Leeanne Barnes is a seasoned professional with over 20 years of expertise in strategic risk management. She excels at developing agile risk management programs prioritizing transparency and data-driven decision-making. Barnes is well versed in Sarbanes Oxley and internal controls, compliance, information security, business continuity, disaster recovery, and product development among others.
In an exclusive interview with Financial Services Review Canada, Barnes shared her valuable insights on the challenges, trends and best practices in the risk management space.
Please describe your journey within the risk management space and the roles and responsibilities you hold in your current organization.
I began my career in risk management by working at Deloitte in risk consulting and regulatory services. Later on at Tangerine, a financial institution, I gained valuable experience in various non-financial risk-related roles such as Head of Operational Risk, Head of Information Security, Fraud Management, and Business Continuity. Following that, I spent seven years at the Ontario Teachers' Pension Plan, where I headed Enterprise Risk Management and worked on initiatives such as risk appetite, strategy alignment, and environmental, social, and governance considerations. Throughout my professional journey, I have had the opportunity to take on operational responsibilities, which has allowed me to strike a balance between business and risk perspectives.
“Cultivating a culture that encourages learning is optimal for a risk-focused organization, empowering individuals to proactively uncover invaluable lessons and boundless possibilities”
I am currently the Senior Vice President Enterprise & Operational Risk Management at Omers, a Canadian pension plan with over 500,000 members. My primary responsibility is to provide an objective assessment of the organization's critical risks while working with the business to drive change.
In your opinion, what are some of the challenges associated with implementing an effective risk management strategy, and how do you mitigate them?
We strive to change the perception of risk management as a hindrance and transform it into a proactive driver, enabling the business to progress swiftly while effectively identifying and addressing potential risks and opportunities. It is crucial to ensure a clear understanding of the risk management's role and mandate in an organization through open communication and emphasizing the value proposition of risk rather than seeing it as a barrier.
People are the most valuable asset within risk functions, and assembling the right team is the key to success. By fostering a strategic, thought-leading, and data-driven approach focused on opportunities, we can reshape the perception of risk management and position it as a trusted approach to the business.
What are the factors that play a key role in enhancing the risk analysis and assessment capabilities of businesses?
Executing effective risk management strategies is easier said than done. Factors such as geopolitical considerations, climate change, and advances in artificial intelligence and machine learning have made risk identification essential. A valuable aspect of the risk function is its ability to gather information across organizations and external sources, enabling the identification of significant crossfunctional opportunities that can benefit businesses. Risk teams have the advantage to gain insights across multiple organizations, enabling them to offer a comprehensive perspective.
In my twenty years of experience in senior risk roles, I have witnessed the growing importance of both internal and external prospects on people, processes, and technology. It is essential to monitor key trends and emerging risks not only from a business continuity standpoint but also for a wider strategic outlook and identifying opportunities. By developing emerging risk scenarios and assessing their potential impacts, risk teams assist organizations in adopting a proactive management approach. Collaboration, trusted partnerships, effective communication, and anticipating future challenges are crucial elements for successful risk analysis and assessment.
What measures do you take to minimize the impact of cognitive technologies, artificial intelligence (AI), and data analytics on risk management?
AI and Machine Learning (ML) present tremendous opportunities for organizations, but they also come with inherent risks. Several critical factors must be taken into account, encompassing privacy, data governance, and cyber security. My approach is centered on establishing frameworks and governance for new and emerging technologies. This includes developing robust models and model governance strategies, as well as creating dedicated forums such as working groups or committees. It’s a platform for key business partners to gather and discuss the potential advantages and disadvantages of these emerging technologies, while effectively navigating the challenges and leveraging their benefits.
Could you share some of your past experiences that have equipped you to effectively engage in strategic risk management, develop agile programs, and facilitate transparent, data-driven decisionmaking?
At my previous organization, we emphasized the importance of aligning risk and strategy, recognizing the mutual impact they have on each other. Risk management excels at scanning both internal and external environments, providing valuable insights to the strategy team. Similarly, changes in strategy can introduce new enterprise risks that require consideration, monitoring, management, and reporting. This necessitates assessing the capabilities in place or identifying areas where additional resources are needed.
A significant focus of mine has been driving data-driven insights in non-financial risk management. While investment risk is typically quantitative, operational risk tends to be more qualitative. However, I have strived to integrate data more effectively into the non-financial risk landscape. By articulating risk appetite through qualitative statements and utilizing quantitative metrics like Key Risk Indicators (KRIs) with defined tolerances, we can provide business leaders with priorities and resource requirements.
Integrating risk priorities into budgeting and resource allocation becomes a crucial input for strategy-setting and decision-making. Additionally, an agile approach is essential for risk teams. Establishing appropriate forums for discussion, such as operations committees or enterprise risk committees, plays a vital role in facilitating effective risk management.
In the coming years, how do you envision the risk management arena evolving?
In today’s rapidly evolving landscape, the increasing availability and utilization of data plays a crucial role in driving organizational improvement. Data analytics is vital as access to both internal and external data expands. This transformation necessitates a change in the roles of individuals, shifting their focus to make informed, data-driven decisions. While this transition towards an insightdriven approach is undeniably exciting, it also introduces new risks and challenges that organizations must navigate.
The impact of technology and processes within organizations is increasing as they become more technologically savvy. Factors such as cyber risks, geopolitical risks, and climate change pose ongoing challenges. This shift not only requires a different skill set but also demands a reassessment of the types of individuals and roles necessary within the organization. Organizations must adapt quickly and in an agile manner, ensuring alignment with their strategies, objectives, and vision, while ensuring that the right data reaches the right individuals to effective decision-making. This is where risk management plays a critical role, as it is ideally positioned to understand the perspective of the organization and works closely with various divisions and business units. This collaboration and partnership have the potential to yield powerful results.
What advice would you give budding professionals in the risk management industry?
The advice I would offer is to confidently express your opinions, maintain a receptive attitude towards listening and learning, and demonstrate adaptability as you progress. Risk management encompasses various intriguing facets, particularly within the evershifting technology landscape, making it essential to have subject matter experts involved in discussions. It is critical to distinguish between risk functions and business functions, including information technology. Establishing interaction frameworks supports efficiency and effectiveness, ensures the right individuals participate in discussions, and clarifies decision-making authority.
In addition, embrace the concept of failing fast and prioritize learning and seizing opportunities. For a risk-focused organization, cultivating a learning culture that empowers individuals to actively identify lessons and opportunities is crucial. This approach enhances risk consciousness and fosters a culture of continuous learning.
