IERP® Monthly Newsletter Issue 3/ August 2018 | Page 8

Dr. Anthony Dass of Ambank Research concurred that we are witnessing an increasing prevalence of security risks. This is concerning for Malaysia, where, in his view, businesses run the risk of being quite complacent.

As technology reconfigures the structures of how business is conducted, there is also room for sociocultural mores to change as well. For SMEs in Malaysia, for example, there still exists the practice of having to pay ‘protection money’ to illicit third parties in order to ensure smooth operations. In this digital landscape, how will old practices fare?

The US is worried about Made in China 2025 initiative. With the push of automation and Deep Learning, China won’t need to offshore their production in the future.

In Dass’ view, it’s not all doom and gloom with emerging risks, but states and businesses need to lay down the groundwork to keep up with the pace of change. In the 70s, Malaysia used to benchmark with South Korea. Now, Malaysia is starting to compete with Myanmar, which has become a fast-developing economic hub.

In the 80s, globalization was talked about as myth, and now, it’s a fact of business. In 20 years, where will we be? Will Africa or Eastern Europe emerge as bigger players? For the panellists, most of the world has yet to recognise the extent of the emerging risks, and it’s critical to do so in order to identify the full range of vulnerabilities you face.

subsidiaries.

When he joined KPS last May, one of his initial priorities was to realign their risk management frameworks and processes with ISO standards in order to improve their efficiency. He also wanted to make things more practical and easier to understand—a necessary step that would help to establish a common risk language at all levels of staff and management.

That common risk language is essential to resolve the two common challenges he has encountered throughout his risk management career: convincing top management of the benefits of risk management, and amending corporate culture to be more risk-aware. He notes that, in his experience, providing structured, practical training to all levels of staff has proved vital for developing risk culture in an organisation.

But the difficulty in changing corporate culture towards risk awareness is that it requires changing perceptions at the top levels of an organisation. Mr. Shahari observes that some people think risk management is a waste of time and money: “They don’t see the need for risk management and Business Continuity Management until something happens.” He tells of a past experience where a risk that had been identified on a risk register actualised and became a crisis. But because the company he worked for at the time lacked the proper processes for BCM, “it became a fire-fighting situation.” He views BCM as an essential component of ERM: “There are [negative] risks you can’t mitigate, but still, even then, you have to minimise its [possible] impact.”

It’s telling that the most common challenges he’s faced involve the management of people. Though Mr. Shahari states early on that he has to be impartial when it comes to risk management—so much of risk management has to do with doling out hard truths—he recognises the need for, in his own words, “a personal touch.” He recalls a time he was kicked out of a meeting by a boss for pushing for an unwanted plan, only for the plan to be approved two weeks later after a productive chat with the boss in the Surau. Creating structures and processes is one thing, but convincing the relevant decision-makers of the strategic necessity of certain steps to be taken is another. “Risk management is an art, not a science,” he says.

Recognising that managing risk is also about managing business in general, he hopes to establish a more forward-thinking ERM approach at KPS, without an over-reliance on analytics. KPS, which has engaged in regular corporate exercises over the past few years and is geared towards further growth, currently seems to be an appropriate company for Mr Shahari to utilise this approach.

Whereas in FGV his job scope was more focused, the diversified assets of KPS—in manufacturing, trading, licensing, infrastructure and utility, oil and gas, and telecommunications—make his responsibilities all the more varied and difficult. “I would say that’s my top challenge here: keeping abreast of the diverse industries, and also keeping abreast of the factors affecting each industry and business.” At the same time, he credits KPS Management and the Board Risk Committee for their support in ensuring good risk governance is applied throughout his tenure.

But Mr. Shahari seems to be taking it all in stride: “Job knowledge is job satisfaction,” he states. That is, being informed at all times allows him to not only be an effective risk manager, but also to make the most of his job. He emphasized that a risk manager can’t just look to internal factors in an organisation; they also have to look to the external: market volatility, geopolitical risks, and so on.

7 The IERP® Monthly Newsletter August 2018