Accelerated by COVID-19, imminent cyber threats, a rising focus on climate change, and more, organizations are being challenged to evolve both their operations and risk management strategies. Said differently: Risk should be connected with strategy. That’s one key takeaway of the recently published Global Risks Report 2021.
The experiences of 2020 highlight the fragility facing organizations today. Leaders can no longer — if they ever could — examine proximate risks. Instead, businesses should look at risk more holistically and evaluate impacts across their value chains. Visibility into, and accountability for, risk must cut across diverse organizational functions. IT, compliance, legal, HR, and more have roles to play in bolstering risk management strategies and driving resilience.
Building the right risk culture, however, calls for buy-in and leadership from the top. To achieve resilience, it’s incumbent on C-suite executives and boards of directors to ask the following four questions.
1. Are We Collaborating on Major Risk Issues?
Risk professionals generally understand that the actual management of risk takes place within their organizations’ day-to-day operations. That makes deploying best practices and protocols across the enterprise a critical goal.
Consider whether senior leaders responsible for driving risk management strategies and resiliency are working to achieve a common goal. Risk committees — with representation from business units and safety, compliance, and other risk-adjacent teams — can yield input from diverse stakeholder groups, including those most in tune with everyday operational risks. They can also help ensure that everyone is on the same page when it comes to critical risks.
2. How Agile Are We in Responding to and Managing Threats?
Enterprise risk management has historically been viewed, at worst, as a compliance exercise and, at best, a process that seeks to protect organizational value. But the past year has revealed the need for this process — led by boards and C-suite executives — to evolve to de-risk innovation and change.
Senior leaders should examine at processes for identifying, responding to, and implementing changes based on key risk trends. They should also understand what portion of risk is controlled by the organization versus third parties and consider their effectiveness in evaluating changing insurance requirements based on evolving needs.
3. Are We Forecasting and Anticipating Emerging Risks?
A well-known military axiom is that generals often prepare for the last war, rather than planning for the next one. In other words, leaders often learn the wrong lesson from past events instead of looking ahead to what forthcoming battles might look like.
A similar dynamic may be playing out in corporate offices and boardrooms today. It may take some time for the pandemic’s lessons to fully reveal themselves, but senior leaders should avoid focusing on specific challenges of the past year without considering how recent trials can inform their responses to future threats — including some that may look nothing like a pandemic.
Instead, seek ways to evaluate the potential future impacts of various risks. That should include pandemics, but also think about cyber-attacks, regulatory changes, geopolitical threats, and the effects of climate change.
It’s also important to engage in scenario planning to understand those threats and to incorporate data and analytics into your thinking. Ask yourself: Are you doing enough to stress test, measure, and model the financial impacts of critical risks? And are you doing so in a forward-looking manner that connects risk with your growth strategy?
4. Are We Using the Right Metrics?
As businesses face a number of risks that are growing more complex and interconnected, many of the traditional ways to measure resilience may no longer be useful. To inform and advance their organizations’ decision-making, boards and C-suite executives should consider a number of metrics, including:
Resilience, however, is not only about operational “durability.” In these times of sustained volatility, it will increasingly be tied to executive compensation and performance. Ultimately, the organizations that excel in an era of greater complexity will be those that differentiate around risk and the ways in which they make optimal use of risk capital to de-risk innovation and growth.