By Monicah Mwangi
Q&A –On Risk Management- Gilbert Mwalili
Gilbert Mwalili, a risk Management expert is the Managing Director, of Protecht Africa, a risk management institution which will be hosting a two day seminar in Nairobi. The seminar which they have called RiskAfrica 2011, will be held on the 22nd and 23rd of this month with a theme ‘Promoting Integrity & Performance through Risk Management’ and participants will be paying Ksh80, 000 per head’. According to Gilbert, about 20 people from different institutions in the country have confirmed to attendance. Gilbert came back to the country last year after being in Australia for 10 years where he worked as a Risk Expert with Moore Stephenes and Protecht Australia, some of the leading International Firms in Risk Management Consultancy.
Risk is the effect that uncertainty raises on our objectives. We may want to increase profits by 5% , increase market share by 10% or increase service levels to all new counties, these are our objectives. Nevertheless, we have uncertainties such as fraudulent employees, failure of internal systems (both IT & internal processes), insecurity, sick staff, the current power rationing, new markets such as South Sudan coming up and even fiber optic internet. All these would have a direct impact on our objectives but creating uncertainty on the level that we can achieve our objectives.
Risk management is therefore the ongoing process we implement in an organization of whatever nature and size to ensure that the Board and all staff in the organization identifies all uncertainties affecting their objectives within the organization and providing assurance that these uncertainties are managed to be within the expectations of the Board and all other management.
What is your background as a risk expert and experience?
For ten years since 2000, I worked with Moore Stephens and Protecht Australia , sone of the leading international firms in Risk Management consultancy. Australia is the world leader in Risk Management with the recent ISO 31000 Risk management standard having adopted the Australian version AS/NZS 4360:2004 Risk management standard, over the well known COSO framework. Further evidence of the robust practices was during the recent Global Financial Crisis where most Australian institutions using this methodology had identified the sub-prime mortgage loans as a high risk investment and disposed the bulk of it hence the impact was not as large compared to the world’s leading economies. No wonder the Australian dollar is now stronger than US dollar notwithstanding other factors that would contribute to this.
What have you brought into the country since you came back last year?
As a consultant, I have provided Risk advisory, Risk training and Risk software implementation services to large institutions in Australia in various industries such as Banks, Insurance companies, Government institutions, Universities, Credit Unions, Building Societies, Manufacturing firms etc. I want to bring all the above to our country. For the short time i have been here, I have been invited to speak in public forums and conferences such as ICPAK, IEK and my plan is to bring all this in Kenya where risk management training is needed the most.
What is your ambition?
My ambition is to champion risk management and guide institutions to implement risk management the right way especially here in Kenya where most companies expose their information which is a great risk.
What are some of the most important types of early risks that a new business should address?
One of the biggest asset on a company’s balance sheet, no matters its size, are its employees. So it makes sense to manage risks associated with workers, including recruitment, retention and growth. I am convinced that the underlying cause of virtually every loss is human error somewhere within the system. Unfortunately, most which can be laid right at the feet of management.
However, the biggest risk facing starters are financial and strategic risks. No question the biggest is financial: liquidity. Where is the money coming from to keep the lights on, pay staff and invest in market penetration and growth. Many businesses, small or large will need to be aware of and practice strategic risk management considering all the three levels namely strategic decision risk, execution risk and delivered risk.
What are some commonly overlooked risks that small business owners should be made aware of?
Possibly the biggest overlooked risk involves the Internet, electronic data and social media. Even the smallest of businesses have websites, twitter feeds and blogs these days. Do they have a policy to control who manages that content and how it’s done? Do they have policies for how employees can use personal digital devices and communication tools (email, SMS, twitter, facebook, etc.) at work, and for how employees can use company devices?
You will be amazed when you visit a cyber café in town and find very sensitive information of large organizations in Kenya. I was surprised to find detailed strategic plan and financial forecasts of a very large higher education institution in Kenya in a cyber downloads folder. This information could be very detrimental in the hands of a competitor in the current competitive environment.
Reputation is a big one. It is every company’s most valuable asset! They need to ask themselves what is my company killer? Any company that looses the confidence of the market is dead! Another that is commonly overlooked is systemic/dependency risk. How much are we relying on others to manufacture our product, subcontract part of our service, or deliver the inputs we need to sell our products. Systemic risk takes various forms and business owners need to be aware of effect of failures of others to their own businesses and choose the ‘right partners to go to bed with’.
Other than insurance, what are some simple steps business owners can take to reduce risk and liability?
The first step in risk management isn’t necessarily buying insurance to protect you if a loss occurs but preventing that loss in the first place or at least minimizing the size of it. It’s called self-insurance.
For instance, statistics have it that wellness and disease management programs, as part of an overall health care benefits program, actually can have significant return on investment by helping employees avoid costly bills from doctors, either by keeping employees healthy or helping them to manage existing conditions like heart disease or diabetes.
Tell us about the upcoming RiskAfrica seminar 2011..
Change in this economy will not take place by luck. You can talk of implementing the hundreds of management information systems (balanced score card, quality management systems, performance contracting, KPI’s, anti-corruption programs etc) that our managers have been bombarded with but no hard results are being realized. This country needs visionary leaders, from government to small business enterprises who are able to focus on the front screen of a car i.e. the future and not focusing on side-mirrors i.e. fire-fighting or what I refer to as Issues management. There is great need to host public seminars of this nature so as to make millions aware of what Risk, Governance and Compliance entails and how this can be used to build a new Kenya.
To differentiate the seminar from many others held in Kenya, we have a series of masterclasses where participants gain an in-depth of chosen topics from a practical perspective. These were considered as hot topics after discussions with various experts in the country such as Security risk management, fraud risk management and practical tools for implementing Enterprise-wide Risk Management (ERM).
Formalize Risk Management right from the start. It doesn’t have to be fancy or perfect, but considering all of the risks and planning for how they will be mitigated will help reduce risk related costs such as insurance premiums, claims deductibles, and down time, and help make the business more profitable. It will also help to ensure the longevity of the company as good risk management protects the reputation of the company and helps it plan for contingencies.