisis and weakened social cohesion in advanced and developing
economies alike may further limit the financial and political capital available for stronger climate action.
China and India lobbied to change the Pact’s wording from “phase out” to “phase down” of “unabated coal
power and inefficient fossil fuel subsidies.”
The economic crisis created by the Covid-19 pandemic risks delaying efforts to tackle climate change by
encouraging countries to prioritize short-term measures to restore economic growth, regardless of their
impact on the climate, over pursuing green transitions. Brazil, for example, joined the other 140 countries
responsible for 91% of the Earth’s forests in endorsing the Glasgow Leaders’ Declaration on Forests and
Land Use, even as deforestation in the Amazon accelerated to a 15-year high in 2021. Geopolitical tensions
and nation-first postures will also complicate climate action.
Climate change continues to be perceived as the gravest threat to humanity and in the latest Global Risk
report 2022, GRPS respondents’ rate “climate action failure” as the risk with potential to inflict the most
damage at a global scale over the next decade.
A climate risk taxonomy splitting risk between physical, transition and liability risks is becoming more widely
used amongst most organisations, so we provide some of the major trends and risks as was opportunities
that we predict in 2022:
> Physical risks - extended wildfire seasons and prolonged heatwaves were two of the major trends that we
have seen in 2021. Wildfires in California and Australia have been in the news for the last few years but in
2021 we saw many intense wildfires across some newer regions of the world including Southern Europe
and Siberia. In August 2021 wildfires broke out in the Mediterranean, where the Greek Prime Minister
described them as the countries “greatest ecological disaster in decades”.
In 2021 we continued to see heatwaves increase healthcare services strain on water, energy and
transportation resulting in power shortages and even blackouts. Indirect impacts on food and livelihood
security impact people who lose their crops or livestock due to extreme heat.
One of the most extraordinary and powerful heatwaves ever experienced by North America hit the west
coast in June 2021 and did not go away. This was caused by what meteorologists called a “dome of high
pressure,” the heat wave extended from California – worsening the drought even as the first wildfires
of the season began – and extended all the way up to Canada, where temperatures rose to 121.28F
(49.6C), shattering all previous records. “This is the beginning of a permanent emergency,” the Governor of
Washington state said.
> Transition risks - relating to the consequence of transitioning to a lower carbon or “green” economy are
resulting in a range of both global risks and opportunities facing organisations. These range from carbon
emissions targets and plans, investment in green infrastructure, green washing, “green” Energy inflation;
organisations’ purpose, global flow of information, digital platforms, changing societal expectations etc.
Perhaps the most important trends in 2021 that we see continue include corporate pledges and Climate
Related Financial Disclosures. Climate change awareness and adaptation and wider ESG criteria are
increasingly valued by shareholders including investors, industry regulators, employees, and customers. We
are continuing to see record number of corporate pledges especially net zero targets on mitigating climate
change, which is raising the bar for corporate governance.

6
The growing focus on climate change also extends to corporate disclosures, and there has been significant
progress on this front with improvement in global flow of information and continued regulator pressure that
is leading some countries to introduce mandatory climate and ESG reporting. Continued global activism will
also contribute to capturing global attention.
In 2021 we also saw increased global sustainable investment. The Global Sustainability Investment Alliances
latest investment review shows that global sustainable investment now tops US$25 trillion – up 15% in
two years and in total equates to 36% of all professionally managed assets. More than 70 asset managers,
including BlackRock and Vanguard, have also recently signed a pledge with the Net Zero Investors Initiative,
which has been formed to help achieve net-zero greenhouse gas emissions by 2050.
Changing societal expectations is leading to the increasing demand for sustainable products. As consumers
people increasingly want to purchase products that they view as sustainable across the entire value chain.
They want to believe that their consumption habits won’t negatively affect the environment, and many
are fearful of the overall impact of climate change. Unfortunately, this is also leading to a major risk issue
namely “Greenwashing.” This is primarily a marketing tactic where consumers or investors are misled into
believing that an organisation or brand is sustainable.
As the world begins to decarbonise new market opportunities are available for organisation to create
products and services for a low-carbon world that uses less energy and natural resources, emit fewer
greenhouse gases, and can help mitigate climate damage and regenerate natural systems. On the flipside
there are opportunities to help organisation’s improve resilience which in turn is leading to product
innovation such as the electric and hydrogen economy and a range of new technologies. In the insurance
sector the use of parametric insurance in increasingly being used to offer bespoke solutions to cover climate
related perils covering for example heat stress solutions for livestock farmers.
Overall organisations are continuing to realise that modifying existing internal business activities to address
climate change and wider social issues is simply good business overall and can protect the reputation of the
organisation.

Government and regulators are now stepping in to push further change, faster and with more consistency
across the economy than the market alone could do. Europe is taking the lead on climate-related financial
disclosures, and other jurisdictions are following suit.

7
The global flow of information has also helped raise the awareness of ecological and social crises around the
world. Global and local activism that we saw in 2021 including is continuing to capture global attention and
galvanised opinions.
This has led to sustainability issues becoming core considerations in business. To be able to distinguish
between companies, and investment opportunities, investors need high quality, comparable data, and this is
driving the call for global sustainability standards and the regulatory interest in mandatory climate and ESG
reporting.
> Liability risks - climate change litigation has gained momentum since the adoption of the Paris
Agreement in 2015, increasing in volume, scope, and geographical coverage. Of the over 1,500 cases
documented worldwide between 1986 and 2020, more than half have been brought since 2015. Most
of these cases are in the US where some of the biggest oil and gas companies are embroiled in legal
disputes with cities, states, and children over the industry’s role in global warming.
Awareness of climate risks and the growing perception that courts can be a forum to advance climate goals
are two main drivers of climate change litigation. Standards of care are also evolving, increasing the risk that
states and corporations can be found negligent in their duty to protect the public from the harmful effects of
climate change. These trends have led to a number of new legal cases including District Court in The Hague
ruling in May 2021 that Shell must reduce its global net carbon emissions by 45% by the end of 2030 from
2019 levels. Although the decision is under appeal this was the first time a judge has held a corporation
liable for causing climate change. The ruling could set a precedent for similar lawsuits in the future.

Construction/Infrastructure Group
Danielle Mudd, IRMCert
Chair of the Infrastructure Group
Overall, 2022 for the construction sector is looking to be prosperous and one of growth despite skills
shortages, increased costs, and stricter regulations.
A continuing area of concern for the construction industry will be skills shortages; statistics published by the
Construction Skills Network (CSN) stated that over 210,000 construction jobs will need filling in the UK by
2025.

8
It’s well-recognised that the sector is largely propped up by an ageing workforce and has struggled to attract
new talent. In addition, in the run-up to Brexit, the sector saw a sharp decline in the number of European
workers. The need to encourage new people into the sector, including educating school-age children, has
been well-recognised and this will be a continuing effort.
In addition to the skills gap, material shortages and transport issues continue to plague the sector. We’re
facing global shortages of steel, timber, and IT components, increases in raw material prices and long-lead
times for core supplies, and that is expected to continue into 2022.
The impact of Brexit continues to be an uncertainty, with a shortage of HGV drivers compounding the issues
faced in recent months; most firms are anticipating this to continue to impact through 2022 particularly as
some suppliers have decided to focus efforts on primarily supplying the EU.
Covid-19 has remained an issue, particularly with the increased transmissibility of the recent Omicron
variant, which has resulted in construction sites seeing a significant reduction in their workforce over the
winter months. Companies are anticipating Covid-19 to play an ongoing role in project delivery with
uncertainty around workforce availability and productivity, delays to deliveries and additional costs resulting
from enhanced requirements.
The sector is expecting the government’s ‘Building Safety Bill’ to land in 2022, (due to go to the House
of Lords committee 21/2) which will enable it to create new regulations for those involved in the building
process; there is a chance that productivity will be impacted while companies get to grips with any new
requirements. Despite this, the aim is to improve the UK’s new building stock and ensuring high standards;
although this may impact on margin it’s an opportunity to the sector to become more innovative and
efficient.
A big area of opportunity is the continued adoption of technology, particularly those that can enhance
productivity; we can expect an increase in the likes of construction drones, smart contracts, Augmented
Reality, and Artificial Intelligence.
From a Risk Manager’s perspective, the past year has been one of adaptation and change with hybrid
working in effect for most of the population (at least for part of the year). At the granular level, there have
been challenges in being able to effectively and efficiently hold reviews and workshops, and in being able to
effectively challenge risk inputs.
Body language plays a huge part in feeding into the risk process and operating in a largely 2D environment
makes it extremely difficult to pick up on the subtleties. Despite this, there has been success with greater
use of technology, such as interactive white boards, which has enabled teams to maintain a collaborative
environment.
As ever, it continues to remain important for projects within the sector to be supported by qualified
professionals; it’s becoming increasingly common to see robust risk management expectations contracted
through the supply chain which is incredibly positive and opens doors of opportunities for those looking to
start a career and established risk professionals alike.

9
Cyber Group
Co-authors:
Paul Saunders, Managing Director of GDFM Ltd
Sarah Peaston, Head of Regulatory Compliance, Technical Solutions & Training

Resilience, Risk & Recovery

As we look back on 2021 and consider the path ahead for 2022, much of the same themes prevail. Despite
ongoing pandemic conditions, 2021 continued to be a progressive period for regulation and indeed new
and compounded risk factors. As we embark on 2022, with two years of experiencing the most surreal global
disaster recovery scenario enactment; resilience, risk and recovery have become ever more tangible, as
industries continue to weather the storm of risk exposure, the testing of resilience provisions and feeling the
impact of their recovery agility.
Throughout 2021, firms have been preparing for the initial operational resilience regulatory implementation
deadline, which is now firmly in sight at the end of Q1 2022. It will be essential for firms to embody
operational resilience as a culture rather than a series of implementation dates, in particular as the coming
year will be the first for undertaking the mandatory self-assessment.
The outlook for 2022 and beyond is the increasing need to enable a dynamic operational resilience
approach, with the associated benefits this will bring and the inherent moving away from perhaps more
traditional management methods. The convergence of reviewing and managing micro and macro risks in
this space will also become more natural due to the comprehensive nature of the regulation, including front-
to-back mapping and ownership, prioritisation of important business services, impact tolerance computation
and monitoring, appropriate ownership, and testing and ultimately a resilience capability inherent in the
Business As Usual operating mode.
Into 2022 the post Brexit landscape of regulatory divergence will continue to occur, which, whilst bringing
respite from some components of regulation, will also present challenges to firms who operate under UK and
EU regimes and who may experience efficiency considerations when managing very similar, yet ultimately
different regimes, as differentiation evolves.
Responsibility and accountability of leaders and senior management has been a focus during the pandemic
period, with the natural disruption triggering expectations of closer monitoring and the consideration of
reasonable steps. The finalisation of the extended Senior Managers and Certification Regime (SM&CR)
implementation during 2021, enhanced formalisation regarding conduct and the effectiveness of
accountability and responsibility.
This regime is expected to start to be more consistently leveraged by regulators during 2022, after its
initial period for newly captured firms and now that comprehensive industry application of this regulation
is in place. Leaders will be expected to be experienced in evidencing accountability and responsibility in a
consistently structured manner, including keeping abreast of the potential to breach obligations and the
corresponding taking of reasonable steps, for their designated areas of responsibility.
Cyber-crime has grown exponentially during the pandemic period and the implicit digitalisation of many
investment routes for both mature and new investors alike, has created opportunities for fraudulent activity
and scamming.
The sophistication and speed of cloning and impersonation of legitimate firms is anticipated to increase
into 2022 and firms should ensure vigilance, agility, and non-complacency to ensure the best defence for
themselves and their clients, partners, and investors. This includes proactive monitoring of their brand to
ensure any illegitimate presence is identified and addressed on a timely basis.

10
During 2021, as in prior years, there was persistent focus on how firms complied with Anti-Money Laundering
Regulations (MLRs) and following the FCA’s Q2 2021 “Dear CEO” letter to retail banking providers outlining
specific gap analysis action to be taken in this space, it is anticipated that throughout 2022 a high level
of scrutiny on accountability and effectiveness will occur. It is particularly important into 2022, that firms
undertaken a periodic ‘fresh’ review of their processes to ensure the design remains effective for their
activity and that weaknesses are quickly highlighted and addressed to ensure ongoing compliance. Financial
crime is an ever-evolving landscape and firms cannot afford to rely on static models to meet their obligations
and should consider overall capabilities, in ensuring operating in 2022 remains effective and within MLRs.
The year ahead is anticipated to naturally experience more working model changes, perhaps themselves
susceptible to resilience, risk and recovery weaknesses and a comprehensive assessment will be required
by firms to mitigate with robust solutions and creativity, as we continue to face familiar and at times
unexpected challenges.

Energy and Renewables Group

Alex Larsen, CFIRM and Grant Griffiths, Co-Chairs

Covid-19
With a more positive outlook on the Covid-19 pandemic front from both business and global society there is
a consensus 2022 will be a year of recovery and with it, continuing demand for energy including oil and gas.
On the other hand, the huge supply chain issues, growing inflation and other economic warning signs may
also signal a major downturn.

Emerging Technology
Whether the economy recovers or fails, expect to see continuing investment in advanced and emerging
technologies which support the impetus for Net Zero and the low carbon economy. Factors influencing
investment and the drive towards sustainable technologies and their long-term role in the energy mix
include ESG factors, supply chain risks and the implications of supply chain changes, and political factors.
The moves toward investments in technology will be underpinned by the demands of stakeholders including
investors and financiers as they continue to align their portfolios towards fulfilling their ESG strategies.
Other factors driving investment include efficiencies and resilience that technologies such as blockchain, AI
and smart oil fields provide in surviving a major drop in prices.

Political factors
On the domestic front the cost of energy for householders and consumers will be a political challenge with a
wide range of geopolitical factors (e.g., Russia, China), economic and social imperatives all weighing heavily
on policy decisions. Energy has always been political in nature and now more than ever before is likely to
emerge as an election issue for many.

Risk management
From a risk manager’s perspective expect to see greater focus on building resilience in response to the
higher levels of uncertainty witnessed over the last two years along with a focus on workplace culture as
a game-changer in the pursuit of greater agility, innovation and strategic outcomes as the increasing
interconnectivity and complexity of the energy value chain brings about new risks, challenges, and
opportunities for energy.

11
Bitcoin
2022 could be the year that energy companies look at mining Bitcoin. Water dams in North America and
other power companies have looked at using their excess energy for mining and in many cases the profit
being made from this is allowing them to upgrade their facilities in a way they have never been able to do
before. With energy companies looking for alternative sources of income whilst also realising the potential
for using existing energy in their network, Bitcoin mining might be an experiment that several larger energy
companies undertake.
And if this can be achieved by the use of renewables, it’s a massive win-win for everyone.

Environmental & Social Governance (ESG) Group

Co-authored by the committee

In 2022, enterprises in the public, corporate and not-for-profit sectors across the globe will continue to
experience volatility, uncertainty, complexity, and ambiguity (VUCA) in the contexts in which they operate.
This context, by its very nature, makes the exercise of predicting the future somewhat challenging, however,
it is the view of the IRM Environmental & Social Governance Group committee that the following social
drivers will be important to leading enterprises and the risk professional in supporting good governance:
> Greater stakeholder accountability - stakeholders, both internal and external to the organisation, will
continue to influence change in the way in which the enterprise is governed. Key stakeholders will include
the investor community, public bodies, the press, social media, activists, employees and their families,
former employees, clients, beneficiaries and consumers, volunteers as well as partner organisations.
Seeking to gain assurance that the organisation is addressing risks related to modern slavery, inequality,
diversity, inclusion, health, safety, safeguarding, security, welfare, and environmental sustainability
are just some of the arenas in which stakeholders will continue to drive for change. Managing an
organisation’s reputation becomes a core capability in such an environment.
> Real-time public scrutiny - media scrutiny and ‘grandstand public experts’ scrutinising the way in which
the health and environmental crises are being handled – in real-time, including the lessons that should
have been learnt - will continue to bring into question the adequacy of governance across public,
corporate and not-for-profit sector organisations. Organisations are being held to high standards by the
court of public opinion, challenging how crisis and resilience management is deployed. In this context,
the difference in behaviour between more ‘purpose-driven’ versus more ‘profit-driven’ organisations will
become apparent; transparency and accountability will continue to need to be demonstrated, however,
in the wider context of the social driver upon the modern organisation to demonstrate its place and
purpose in society. This will involve organisational change in the culture, structure, and strategy as well as
governance of the new enterprise.
> Role of the risk professional – the role of the risk professional will grow in importance as organisations
recognise this profession to be formally educated in the fields necessary to (i) understand the changing
nature of the external and internal contexts, as well as (ii) support organisations to fulfil their social
responsibilities in demonstrating good governance, both in profit-driven as well as purpose-driven
enterprises, and in (iii) helping to prepare for media-driven crises and recovery plans.
> Changes in risk reporting – as part of meeting these stakeholder requirements, the risk professional will
lead the development of conventional risk reporting into more mature processes. Integral to this will
be the need to demonstrate that the organisation is being governed in such a way that it is fulfilling its
social responsibilities in an ethical and sustainable manner. It is viewed that formal ESG policies and
processes are necessary to carry this out.

12
ESG will become a ‘golden thread’ running through the achievement of the strategic objectives/priorities’ of
‘ESG-intelligent’ enterprises and an enabler in their opportunity management whilst becoming a strategic
risk for those organisations failing to recognise the changing nature of the social context.
‘ESG-intelligent’ enterprises - the leadership of ‘ESG-intelligent’ organisations will recognise that the external
and internal organisational contexts have changed and that organisations, in turn, need to change if they
are not only to survive but thrive in a new world order.

Enterprise Risk Management (ERM) in Insurance Group

Authored by the Co-Chairs: Dr Isaac Alfon, AFF, Founder and Managing Director, Crescendo Advisors
Ltd and Justin Elks, AFF, Partner, Crowe U.K. LLP

Five risk themes for insurers to respond to in 2022

While a few months ago Covid-19 seemed to be more under control, sadly it seems that it is not over. The
pandemic and Brexit are taking place at the time of long-term trends toward stakeholder capitalism and
business sustainability. In its widest sense, sustainability in business encompasses not only environmental,
social and governance issues, but also operational and financial resilience. The Prudential Regulatory
Authority (PRA) and Financial Conduct Authority (FCA) are increasingly focusing on these broader issues too,
making it increasingly difficult to separate doing business from regulatory compliance.
Within the parameters of these events and long-term trends, we think there are five key themes that insurers
should pay attention to during 2022.

Macroeconomic environment
At the start of 2021, there were concerns about the risks from loose monetary and fiscal policy, and
high debt. Experts now seem less concerned about an economic reckoning and more concerned about
inflationary pressures as evidence by the recent increase in UK base rate. This has been driven by
increasing concerns around energy prices, supply chains and labour shortages. Many still argue that these
are temporary challenges. On the other hand, economic stimuli cannot go on forever. The International
Monetary Fund (IMF) economic growth projections for 2022 are largely in decent, if not spectacular,
territory. Risk managers will need to consider whether there is cause for optimism or concern, and the extent
of complacency they see.

13
“Great resignation”
Talk of the “great resignation” - including people dropping out of the labour market altogether - started in
the US as part of the wider discussions about the future of work post-pandemic. This has added to concerns
about skills shortages, amplified in the UK by the departure of many EU citizens. Risk managers will need to
evaluate whether the business, including the risk function, has the skills and capabilities needed to deliver in
2022.

Regulation
The transition from the UK’s FRC to the new Accounting, Reporting and Governance Authority (ARGA)
continues to ratchet up the pressure on governance, even if reforms are not directly targeted at insurers. The
change in FCA leadership seems to have led to a doubling down on customer’s protection, with a continuing
focus on general insurance pricing and the protection of the vulnerable – although some argue that
“vulnerable” is now quite widely defined.
The PRA appears to be taking back control of Solvency II and has been reviewing its implementation. While
there are positive noises around removing bureaucracy and widening the assets that can benefit from the
Matching Adjustment, there are also industry concerns of a competitive penalty if the UK’s application of
Solvency II becomes (or remains?) more prudent than that of Europe.
Risk managers will need to continue to monitor these changes, while considering the cost/benefit for their
organisations and any unintended impacts.

Sustainability and climate change

There is an increasing focus in society on sustainability and climate change. For insurers, climate change
has taken centre stage. Although COP26 may have achieved less than had been hoped, it has succeeded in
switching the emphasis from ambitions and commitments to actions and accountability.
While sustainability and climate change also create opportunities for insurers, and insurers should be focused
on sustainability as a strategic goal, the regulatory driver for action should not be overlooked. All insurers will,
of course, have already “fully embedded their approaches to managing climate-related financial risks” as
mandated by the PRA. Looking forward financial institutions, including insurers, will be required to disclose
the impact of climate change and net zero transition plans.
The PRA has already announced that it will switch to actively supervising against its climate change
expectations during 2022 and reminded the industry that section 166 reviews can be applied. More
generally, sustainability can lead to interesting hybrid issues, for example, is greenwashing the next mis-
selling scandal waiting to happen?

Operational resilience
Some insurers have continued to enhance the digitisation, efficiency, and resilience of business processes.
However, there is a risk that insurers struggle to return to service levels and capabilities they had reached
before the pandemic; for example, many call centres still appear to be operating on reduced scale “because
of Covid-19”.
During 2022 the operational resilience rules will become effective. The focus will shift to maintaining
operational resilience through planning remedial actions needed to build and maintain resilience within
agreed tolerances. Risk functions will need to oversee these plans and ensure that they are credible,
appropriately resourced and deliver resilience for their business in line with agreed tolerances.

14
The insurance industry has a lot of work to do to continue to fulfil its social role of mitigating losses from
unpredictable events and supporting savings. The experience of the successful response to Covid-19
outbreak shows that the industry can rise to these challenges. These themes touch on all aspects of
insurance – investment, underwriting and operations – and will require both a strategic focus and tangible
action to enable insurers to respond to the challenges they raise.

Financial Services Group

Maria Singende, IRMCert, Chair
As we enter 2022, regulation, global growth, inflation, rate of employment, fiscal and monetary policies will
continue to shape risk management in financial services. Customers, employees, supply chains, competition,
innovation, and digitalisation developments will also inform financial institutions risk management
strategies. Monitoring developments in these areas will remain crucial to ensure effective risk management
of the primary risks faced by financial institutions.
After experiencing the worst ever recession in 2020 due to the pandemic, recovery has been slow due to the
Covid-19 variants. Supply chain challenges have also impacted recovery. Energy prices have caused inflation
to soar to record levels.
The above factors translate into the primary risks faced by financial institutions i.e., credit risk, operational
risk, market risk, liquidity risk and reputational risk. These factors also inform risk appetite and tolerance
setting for the different primary risks. The economic slowdown created by the pandemic led financial services
firms to be on high alert for defaults. Increased innovations through online services and digitalisation have
brought opportunities as well as threats. Frauds and cyber risks have increased. Balancing these risks and
opportunities through enterprise risk management remains central for financial services firms’ success.
Since the 2007/2008 financial crisis, the financial services sector has been strengthening its risk
management capabilities ensuring alignment with regulatory requirements. This has prepared organisations
for sudden shocks like the one caused by the pandemic. Stress tests carried out on globally significant banks
have shown overall strength to stay solvent whilst supporting customers to achieve their objectives. The
sector has demonstrated its resilience and ability to continue the business of funding the economy and
facilitating payments and investments.
Government support has remained critical in maintaining the economy through furlough and business loan
schemes. Looking into the future, innovation is going to play an important role as the world moves into the
post-pandemic era. New initiatives are associated with higher risks, and this is where the financial services
sector needs to continuously upskill employees to keep pace with market developments.
Whilst governments reacted to the pandemic by providing record support to their economies, greater
international collaboration in restrictions and vaccine programmes is required to fully contain the threats
caused by Covid-19.
Climate change and sustainability will remain high on the agenda of financial services risk management
strategies. The emergency of the pandemic has resulted in reduced carbon emissions hence slowing down
threats caused by climate change.

15
Effective risk management involves having the ability to anticipate evolving risks, measuring them, and
putting measures in place at an enterprise-wide basis to both manage and be able to benefit from the
upside of such risks. The financial services sector is inherently in the business of taking risks therefore
qualified enterprise risk managers have a very big role to play in ensuring that there is effective enterprise
risk management.

Innovation Group
Co-authored by:
Sarah Gordon IRMCert, CEO, Satarla, Katalin Horwath, GRC Manager, Springer Nature Group and
Rodrigo Souza, Senior Lecturer, University of Roehampton.
Since Covid-19 has been moving far away on the horizon, in 2022, most risk managers will be more
concerned about what comes next. Significant changes happened over the past years. Most businesses were
able to adapt quickly, overcoming threats to harvest opportunities. Nonetheless, risk management teams,
together with other experts, must reflect further upon the appropriateness of their tools and practices to deal
with emerging and extreme risks, such as challenges and opportunities presented by the digital revolution
and climate change. Given this scenario, we see that the comprehension of risks into context is key. Events
do not generate threats nor opportunities per se, but the position and response of companies does.
Uncertainties still exist regarding short-term and long-term impacts of Covid-19 to individuals and
economies. Organisations must respond to the need of workers operating remotely, while customising and
tailoring solutions and policies according to employees’ aspirations and goals as well as organisational ones.
Numerous threats and opportunities exist regarding key talent’s retention and recruitment, but worldwide
(remote) synergies and platforms may enable more fluid and further team collaboration in different time
zones. Mental health and wellbeing are still on the risk radar of companies and individuals, as the youth feel
disillusioned and (digital) social connections may be looser. Thus, we expect progress on responses to the
challenges of making virtual (social and organisational) connections seem more natural and unobtrusive,
akin to chats in the corridors or during lunch, and on platforms allowing full collaboration and inclusion
between teams working in the same project onsite and remotely.
As climate change risks and ESG propositions gain more relevance in board meetings as the next big
disruptive wave, ERM must address sustainability and responsibility from multiple perspectives. Temperatures
are rising and floods and natural disasters are happening more frequently around the world, therefore, the
significant anthropological impact on the planet gets less forfeit and more real over time. We expect the
spark of interest and investments from and in companies becoming greener and attempts to integrate risks
and opportunities with other social and governance issues. Furthermore, risk tools must be revisited, revised,
and redesigned to allow better real-time evaluation and monitoring of changes, as a key prerequisite to
move on looking forward.
We have seen how our world is interconnected both in the physical and virtual space, but these realities
also need to be better integrated. We expect an increase in hybridisation within organisations. The digital
economy will certainly be the platform supporting the physical economy. Nonetheless, the dissociation
between both is unimaginable nowadays, as digital companies are moving to the high street and vice-versa.
New technologies must/will be created, developed, and legitimised in these spaces as the interface between
humans and machines shrink further.

16
Surrounding all the events above, we still need to face considerable political instability in governments,
currencies, and commodities in 2022. Communities that have been created virtually and are becoming
concrete in demonstrations on the streets. Unheard groups are gaining voices in different platforms and
cannot be neglected or ignored any longer. Cryptocurrencies are obtaining more followers. There are mixes
of social cohesion and social erosion, which may not have a clear direction in their infancy or juvenile
period but are maturing to shake pre-established boundaries in society. That imposes a huge pressure on
governments and policy makers to accommodate requests coming from different stakeholders and to create
an arena for potential (partial) consensus and (re)stability.
Society may be facing existential threats in the near future. They may not necessarily create the extinction
of humankind but will certainly shake paradigms. As we emerge from Covid-19 we realise that coming back
to normal may not be the path we all want. The challenge then becomes how to accommodate so many
claims and imperatives constrained by the reality we live in and without polarising it even further
Perhaps our solution will be to create metaverses or multiple universes, tuning finer lines between physical
and digital worlds. As risk managers we may be well-positioned in this space to think out of the box and look
to our risk management toolkit to pull out ideas and solutions to attenuate these tensions considering both
their short-term as well as long-term implications of decision-making processes.
In sum, in 20222, we expect lots of rethinking and re-analysing before each one of us can set a clearer
direction for our ship to sail forward.

17
Nuclear Group
Kathryn McCloghrie, CMIRM, Head of Corporate Strategy, Sellafield Ltd
Chair IRM Nuclear Industry Group
2021 has been an eventful year for the nuclear industry in the UK, with increasing government support
for Small Modular Reactors and Advanced Nuclear Technologies. The announcements in relation to the
Regulated Asset Base funding model for large nuclear power stations have created new opportunity,
whilst the policy position on Chinese engagement in these projects could threaten projects by excluding
potential partners. Whilst government policy is supportive, the security context continues to be threatening,
particularly with increasing geo-political tensions and the rapid development and expansion of cyber threats.
The potential for malicious attack on critical national infrastructure is increasing.
As we enter 2022, the resource impact of Covid is as bad, perhaps worse than it has ever been. This is
partly due to increasing isolations and positive test results, and partly because it compounds other resource
issues such as scarcity and high attrition. Recruitment and retention are both key risks for the future. High
levels of attrition and the consequent loss of knowledge and expertise are creating a challenge for most
organisations, and particularly for nuclear operators, for whom plant and specialist knowledge are vital.
STEM skills (Science, Technology, Engineering and Mathematics) remain an area of national scarcity and
are critical to both new and existing nuclear facilities. Many employers are increasing flexibility regarding
location or working from home to attract talent, however nuclear sites tend to require hands-on presence,
restricting the opportunities. In addition, next year’s talent is expected to demand more from employers
– avoiding ‘bad businesses’ and wanting a clear purpose and values which resonate with their own. The
nuclear industry has always been controversial, reflecting a history associated with military uses and a very
small number of high-profile accidents. The public perception of risk is increased by lack of understanding
and historic secrecy. The opportunity for the future is to demonstrate the benefits of nuclear power as part
of a balanced portfolio of low carbon energy which enables our climate change ambitions.
Supply chain resilience is a key risk for the future. Whilst we have all learned a lot about our vulnerabilities
in this space through Covid, there are indicators that this will continue to be a significant threat. The
scale of government infrastructure projects continues to expand, leading to a competitive market. Key
contractors also face increasing difficulty in recruiting talent, with both employment costs and rates of
attrition increasing. In 2022, when key staff leave, businesses will have to increase salaries significantly to
replace them. Retention is a critical risk. It is likely that cost and scarcity will lead to more specialist work,
such as design and manufacturing, being undertaken off-shore – with the associated concerns about quality
control, assurance and security. Nuclear plants tend to depend on specialist proprietary items, making them
vulnerable to stoppages, and on small specialist suppliers, making their survival and success a critical risk to
the plant operator even if the supplier is several layers below in the chain.
Sustainability is an increasing topic for risk discussions, with uncertainties in stakeholder expectations, policy
directions, regulatory evolution and public perceptions. Balancing environmental and social value for money
will require many critical decisions. Enabling risk-informed leaders to appropriately judge these uncertainties
and chart a path through the dynamic context will be key.
Looking forward, the level of opportunity for investment in technology is enormous. From digital business
systems to remote and automated plant systems – technology can transform our enterprises. Achieving
this will require shrewd investment in systems, operator skills, creativity and management and use of
information. For an industry where modifications are carefully scrutinised and controlled for safety reasons,
moving dynamically to substantiate and deploy evolving technology will be a constant challenge.
As always for the nuclear industry, safety and security are paramount. For 2022 operational resilience, in the
face of these and other threats, will be our top priority.

18
Global View

Africa
Zanele Makhubo, CFIRM
Chair South Africa Group
Director: Enterprise Risk Management at Gauteng Department of Human Settlement (CRO)

Future disasters - drought, global warming, and floods will continue in 2022
Covid-19 has exposed the world’s ability to cope in a crisis. To manage future global disasters, we must
address any issues, such as a lack of planning and changing regulations. There is a need for collaboration,
to develop proactive disaster management plans, agreed upon by all stakeholders from all disciplines,
including Regulators, health, business, NGOs, community, civil society groups, labour stakeholders, disaster
management, and business continuity. We need to prepare for the worst to achieve the best.

Returning to the “new world at work”

Addressing the issues of mental health and post-traumatic stress disorder when reintegrating the workforce
back into the workplace. This requires robust changes in management policies. The ‘Human Factor’ needs to
be prioritised across the board, with new policies put in place to address the needs of our workforce.

Increase in unemployment
An increase in unemployment will harm and set the South African economy back 10 years by deepening
poverty and inequalities. It will take a momentous task to rehabilitate, rebuild and reconstruct the vibrant
economy. It requires all the sectors of the economy to collaborate to find a better solution for all.

Sustainability
The slow pace in investing in sustainability priorities (environment, economy, and society) during the
Covid-19 pandemic, shows an elevated impact on how the three domains interconnect. Unmaintained,
dilapidating infrastructure affects:
> Environment - efficient use of resources, access to water, food security, air pollution, hazard
management and economic preservation.
> Economy - economic stability, unemployment, and deepened poverty.
> Social - society’s livelihood, health, human rights, inequalities.
The country should meet the needs of the current generation without compromising the needs of the future
generations.

Lack of business continuity and Resilience Strategies

Most private and public organisations do not have appropriate business continuity plans and resilience
strategies to ensure continuity for future disasters or unforeseen events. Business interruption is too costly as
it results in many operational risks. There is a need to develop robust business continuity plans which cater
for business interruption, contingent business interruption, and trade disruption (supply chain) insurance.

19
Technology risk
The risk of sourcing technological solutions leads more organisations and businesses vulnerable to
cybercrimes. Are we agile enough to deal with the world of technology? Cyber insurance is a new
consideration by CIOs, CEOs, and CFOs in the public and private sectors. Adaptive leadership is encouraged
to initiate adaptive resilience strategies.

Fraud and Corruption Risk

The risk of slow implementation of consequence management makes it difficult to mitigate such risk.

India
Co-authored by: Hersh Shah, SIRM, Chair
Sunder Natarajan, CMIRM, Deputy Chair
Rama Warrier, CFIRM, Deputy Chair
P Subramanian, FIII, CFIRM, Deputy Chair

What lessons have risk managers learnt over the last year?
1. Greater diversity will drive superior risk management
2. Companies will adopt a mix of modelling strategies
3. Alternative data will expand to fill information gaps
4. Risk managers will be a part of strategic decisions
5. Risk intelligence will now be an important skill valued over domain expertise alone

Future top challenges/key three risk factors for India

1. Socioeconomic risks / inclusion of rural India which should hopefully be mitigated with the Budget 2022
2. Inflation risk
3. Inter-state relationships / geo-political risks

What could have been done better?

Businesses have shown tremendous resilience in the year 2021 in recouping a lot of lost ground. Though this
is a tremendous achievement, it has caused a bit of distortion in the way non-pandemic risks are perceived.
Owing to the ‘halo effect’ of the Covid-19 pandemic, the relative prioritization of risks has been less than
realistic in many organisations. While respecting the severe impact of the pandemic, risk managers should
balance it with the potential impact and probability of the other host of risks which their organization is
exposed to.
Another aspect which could have been handled better is the exaggerated risk response that was given to the
pandemic. Whilst we should accept that the ‘unknowns’ made the risk managers err on the side of abundant
caution, a quick review would indicate that many responses could have been toned down. The best example
would be how the lockdowns and complete closure of business activities were implemented when a more
pragmatic approach could have been adopted.

20
What good risk management looks like and the importance of having qualified risk practitioners in
the business.
Some of the fastest modes of transport built also tend to the ones with the best safety features. Risk
management does the job of a brake or airbag or parachutes which help overcome an ‘incident’ and
protect the ‘passenger.’ In addition, they also give confidence to the driver to fast. Risk management is
common sense which is practiced well. All it requires is a systematic approach to all processes and functions
with risk lens. The best persons who can build a risk culture in an organisation are representatives of each
function who are qualified and trained to become risk intelligent. If each risk practitioner in each function
were to ensure adherence to the laid down process, identify exceptions and flag them off for corrective
and preventive action, they can only identify the bottom-up risks, but also enhance the efficiency and
effectiveness of the process thereby contributing to the balance sheet. This coupled with a strong top-down
approach including risk reviews completes an organisation that is risk savvy
Everyone is a risk manager! Adam warned about the hidden risks of eating the apple whereas Eve embraced
the opportunity and tasted it first! The result was the whole evolution of mankind! Between Adam and Eve
whom would you rate as a better risk manager? Should a Risk Manager be risk-averse or risk embracing?
Corporate houses are grappling with this question without a clear answer for a long time.

Risk management as a field of management education came in existence very recently although the
attributes of risk management are naturally found in all living beings including plants, basic elements such
as water and air! Water flows from higher level to lower level to attain a state of equilibrium. So also air flows
from high pressure zone to low pressure region. Risk management education is a continuous process of
imparting essential life skills towards achieving equilibrium.

Folklore about the engineering genius Sir Visvesvaraya, who identified a crack in a rail track with his
surreal capability, of sensing a risk of derailment of train in which he was travelling, by just listening to
the changing vibrations caused by a fault in rail track, proved a point that there are some naturally born
extraordinary risk managers in this world. Good risk management lies in employing a qualified risk manager
with an extraordinary orientation towards identifying the opportunities and risks that are associated in the
environment in which we live.

Middle East
Darren Mullan CFIRM, Chair
For my risk predictions last year, I selected several trends which presented both risk and opportunity across
the Middle East.
For this year’s risk predictions, I have provided an update against these trends within the wider context of
the ongoing impacts of Covid-19, continued regional socio-economic and political reform, as well as some of
the well-publicized political and security tensions.

Economic Growth
In January 2022, the IMF forecasted moderate global economic growth for 2022 at 4.4%, down from
5.9% in 2021. This revised 2022 forecast is half a percentage point lower than in its previous October World
Economic Outlook (WEO), largely reflecting forecast markdowns in the two largest economies (i.e., US and
China).
The Middle East countries are expected to show growth at, or higher than, the global average, mainly driven
by oil revenues stemming the recent agreement by OPEC+ to boost oil supply.
For example, the Saudi Arabian Ministry of Finance forecasts national GDP growth of 7.4% in 2022, versus
2.9% growth in 2021.

21
Whilst the regional economic growth will unsurprisingly continue to be driven by oil-related revenues, non-
oil growth will continue to be a key area of focus (e.g. in addition to several infrastructure ‘giga projects’,
the Saudi Arabian government has a number of programs, such as the National Industrial Development
and Logistics Program and “Shareek” Program, which promote private sector productivity and economic
contribution).

Taxation
Whilst the Middle East enjoys much lower overall taxation compared to the global average (e.g., some
research indicates 25% regional versus 45% global taxation rates), taxation reform continues to play a key
role in the wider economic reform across the Middle East. For example, the UAE Ministry of Finance (MoF)
has recently announced the introduction of a new 9% federal corporate tax in the UAE that will be effective
from 2023.

Demographics
Across the Middle East region, the bulk of the population is predominantly below 30 years old. In last year’s
predictions, I highlighted that this factor would present both opportunity (e.g., meeting the needs and
aspirations of these emerging consumers) and risk (e.g., meeting the increased demand for degree-level
education and associated professional employment opportunities).
My own observations in the region indicate that governments, despite the current economic challenges
to employment levels, are successfully responding to this increased demand for professional employment
opportunities (e.g., broader Saudisation of, combined with increased female participation in, the local
workforce), which in turn is fueling consumer-led economic growth across non-oil sectors.
In conclusion, the Middle East remains a fascinating region and will continue to respond to regional and
global events, whether they have potential upside or downside. I also suspect that 2022, like 2021, will also
provide some unexpected political and security challenges in the region, which are always difficult to predict
but must still be managed.
Unsurprisingly, as a profession we must therefore continue to help our respective employers and clients to
anticipate, understand and navigate these risks and opportunities.

North America
Michael Rasmussen, CMIRM
IRM Global Ambassador, United States
Agility is a thing of beauty. I love watching acts of agility. Take parkour for example, how these athletes can
leverage and use their surroundings to navigate and seem to do the impossible . . . simply amazing.
There has been a lot of focus on resiliency in 2021 and moving into 2022 as we deal with the waves of the
pandemic and ramifications from it. Resiliency is the capacity to recover quickly from difficulties/events, the
ability of a business to spring back into shape from an event. This is critical and I see a lot of organisations
moving to bring together risk management and business continuity management into what is now
defined as risk and resiliency management. Business continuity management as a separate function in the
organization is outdated and over the next two-to -three years we will see a mass migration to an integrated
operational risk and resiliency program.
Resiliency is NOT enough though. I am seeing a lot of organisations in 2022 to see how their risk and
resiliency programs can make them more agile as well.

22
Agility is the ability of an organisation to move quickly and easily; the ability to think and understand quickly.
Good risk management is going to clearly understand the objectives of the organisation, its performance
goals, and strategy, and continuously monitor the environment for 360° situational awareness to be agile.
To see both opportunities as well as threats so the organisation can think and understand quickly and be
prepared to move to navigate to seize opportunities while avoiding threats/exposures to the organisation
and its objectives.
Organisations in 2022 need to be agile organisations to avoid and prevent events, but we also need agility
to seize on opportunities and reliably achieve (or exceed) objectives. Agility is not just avoidance of hazards,
threats, and harms. Agility is also the ability to understand the environment and engage to advance the
organisation and its goals. Organisations need to be agile and resilient. Risk management needs to be an
integrated part of performance, objective, and strategy management to achieve this capability to enable
situational awareness for this organisation so it can seize on the opportunity as well as avoid exposures and
threats.
So, the organisation in 2022 needs enterprise risk and agility that is also supported by operational risk and
resiliency. There is a symbiotic relationship between enterprise risk and agility with operational risk and
resiliency that organisations need to develop in today’s dynamic, distributed, and disrupted business.
To be agile and resilient, organisations also need to think creatively and not just logically about risk
management in 2022 and beyond.
When we think of risk management we often think of structured approaches with complex models,
mathematics, and analytics. We dive into the world of Monte Carlo analysis, and Bayesian modeling. There
are calculations such as Capital at Risk (CaR) or Value at Risk (VaR). The field of risk management has been
dominated by left-brain thinking. Does being a right-brain thinker make me bad for risk management? I do
not think so.
Historically, risk management has been dominated by left-brain thinking on risk. We have structured risk
models, simulations, and analyses. We try to put uncertainty/risk in a box. As long as that box roughly
resembles reality then our analysis is to some degree fairly sound. Good risk management requires structured
thinking about risk and using models. As Sir Arthur Conan Doyle stated: “It is a capital mistake to theorize
before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts.”
I argue that this is not enough to be agile and resilient in 2022. Good risk management does need
structured data and analysis, but it also needs to think about risk creatively. Business is complex and
dynamic.
There are so many variables that can hinder us from achieving objectives. Some of these can be fairly
evident and common sense, some can be very abstract, remote, and down in the weeds of the organisation.
That requires creatively thinking about risk and risk event scenarios. This requires us to explore intuitively
complex relationships of risks to other risks and objectives. In the words of Alvin Toffler: “You can use all the
quantitative data you can get, but you still have to distrust it and use your own intelligence and judgment.”
Creatively thinking about risk, to be agile and resilient, requires good risk models from the structured risk
thinkers, but then to think outside the box on how those models break down or what they do not cover.
Right-brain risk thinking involves a lot of visuals of risk and going through risk scenarios. From a risk analysis
point of view, I love bow-tie risk assessments. Monte Carlo simulations and such are valuable, but they also
put me to sleep. I love the mind mapping analysis of a bow-tie risk assessment to visually analyze causes
and effects, come up with things that are being missed, and look for ways to mitigate, transfer, and manage
that risk to an objective.

23
Iraq
Hisham Khalid, SIRM, Chair

One of the biggest risks in Iraq is the unstable economy and the fluctuation of exchange rates for foreign
currencies, as well as the inactivity in the private sector due to the factors stated, and the risks of Covid-19,
and these problems can be summarized as follows:
> The low exchange rate of the local currency against the US dollar is one of the biggest problems facing
the economy, as it decreased by 20%, and this has led to a rise in the prices of goods and commodities
as a cost because Iraq is a consumer country and there is no industry in it. Iraq should be Importing
goods from outside Iraq in US dollars, if the price of goods is raised locally consequently the damage
occurs to the consumer. This leads to a decrease in sales in general because the value of money has de-
creased against the dollar and this reduces the process of disposing of goods, and here we mention one
of the most important elements that has contributed to holding back the movement of the wheel of the
economy in general.
> Iraq suffered in the war with ISIS many losses, including human and material, the supply of weapons
and the suspension of the economy in the areas where the wars took place and the closure of many bor-
der outlets that generate economic resources for the state, meaning that the spending process here was
in one direction without any resource alternative.
> Iraq is considered one of the key countries in the local economy because there is no alternative financial
resource other than crude oil. This point can be summarized in that Iraq sells oil for dollars to provide
financial liquidity from which it can be spent on local projects and infrastructure, and there is no alterna-
tive economic resource other than fees. It is surprising to mention that oil revenue represents approxi-
mately 98% of the total resource, and this result is strange because Iraq has many resources that can-
not be used.
> Iraq’s situation with Covid-19 is that the discharge of crude oil has become insignificant and cannot be
relied upon entirely because the resources are not sufficient due to the drop in oil prices in the local mar-
kets to stop factories and production all over the world.
> Failure to support the private sector and open a good space for it is one of the biggest types of risks in
Iraq, because the private sector is ahead of the government sector in most respects, both intellectually
and technologically, and among the most prominent examples are the banks that are considered one of
the pillars of the countries’ economy that does not receive adequate support from government agencies
to take real space for it in the financial and banking sector.

Lack of insurance culture

Here we highlight that the lack of insurance or failure to properly activate insurance companies may lead to
disasters in the public and private sectors.
> Disguised unemployment: a lot of state employees does not have a clear job description and it does not
take up space from real work, and the Iraqi government sector is considered one of the largest sectors
in the world in terms of the number of its employees, that is, according to indicators that more than 20
% of the population of Iraq are state employees, when actually 5% is the real number that performs its
role in work, and this is considered an expense and a burden on the government in disbursing dues and
burdening it to allocate a budget for more salaries than necessary.

24
Why risk it? Get qualified
Advance your career with the IRM qualifications

IRM certificates include:

International Certificate International Certificate

in Enterprise in Financial Services
Risk Management Risk Management

Digital Risk Supply Chain Risk

Management Management
Certificate Certificate

What our students say

Robert Luu
Director of Customer Success, Galvanize, Singapore
“Whether you’re directly in risk management practice or not, the IRM provides a great
qualification to immerse yourself in to grasp the foundational knowledge that touches
on a variety of topics of today, and the technological advancement of the future."

Carla Knight, IRMCert

Risk Management Specialist, Exxaro Solutions, South Africa
“IRM qualifications are an excellent way to ensure that you stay relevant and on top of
the changing risk management field. It has taught me so many things especially in the
areas where I do not see myself as an expert.”

Companies we've worked with include:

Find out more at:

www.theirm.org/qualifications
Resilience, risk and recovery
IRM Virtual Training
With over 30 years’ experience delivering
industry-leading training courses

Our face-to-face training courses have been temporarily suspended at our HQ in

London (and throughout the UK). We have adapted a lot of our training courses to
take place online as virtual classrooms in response to the global pandemic.
We continue to deliver professional, interactive and practical training courses in these
uncertain and testing times, there’s never been a better time to remain current and
competent and aid the economic recovery of your business.

Virtual training courses include:

> Choosing and Using Key Risk Indicators > Risk in the Boardroom
> Embedding Risk Management > Risk Management for a Digital Future
> Fundamentals of Risk Management > Risk Reporting
> Practical Risk Appetite & Risk Tolerance > Managing Third Party and Supply
> Risk Essentials Masterclass Chain Risk Management
> Risk Culture
e-Learning courses include:
> Enterprise Risk and Resilience > Fundamentals in Quantitative Risk
> Resilience Masterclass Management and Business Simulations

Benefits of IRM training:

CPD
Practical & Industry expert CPD &
interactive training trainers accreditation

Find out more at:

www.theirm.org/training-mag
 Institute of Risk Management
Institute
2nd Floor,ofSackville
Risk Management
House
2nd Floor, Sackville House
143–149 Fenchurch Street
143–149
London Fenchurch Street
London
EC3M 6BN
EC3M 6BN
www.theirm.org
www.theirm.org

Developing risk professionals

Developing risk professionals