A View From Me on ’23: Julia Graham, CEO, AIRMIC


When flying, sometimes it’s unavoidable to travel through mild turbulence but if you are a nervous flier, take comfort that your pilot will be  looking for ways to find smoother air.

If turbulence is severe, pilots will adjust and quickly climb or descend to a smoother altitude. Pilots are trained and rehearsed to know what to do and if disaster does strike, how to respond in a crisis. Their airlines, in-flight teams, flight controllers and emergency services, know this.

This scenario has an analogy with navigating managing risk during challenging times. 

Humanity has always been faced with naturally occurring risks and man-made risks arising from business decisions and behaviours. The difference today is the intensity, velocity, and connectivity of risks is the norm.  The pandemic, climate change, events in Ukraine and the economic hit of rising interest rates and concurrent inflation, fueling a recession, have forced organisations to rethink how they keep up with the speed of new risks emerging, the profile of known risks changing, and how risk management and governance practices need to adapt.

Risk registers can transmit false signals

Few organisations expected recent transformational events to happen, even fewer spent time preparing for them. Despite regulatory requirements that state otherwise, executives and boards tend to focus on the immediate horizon to the exclusion of the longer term and consequently risks that are more likely regardless of their potential impact. When simplistic maths is applied to scales of likelihood and impact of risks, it becomes clear why risks low on one scale but high on another can slip down the risk severity league table. 

I might have raised a few gasps from audiences in 2022 when I used the image of a bonfire and  suggested a bonfire might be the best repository for static risk registers. Worse than having nothing, static risk registers can emit signals of false information and provide unreliable foundations and false confidence on which business decisions are then constructed and relied upon. 

Risk management must be dynamic with relevant and timely information to inform strategy.

Look backwards to look forwards

High inflation, high interest rates and recessions aren’t new – although for many managing risk today, this context might not have happened during their business experience. Organisations which thrived in past recession were typically prepared. Those which turned to a survival mode, made deep cuts, and reacted defensively tended to fare less well, and were less well prepared for better times and slower to recover. A symptom of planning for the immediate rather than the longer term. 

To support looking short, medium and long term, 2023 should be a year for learning from past experiences, and for upping the intensity of horizon scanning and scenario analysis. 

Know what’s coming over the hill and whether it’s a monster or an opportunity.

A year for providing better guidance on emerging risk management

One of the keys to an effective board is that it has a diversity of perspectives, based on a range of skills, knowledge, and experience. Many industry sectors will change fundamentally in the next few years and a large part of that will be driven by technology. 

Build resilience: give Purpose a health check

2023 should be a year when all organisations examine their Purpose. 

The objective of a repurposing journey is to reach clarity about why the organisation exists, which is distinct from its profit-making motive. Clarity of purpose will then inform the organisation’s brand, values and desired behaviours, and act as a focus for everything the organisation does. Purpose will help an organisation to set a clear North Star to guide them through turbulent times. 

Business communities, customers and employees, are increasingly electing to align themselves with organisations that have a clear purpose that prioritises social and environmental responsibility over profits, treat stakeholders well and promote a healthy workplace culture. 

The approach to ESG is increasingly seen as a differentiator when it comes to attracting and retaining talent.

Build resilience: invest in technology

Achieving resilience is challenging and requires significant board-level support but achieving and maintaining resilience and successful digital transformation is even more challenging. It’s easy to think of economic hard times as a time to play it safe.  

Build resilience: understand and stay close to stakeholders

Organisations must engage stakeholders in business process redesign, which should increase the chances of successfully retaining those stakeholders. This should embrace the supply chain and all outsourced relationships.

A year of building better governance

One of the keys to an effective board is that it has a diversity of perspectives, based on a range of skills, knowledge, and experience. Many industry sectors will change fundamentally in the next few years and a large part of that will be driven by technology. While the governance functions of monitoring, strategy and legitimacy remain valid, they need to be enhanced beyond the traditional approaches embracing all risks rather than just those most directors are familiar and comfortable with.