The Risk Revolution: why we need to revolutionize our approach

When we think about industrial revolution, one of the fundamental components is a notion of a period of rapid, highly disruptive change, designed to transform – for better or worse.

I think the fourth industrial revolution is well and truly underway, further fast-forwarded this year in the face of a global pandemic. The possibilities of failures and unknowns have morphed in nature, both as it relates to technology and humans. It is no wonder then, that the traditional view of risk management has been put under the spotlight, its capabilities thrown into question. Attitudes have changed, so have business models. It’s time that the underpinning technology and practices also drives forward and adapts, otherwise it cannot possibly maintain pace with the transformative challenges seen within our industry.  

Today’s operating model 

New capabilities have enabled automation at speed, replacing repetitive manual processes and even augmenting humans in decision-making and judgement calls. This adaptive autonomy is transforming enterprise, but there are acute growing pains felt at the boundary between human and machine: the pain of visibility, behaviour, and orchestration. In order to build resilience into service delivery, we need to take a close look at how the human and machine relationship works at enterprise level. 

The new operating landscape comprises interconnected applications, distributed operations, multiple locations, multiple enterprises (third party providers), and an equally dispersed set of human interfaces. It is a huge step-change for many organisations, who, for decades, have operated with monolithic legacy systems and on-premise teams. Today’s operating environment brings a myriad of process linkages, handoffs, and activity pathways, that heighten the risk of enterprise mishap and failure, and that’s before you even bring externalities like the pandemic into the mix. 

We need a risk revolution

Existing risk management practices are no longer sufficient. Simple tinkering with risk and control assessments and promoting the 3 lines of defence model will not deliver the resilience outcomes that we need to prevent the failures and blow-ups of the past. We need to revolutionise risk management practices and risk culture as a counterpart to the commercial revolution we’re seeing, but the question is, where should we begin?

Responding to a problem, not reacting to failure 

As a starting point, we have to add observability to every critical service and its underlying processes, augmenting human expertise and experience with machine-led capabilities. Better visibility is essential to enable a predictive view of what may fail, and a more responsive approach to managing risk as a result. This is a game-changer for risk management, the ability to respond to a problem, and address it before it becomes a failure. The reputational and financial cost of these failures has never been higher, the next wave of failures and mishaps (as seen in the recent past) simply will not be tolerated by stakeholders. This means we cannot just maintain the status quo; outcomes need to be better; our organisations need to be more resilient. Simply put, organisations are not well managed if they lack an effective strategy for operational resilience for their critical services, and you can’t have an effective strategy without observability and responsiveness.

How do we build responsiveness into organisational DNA? 

One way is to learn from other industries, adopting successful practices that have delivered responsiveness. For example, take aviation, where intelligent monitoring systems, that combine operating data and analytics, predict component failure ahead of time, rather than relying on ad-hoc and point-in-time inspections.

Using the tools at our disposal, like machine learning, and the pooling of micro-operating data, we can gain real-time insights on how any given critical service risk profile is trending one day to the next. That way, we can build a responsive set of actions that anticipate and act to prevent failure. This is an entirely dynamic form of risk management, that is embedded within day to day operations; not as an afterthought or bolt-on task. 

Stay the same, at our peril

You can’t have a revolution without a vision, that’s for certain. But you also can’t have a risk revolution without innovation. We need to ensure that we can make sense of our complex technology landscape and understand how work and activities are orchestrated end to end. Central to this is ensuring that we make critical end-to-end processes observable and actionable so that we can respond to an issue, rather than reacting to a failure. In Aviation, no one wants failure, it doesn’t matter if it’s not their airline, failure harms the industry as a whole. Financial Services need to take the same approach, with a collective responsibility to improve risk management practice, in order to build back the trust and reputation of the industry.  

When facing a revolution, you cannot respond with evolution. Iterative changes to risk management are not sufficient, we do not have the time. The industry and its occupants need to be fast and brave in their reimagining of emerging technologies to safeguard these critical business processes. If as an industry we fail to embrace this revolution of risk management, we do as at our peril, failure will surely follow and forgiveness will be in short supply.  

About the Authors

Mark Cooke is Group General Manager at HSBC. Mark is currently a HSBC Group General Manager, most recently as the Group Head of Operational Risk. He has also held a number of senior Risk leadership roles prior to HSBC, both as Divisional CRO and in Business risk roles in other major European Institutions. He is a Senior Industry Advisor and Former Chairman of ORX, the Industry association for Operational Risk Management and a Board Trustee for the Royal Hospital for Neuro-disability. The views expressed are his own and do not reflect the views of any entity present or past that he is affiliated with.”

Ky Nichol is CEO, Cutover. Ky Nichol is CEO and Founder of Cutover (, the leader in Work Orchestration and Observability, enabling teams to plan, orchestrate, and analyze complex work faster, smarter, and with greater visibility. The Cutover platform, developed with decades of experience in managing operational resilience, technology delivery and release, transformation, and business change initiatives, enables  organizations to move quickly with confidence.Trusted by leading global firms and institutions including Accenture, Barclays, and Deloitte, we are on a mission to enable greater business outcomes by orchestrating humans and  machine automation in a new model of working.

Featured image: ©kenishirotie