Good risk governance – how business leaders can bounce back from the pandemic

Sword GRC Blog

Good risk governance – how business leaders can bounce back from the pandemic

“COVID-19 has helped more people than before understand that a single root-cause issue can totally trigger risk at an enterprise level that affects everything,” suggests Mark Beasley, KPMG Professor of Accounting and the Director of the Enterprise Risk Management Initiative in the Poole College of Management at North Carolina State University, in an article entitled ‘5 risk management lessons from the coronavirus pandemic’, published on

Now, some four months into 2021, and after a year of coping with the risks wrought by the pandemic, business leaders can take stock of the state of their organization’s approach to enterprise risk management (ERM), and determine what worked, is still working well and where gaps or deficiencies reside.

‘Governance and risk oversight’ has been identified as an area of weakness. According to Risk Management Magazine: “Organizations without a formal risk governance structure found it difficult to fully comprehend how changes in one business unit could cause unforeseen risks in others. Companies without formal resiliency plans made decisions ‘in the dark’ and the lack of a centralized strategy impeded agility when it was needed most.” *

It seems that the organizations that took a strategic approach to risk management fared better throughout the crisis. “A strategic approach to risk management includes board members focussing on new and emerging risks, keeping an eye on potentially existential risks that are currently under control, establishing a strong corporate risk culture, and creating a risk committee separate from the board’s audit committee” suggests WomenCorporateDirectors (WCD) in its white paper on risk committees. Furthermore, a risk committee should ideally include members with particular experience in “cybersecurity, IT, compliance, third-party risk management, privacy, and reputational risk.”

Robust risk governance may have helped some organizations to be more resilient, better placed to respond to the changing risk landscape and to capitalize on risks that held opportunities. Many businesses exploited opportunities the pandemic presented by delivering existing products via new channels, primarily online.

But what lessons should business leaders take from last year’s experiences with a view to building for the future, managing risk more strategically and underpinning greater resilience?

Some suggestions to consider might include learning from mistakes made in responding to the pandemic and re-thinking long term risk strategy. Creating a dedicated risk committee (as the WCD recommends) can help boards and business leaders assess, monitor and respond to emerging risks as they present themselves while the economy starts to recover. This will involving considering the organization’s risk appetite and how it has changed given the experiences of the Covid crisis. If establishing a dedicated risk committee is a step too far for your organization right now, perhaps concentrate on embedding risk management throughout all operational activity. Greater emphasis on online trading and home-working may necessitate increased focus and investment in cyber-security risk management and adequate consideration should be made to geopolitical risks that could pose supply chain change or disruption.

With much to think about, why not explore the options further by signing up for Sword GRC’s June 17 2021 ‘Building Upon Lessons from 2020 to Enhance the Strategic Value of ERM’ Webinar?

Risk expert, Mark Beasley will provide insights to raising the profile of risk management within your organization after such a challenging year and how strategies can be adapted to cope with complex and changing risk scenarios.  He’ll also be taking a look at the key tactics that risk management leaders can adopt to elevate the strategic value of the organization’s risk management efforts.

Register now >

* Rethinking Risk in a Post-Pandemic World – Risk Management (