Has COVID-19 changed our approach to risk assessments and management frameworks?
(Sponsored article) Many enterprises are facing a growing number of high-impact events and emerging risks that affect business as usual.
Risk to organisation structures, skill needs, assets and reputation are all impacted. This is a real opportunity to take a fresh look and improve the efficiency of the risk process.
COVID-19 provides a strong argument for Enterprise Risk Management. These all impact on business objectives, resilience and agility.
Enterprise Risk Management (ERM) and Business Resilience Management (BRM)
Traditionally, risk frameworks revolve around a risk register, evaluation matrix and appropriate stakeholder workshops to develop and manage identified risk. Each entity has its own way of doing this to keep within risk tolerance and appetite, governed by owners and boards.
Technology and social behaviours have evolved over recent years and by necessity, been widely adopted with COVID-19. These include:
- the speed and capability of internet connections that enable video conferencing and group interaction
- sharing of large documents for collaboration
- acceptance of Working-From-Home (WFH).
This is a real opportunity to take a fresh look and improve the efficiency of the risk process in capturing and evaluating risks.
Noting social and professional commentary on this, WFH will be a lasting change for screen-based workers into the future. There is a cautionary note however on the cost/ benefit to society and business entities, but that is an emerging risk that will move from strategic to operation over time, I suspect.
Lessons learned
There are many lessons to be learned from COVID-19 and we have to ensure they don’t go to waste, considering their immense cost from both a social and financial perspective.
Effective risk management assists decision making against defined business objectives. This is where the greatest value proposition lies. A competent risk register needs to identify emerging risks along with the business environment risk, typical of industry sectors in which they operate.
So where would an epidemic or pandemic fit into this emerging risk and the ERM governance?
Professional risk managers – take a lead on business resilience
There is a lack of BRM maturity (and existence) in the bulk of small to medium enterprises. This is where we need to take the still evolving lessons learned and integrate them into well reviewed Business Resilience Plans that are informed by a competent risk register.
We had decades of institutional warnings of the probability of a global pandemic and we also had numerous opportunities to run simulation exercises.
The Enterprise Risk Register is the source of potential threats and opportunities. They inform the Business Resilience Plan and early development of an agile response. When clear processes already exist and have been refined through simulation exercises, an agile and effective response is much more likely.
This is just good governance and good risk management after all.
As professionals, we should take the lead and add practical value to the business.
CURA Risk Management Software is a provider of governance, risk, compliance and risk-based audit software solutions. These solutions offer a clear picture of risk across the organisation to enable better decision-making and risk management.