Risk Management is a relatively new field of professional practice yet locally and globally, there is a major shift by regulators to entrench high risk management standards and which have become a core reporting requirement by management as well as a key responsibility of the Board of directors in the private sector and government.
According to Dorothy Maseke, chairperson of the Institute of Risk Management in East Africa (IRM EA), Kenya’s public sector is for instance, guided by the Mwongozo Corporate Governance Code which sets out its compliance parameters.
“Threats and opportunities have been a standard in every organization’s overall strategy for several decades, but now for the first time in corporate governance history, this is now firmly set in the risk manager’s scope of work and are monitored daily,” she explained.
But with the East African region facing a huge deficit of qualified risk managers and local public and private organizations needing critical hand-holding to ensure risks and opportunities within organizations are effectively identified and managed, there is a renewed urgency to get more locals trained and certified. Kenya, she noted particularly, needs 1,000 qualified risk management professionals annually, yet over the last three years, the population has grown from just under twenty to about 120 today.
This is part of the agenda that IRM EA and Serianu will be driving in a new partnership announced July in which the two institutions will collaborate to research and develop locally nuanced templates and tools to help mine necessary data and develop cyber risk quantification reports to guide managers and directors. In addition, their partnership will cover training, community out-reach and policy design across the African continent.
Serianu is a pan African cyber security consulting firm while the Institute of Risk Management is the East African regional arm of the global certification body for risk management professionals, the IRM UK.
“Our strategic partnership with Serianu is designed to empower risk management professionals with home grown cyber risk tools that will for the first time be designed within the context of our African environment. This is a clear departure from a situation where we would borrow tools developed for European, American and Asian organizations and try to shape them to fit our unique circumstances,” said Maseke.
Risk management, she added, had emerged as a new specialty career to respond to evolving business, and public sector operating environments have shone a spotlight on their governance mechanisms. Risk managers are increasingly credited with identifying great opportunities for innovation even as it seeks out issues that would derail any organization from achieving its goals at any one time. Ms. Maseke noted that this way, organizations are also able to clearly assess and derive benefits of investing in their systems and processes.
Carol Misiko, the IRM EA secretary added that today’s risk managers need to understand cyber risk even though it is handled primarily by the IT teams.
Speaking during the MOU signing ceremony, Serianu chief executive officer William Makatiani said that the two institutions have a common interest in growing the knowledge of boards of directors and senior management so that they have a strong grasp on emerging events and issues that may affect their organizations.
“We are collaborating with the IRM EA to provide directors and managers with tools and methods that empower them to have a better grasp of cyber risks and opportunities they can exploit,” he said. He noted that generally, especially in the public sector, the degree of compliance is still quite low and that many highly regulated private sector organizations were yet to get to cross the 50% mark.