The East African region is facing a huge deficit of qualified risk managers and local public and private organizations need critical hand-holding to ensure risks and opportunities within organisations are effectively identified and managed. The IRM EA Regional Group, a member body of the IRM UK, and Serianu Ltd, have resolved to work together. This is in a bid to develop a fundamental home grown cyber risk management framework for the African context which aims to increase the number of competent risk professionals as well as enhance excellence in cyber risk management and reporting.
Serianu is a pan African cyber security consulting firm while the Institute of Risk Management is the East African regional arm of the global certification body for risk management professionals, the IRM UK. The two organizations signed a memorandum of understanding that will amongst others see them collaborating on research, training, community out-reach and policy design.
According to Dorothy Maseke, the Chairperson of the IRM EA Regional Group, Kenya especially needs 1,000 qualified risk management professionals annually, yet over the last three years, the population has grown from just under twenty to about 120 today.
“Risk Management is relatively new field of professional practice yet locally and globally, there is a major shift by regulators to entrench high risk management standards and which has now become a core reporting requirement by management as well as a key responsibility of the Board of directors. For instance, Kenya’s public sector is guided by the Mwongozo Corporate Governance Code which sets out compliance parameters,” explained Ms. Maseke.
She added that risk management had emerged as a new specialty career, as a result of changing business and public sector operating environments that have shone a spotlight on their governance mechanisms. At the same time, the practice is increasingly credited with identifying great opportunities for innovation even as it seeks out issues that would derail any organization from achieving its goals at any one time. Threats and opportunities have been a standard in every organization’s overall strategy for several decades, but now for the first time in corporate governance history, this is now firmly set in the risk manager’s scope of work and are monitored daily. Ms. Maseke noted that this way, organizations are also able to clearly assess and derive benefits of investing in their systems and processes.
Carol Misiko, the group secretary added that cyber risk is no longer a back-office IT team issue although they clearly play a vital role. She noted that today’s enterprise risk management function needs to be able to understand this constantly evolving risk but also manage, monitor and report on this emerging risk.
Speaking during the MoU signing ceremony, Serianu CEO William Makatiani said that the two institutions have a common interest in growing the knowledge of boards of directors and senior management so that they have a strong grasp on emerging events and issues that may affect their organizations.
“We are collaborating with the Institute of Risk Management to give directors and managers tools and methods that empower them to have a better grasp of cyber risks and opportunities they can exploit,” said Makatiani. He noted that generally, especially in the public sector, the degree of compliance is still quite low and that many highly regulated private sector organizations were yet to get to cross the 50 per cent mark.