The Institute of Risk Management’s (IRM) East Africa Regional Group (a member body of the IRM in the UK) and Serianu Ltd have agreed to work together on addressing the huge deficit of qualified risk managers in the region coupled with local public and private sector organisations needing critical hand-holding to ensure risks and opportunities within organisations are effectively identified and managed.
The collaboration is bidding to develop a fundamental home-grown cyber risk management framework for the African context which aims to increase the number of competent risk professionals as well as enhance excellence in cyber risk management and reporting.
Serianu Ltd is a pan-African cyber security consulting firm. The business has signed a Memorandum of Understanding (MoU) with the IRM that will engender collaboration on research, training, community out-reach and policy design.
According to Dorothy Maseke, chair of the IRM’s East Africa Regional Group, Kenya especially needs 1,000 qualified risk management professionals annually, yet over the last three years the population has grown from just under 20 to around 120 today.
“Risk management is a relatively new field of professional practice yet, locally and globally, there’s a major shift by regulators to entrench high risk management standards,” explained Maseke. “Risk has become a core reporting requirement by management as well as a key responsibility of Boards of Directors. For instance, Kenya’s public sector is guided by the Mwongozo Corporate Governance Code which sets out compliance parameters.”
Maseke added that risk management had emerged as a new specialism as a result of changing business and public sector operating environments that have shone a spotlight on governance mechanisms. At the same time, the practice of risk management is increasingly credited with identifying great opportunities for innovation even as it seeks out issues that would derail any organisation from achieving its goals at any one time.
Threats and opportunities have been a standard in every organisation’s overall strategy for several decades, but now for the first time in corporate governance history, this is firmly set in the risk manager’s scope of work and monitored daily. Maseke noted that, in this way, organisations are also able to clearly assess and derive the benefits from investing in their systems and processes.
Carol Misiko, the East Africa Regional Group’s secretary, added that cyber risk is no longer a back-office IT team issue (although they clearly play a vital role). Misiko noted that today’s enterprise risk management function needs to be able to understand this constantly evolving risk, but also manage, monitor and report on this emerging risk.
Speaking during the MoU signing ceremony, Serianu Ltd’s CEO William Makatiani observed that the two institutions have a common interest in growing the knowledge of Boards of Directors and senior management so that they have a strong grasp on emerging events and issues that may affect their organisations.
“We’re collaborating with the Institute of Risk Management to give directors and managers tools and methods that empower them to have a better grasp of cyber risks and opportunities they can exploit,” stated Makatiani. He added that, generally – and especially so in the public sector – the degree of compliance is still quite low and that many highly regulated private sector organisations are yet to get to cross the 50% mark.