The risk management function is undergoing a fundamental transformation spurred by the coronavirus pandemic
Once viewed as a back-office function that rarely got the attention of the C-suite, risk teams are now sitting at the strategy table with other senior leaders.
From the centre of the corporate spotlight, risk professionals have the platform to drive change. This is your opportunity to reinvent the business of managing risk, strengthen enterprise defenses, and increase operational resiliency. The changes you advocate for now will pay off when the next crisis arises.
Here are three ways to take advantage of your time in the spotlight to transform your risk management function to be smarter, more agile, and more strategic.
1. Take an analytical deep dive into current risk frameworks and procedures.
The first step in transforming your risk function is to identify where you can improve. The pandemic provided risk professionals with critical, real-life insight into how current processes held up in mission-critical situations. What parts of your crisis management plan worked well and what areas were lacking? Was critical information missing that could have enabled you to act faster or smarter? Are there data, systems, or processes that could have helped you make more confident decisions?
Half of all organisations were unprepared for the COVID-19 pandemic with updated crisis management plans. And 52% said their data resides in multiple sources and needed to be pulled together manually.
Apply these lessons now to improve risk management processes, invest in technology, and boost overall readiness for future risk. Don’t wait for the next event to hit.
Like a trained boxer, organisations need the ability to absorb shocks from every direction – and quickly bounce back from the hits they don’t see coming. Take an honest look at your current performance to identify weaknesses. Then get back to the training and work hard to strengthen those weaknesses before the next round.
2. Never stop preparing for future surprises.
While it is impossible to plan for every eventuality, you can prepare using potential crisis scenarios. Think outside of the box when it comes to identifying various threats and develop plans for multiple situations, even those that don’t seem feasible.
Take COVID-19: 35% of organisations said a pandemic or similar global crisis risk event wasn’t on their radar of potential threats. If there’s one lesson organisations everywhere learned in 2020, it was to expect the unexpected. Anything can happen at any time – which is why it’s important to prepare for even what may seem like the wildest of situations.
But don’t focus solely on the outcome – also pay attention to risk drivers. What are the forces behind the potential event and its multifaceted consequences? How do they affect your business? And how can you get in front of them?
Success takes more than simply creating a plan – it also requires practice. Model your scenarios, simulate the experience, see how your systems hold up, and then refine your approach. The road to resilience is not a straight route. It can have twists and turns, requiring a continuous cycle of assessing, testing, adjusting, and reassessing – all to help you increase your agility to quickly pivot away from the most devastating effects.
3. Do away with spreadsheets.
Keeping track of risk data in spreadsheets has never been ideal. In the global health crisis, it proved to be downright devastating. Organisations that relied on manual approaches to risk management simply couldn’t keep up with the size, scope, and pace at which this crisis evolved. Systemic risk events require immediate access to risk intelligence for a fast, smart response.
There is also the element of human error: Spreadsheets, especially formula cells, often contain errors. And with the sheer volume of data that teams work with today, mistakes can easily slip in. Formatting inconsistencies and poor version control can also lead to slow and inaccurate reporting. You can’t make the best business decisions if you’re relying on outdated or incomplete data. You’re already a beat behind before you even open the spreadsheet.
Developing a complete view of your risks, how they interrelate, and the potential impact on the organisation is essential for building resiliency. With the right technology, all risk data – including both insurable and noninsurable risks – is consolidated into one place so risk managers and other stakeholders can easily analyse the data, share information, and collaborate on solutions.
If you lack the right technology to give you that integrated view, be confident in requesting the budget. With a growing focus on the risk function and a clear business case for integrated risk management technology, the value is hard to ignore.
A bright year for risk managers
COVID-19 changed the way organisations view risk management. This is exactly the right moment for risk professionals to push for a digital transformation of the risk function. The frequency and severity of disruptive risk events are undeniably increasing. How risk teams position themselves now will determine their ability to respond to future events with resiliency.
With the right processes, procedures, and tools, you will have the power to confidently lead your organisation through a crisis and successfully dodge the unpredictable punches that are sure to come.
About the author
Jim Wetekamp is the CEO of Riskonnect and a recognised expert on enterprise risk, supply chain, and third-party risk management.