In a recent OCEG webinar, Origami Risk was joined by Allen Gershenson, Vice President of Ethics and Compliance at McCarthy Building Companies, Inc. to explore the evolution of the risk professional's role.
A Modern Risk Professional – Defined
Traditionally, risk professionals have focused on defining, tracking, and measuring enterprise risk, primarily responding to challenges as they emerge. Their efforts have often centered around reporting on the top risks, their likelihood, and their potential impact.
However, today's modern risk professionals are redefining this role. They still measure and track risks, but they also dig deeper — considering additional factors such as risk velocity and other critical metrics. Beyond simply reacting to risks as they materialize, modern risk professionals proactively identify emerging risks, helping their organizations mitigate them before they escalate into full-blown crises. By asking forward-thinking questions like:
- How could this affect our organization?
- What does leadership need to know to respond strategically?
The modern risk professional enables a more resilient, well-prepared organization that can navigate challenges with confidence.
In the webinar, Allen compared this transformation to McCarthy’s journey. “Compliance needed to go from being the ‘cops’ coming in to find problems to being teachers — helping to make compliance and risk personal for every employee.”
Novel Risks – The Driving Force Behind This Change
The driving force behind the transformation of the modern risk professional is the emergence of novel risks. These risks have made it clear that traditional approaches are no longer sufficient. Novel risks, as defined by ISO 31050, can be broken down into two key categories: new risks and transformative risks.
New Risks
New risks refer to threats that were previously unknown or not considered "emerging" but have quickly surfaced as significant concerns. For example, artificial intelligence (AI) is a brand-new technology being adopted at an incredible pace, yet existing IT policies may struggle to manage its unique challenges.
The innovation group at McCarthy was quick to respond to the brand-new AI tech when ChatGPT was released. Allen shared, “our innovation group took ChatGPT, looked at it, and created a policy around its use. Now they are looking for ways it can help us streamline and scale.” This example serves as a reminder that the role of risk management isn’t always to tell us what is dangerous and what not to do, but to also look for ways to positively impact operations while managing risks.
Transformative Risks
On the other hand, transformative risks are long-standing risks that have evolved to become increasingly complex and difficult to manage. Climate change exemplifies this type of risk. It has always been a concern, but recent events like Hurricane Otis, which hit Acapulco, Mexico, with unprecedented speed and severity, highlight the growing difficulty in managing climate-related risks.
When talking about transformative risks, Allen pointed to the upcoming election in the United States, stating that “we’ve always had to prepare for geopolitical swings with each election cycle, but the swing has never been this wide.” He went on to discuss the dramatic differences in policy that could be seen depending on which candidates are elected.
These types of novel risks are pushing organizations to rethink their risk management strategies, making proactive and forward-looking risk management essential in today’s volatile environment.
The Transformative Journey of the Modern Risk Professional
The transformation of the modern risk professional can be seen as an ongoing journey, with four key steps marking progress along the way.
- Traditional Approach is where most organizations begin — with a dedicated risk management program and team, primarily focused on measuring and reporting
- Looking for Opportunities is where risk teams start identifying key areas for early intervention and proactive risk management
- Connected to Leaders ensures there are clear communication channels with leadership so that key risks are understood and addressed strategically
- Plans in Place indicates proactive strategies have been implemented to address many of the organization's significant risks before they escalate
While we broke the journey down to these four steps, the transformation from traditional to modern risk professional is not a linear process with a definite endpoint. There is no wrong place to start, as the risk professional’s role will continuously evolve to meet new challenges.
Allen shared that McCarthy is still on their own transformation journey. Today they’re focused on strengthening an integrated risk management approach. “It’s not about the ‘me’ — it’s about the ‘we,’” Allen points out, “if we’re all doing something similar, we should just be doing it together.”
Key Takeaways
The role of risk professionals is undergoing a significant transformation. Novel risks, such as emerging technologies and evolving environmental challenges, are driving the need for a more proactive approach to risk management. To effectively mitigate these risks, modern risk professionals must not only identify and manage potential threats but also position themselves as key resources within their organizations. By driving risk-aware decision-making and strategic planning, they can help ensure their organizations are prepared for whatever comes next.
If you're interested in viewing a recording of the webinar, please visit our on demand library. And if you're ready to learn more about the modern risk professional, here are a few great resources: