The East African region facing a huge deficit of qualified risk managers and local public and private organizations needing critical hand-holding to ensure risks and opportunities within organisations are effectively identified and managed, the IRM EA Regional Group, a member body of the IRM UK, and Serianu Ltd, have resolved to work together. This is in a bid to develop a fundamental home grown cyber risk management framework for the African context which aims to increase the number of competent risk professionals as well as enhance excellence in cyber risk management and reporting.

Serianu is a pan African cyber security consulting firm while the Institute of Risk Management is the East African regional arm of the global certification body for risk management professionals, the IRM UK. The two organizations signed a memorandum of understanding that will amongst others see them collaborating on research, training, community out-reach and policy design.

Dorothy Maseke, the Chairperson of the IRM EA Regional Group, observes that Kenya especially needs 1,000 qualified risk management professionals annually. However, over the last three years, the population has grown from just under twenty to about 120 today.

“Risk Management is relatively new field of professional practice yet locally and globally, there is a major shift by regulators to entrench high risk management standards and which has now become a core reporting requirement by management as well as a key responsibility of the Board of directors. For instance, Kenya’s public sector is guided by the Mwongozo Corporate Governance Code which sets out compliance parameters,” explains Ms. Maseke.

Ms Maseke adds that risk management has emerged as a new specialty career, as a result of changing business and public sector operating environments that have shone a spotlight on their governance mechanisms. At the same time, the practice is increasingly credited with identifying great opportunities for innovation even as it seeks out issues that would derail any organization from achieving its goals at any one time. Threats and opportunities have been a standard in every organization’s overall strategy for several decades, but now for the first time in corporate governance history, this is now firmly set in the risk manager’s scope of work and are monitored daily. Ms. Maseke notes that this way, organizations are also able to clearly assess and derive benefits of investing in their systems and processes.

Carol Misiko, the group secretary adds that cyber risk is no longer a back-office IT team issue although they clearly play a vital role.  She notes that today's enterprise risk management function needs to be able to understand this constantly evolving risk but also manage, monitor and report on this emerging risk.

According to Serianu Chief Executive Officer William Makatiani, the two institutions have a common interest in growing the knowledge of boards of directors and senior management so that they have a strong grasp on emerging events and issues that may affect their organizations.

“We are collaborating with the Institute of Risk Management to give directors and managers tools and methods that empower them to have a better grasp of cyber risks and opportunities they can exploit,” Makatiani says. He notes that generally, especially in the public sector, the degree of compliance is still quite low and that many highly regulated private sector organizations were yet to get to cross the 50 per cent mark.

Courtesy:Institute of Risk Management East Africa Regional Group