In the past three years, a whirlwind of overlapping disruptions including the COVID-19 pandemic, political tensions, climate-driven disasters, economic upheavals, and soaring inflation have challenged organizations worldwide. These events have exposed weaknesses in risk management systems, highlighting the need for improved resilience and better risk management capabilities. Organizations that did not anticipate the changing landscape, who only paid lip service to risk management, or had no concrete risk management plans, have been paying a heavy price for their unpreparedness.
Recent events have also triggered a significant shift in risk management practices, highlighting the vital connection between resilience and a strong risk management strategy, particularly in times of crisis. This recognition has led organizations to prioritize risk and resilience for a sustainable future.
Changing approach to risk management
In the past, risk and compliance functions often focused on standard processes that could sometimes become bureaucratic or overly document-focused. As a result, these didn’t always adequately address the most critical risks or ensure resilience. The risk environment has changed dramatically since COVID-19 pandemic, and new hazards are now present that require organizations to reexamine their risk management models to remain resilient in the face of challenges. It is essential for carefree organizations or those falling back into business as usual to pause and reflect. Taking a moment to reexamine existing risk management models is key.
To guarantee survival during evolving crises, organizations must adapt a more measured and proactive approach to risk identification, assessment, and mitigation.
The dangers of hidden risks: expect the unexpected
Organizations tend to overlook risks with low probability, but high impact, leaving them vulnerable to events, like pandemics, economic upheavals or geopolitical risks. Organizations need to acknowledge those unlikely or hidden risks. After that, they should then evaluate and prioritize these risks under the lens of organizational resilience, ensuring their focus is not solely on the day-to-day operational risks.
Improving risk identification involves considering a wide range of potential threats and their impact through scenario-based horizon scanning. Moving towards this kind of risk management approach is essential, including adopting what is known as all-threats planning and procedures for worst-case scenarios.
Better business continuity
The COVID-19 pandemic and its aftermath caught many organizations off guard. Without updated and robust business continuity, crisis management, or recovery plans, some organizations resorted to firefighting tactics. Due to rigid, slow, or inadequate response , organizations were forced to make short-term decisions — or even improvise — with incomplete information.
One of the key lessons learnt is the need for organizations to review and evaluate the effectiveness of their business continuity plans, crisis management, and disaster recovery plans on an ongoing basis. Revising or developing plans in the midst of a crisis won’t deliver the results your organization needs. And simply having plans in writing is not enough; it is essential to test and verify them. Can they stand up to real-world challenges? Have all the contingencies been considered?
Building resilience and adaptability
The pandemic exposed the vulnerability of institutions who weren’t adaptable and resilient. Resilient organizations can adapt during crises to absorb shocks and adjust to changing circumstances.
Three key aspects are essential to being adaptable:
- Establish risk governance practices that allow them to make decisions swiftly and avoid bureaucratic processes during crises;
- Develop adaptable and agile operating models to enhance operational efficiency; and
- Invest in digital transformation.
Organizations need to prioritize stress testing and scenario planning as a means of assessing their ability to handle arising situations. Establishing a solid risk culture and responsibility framework with a strong sense of risk ownership by process owners is critical. It allows the risk function to focus on strategic and resilient risks instead of compensating for risk management deficiencies.
The decisions made by leadership during a crisis event have significant implications for an organization’s long-term sustainability of an organization. Therefore, leadership must ensure that risk management functions go beyond compliance, are strategically utilizing risk management functions, drive decision-making, and are closely linked to the organization’s resilience.
Conclusion
Leadership decisions during a crisis have significant implications for an organization’s sustainability. Leaders need to think beyond compliance to see risk management as a strategic function linked to an organization’s resilience, and therefore its future success.
If leaders can establish a solid risk culture and responsibility framework with strong risk ownership by process owners, that allows the risk function to focus proactively on strategic risks instead of fighting fires to compensate for risk management deficiencies.
As part of that risk culture, leadership needs to regularly review and improve business continuity, crisis management, and disaster recovery plans. Organizations can enhance resilience and adaptability by implementing agile operating models, undergoing digital transformation, and improving operational efficiency.
In short, effective risk management goes beyond “check the box” compliance. It requires strong leadership to integrate risk considerations into strategic decision-making processes and aligning risk management with organizational resilience. for long-term success.
Not sure how risk-ready you are? We can help you assess your risk management practices , so you know where to build resilience. Contact us today and schedule a consultation to see how we can help.