Exploring the role of risk management in a post-pandemic world Our survey said…
Sword GRC Blog
Exploring the role of risk management in a post-pandemic world. Our survey said…
Has response to the COVID-19 pandemic reshaped how organizations view and manage risk? Sword GRC reached out to both its customers and the wider risk management community with a short survey conducted from March-June 2021, to get a flavor of how businesses had navigated the challenges of 2020 and the associated changes in the risk management landscape.
Here are some of the headline survey results and a handful of comments from our survey respondents:
PANDEMIC RESPONSE? POSITIVE
88.2% of respondents claimed to have had a positive pandemic response and were able to manage new and emerging risks as they unfolded within their organizations.
Positive responses included ‘revitalized focus on previously non-emergent risks’, ‘enhanced brain-storming on risk response strategies, and ‘accelerated rollout of IT projects.’ One survey respondent claimed that their own positive response enabled their organization to help mitigate losses for their client’s businesses. Another claimed that for their organization, the pandemic led to far greater agility.
Some organizations were prompted to ‘aggressively face up to risk aversion’ while for others it was the ability to ‘anticipate losses and rollout remedial measures’ that made their pandemic response manageable.
ENTERPRISE RISK MANAGEMENT (ERM) CAME INTO ITS OWN
82.4% of respondents said that ERM boosted business resilience during a very challenging period. A key takeaway was that ERM investment always was intentioned to reduce uncertainty and volatility; a means of ‘expecting and being able to manage the unexpected and what it might entail’.
Our survey findings chime with the sentiment expressed in Risk Management Magazine’s article, ‘Stress tested: Risk professionals share their experiences with ERM during the pandemic’:
“…companies with mature enterprise risk management programs have found that their ERM framework paid off during the pandemic. A strong ERM program helped them better understand COVID-19’s potential impact on revenue and operations. By using ERM to help correlate perceived risks with appropriate mitigation measures, these companies were then able to formulate plans to manage pandemic threats and moderate negative impacts.
“What COVID-19 taught us is that the pace of change is accelerating,” said Tom Easthope, senior enterprise manager on the ERM team at Microsoft. “Volatility is increasing, requiring a strong risk management culture of adaptability to survive and prosper.”
According to our survey, 76.5% of organizations have developed new resilience plans as a result of the pandemic.
RISK STRATEGY – TIME FOR A NEW APPROACH?
According to our survey results, the pandemic prompted 83.3% of respondents to reassess risk strategy within their organizations.
For some businesses this involved ‘better quantification and remediation strategies for high impact, low probability risks.’ In the financial services sector, one respondent detailed how it ‘changed the conditions of loans for all segments.’ For others, reassessment of risk strategy led to greater focus on horizon scanning, to gain a view of ‘how other risks can materialize’; emerging and new risks. Overall, the majority of respondents recognized that ‘resilience, speed and the ability to adapt and change’ enabled them to operate under difficult conditions.
A further insight highlighted was the need to reassess supplier risk in the supply chain, using new methodologies at a time when traditional on-site supplier reviews became impossible.
NEW FOCUS AREAS
Finally, our survey respondents claimed that post-pandemic, there is a greater focus within their organizations within the areas of healthcare, HR, insurance, compliance, and environmental risk.
Speaking at a Livestream event about applying ERM core principles to manage the multitude of risks triggered by COVID-19, Mark Beasley, KPMG Professor and Director of the ERM Initiative in the Poole College of Management at NC State University suggested that we should:
“Leverage learnings from this event to build processes that will put our organizations in a stronger position when the next unknown crisis appears. Once we get through this crisis, our natural tendency will be to give a huge sigh of relief and relax. And, we should. But, while we will be anxious to return to normal, we don’t want to lose this opportunity to rethink and evaluate our enterprise’s risk management approach going forward.
“Invest in ERM processes that will put your organization in a position to proactively manage risks that might impact your business’s strategic success for long-term survivability.”