Succeeding in the post-COVID era means reassessing Corporate Risk
- A more agile approach to risk management is needed post-COVID.
- Annual risk assessment should make way for continual ‘horizon-scanning’ for possible business threats.
- This level of preparedness and planning should permeate entire company cultures.
Operating a diversified business portfolio means facing a variety of daunting uncertainties – and that was before the current pandemic. These range from global mega-trends and macroeconomic unknowns to geopolitical shifts, regulatory changes, business-model evolution, and digitalization, to name just a few.
Surrounded by this heightened uncertainty, a company’s ability to survive, and thrive, must be built from within. These foundations cannot be created on the spot when the enemy is already at the gates, or the opportunity is so obvious that any market player could capture it.
An outdated approach
The response, for many companies, has traditionally been to list potential challenges in annual risk assessments. They might appear on a matrix, located somewhere on the “impact” and “likelihood” axes, as if anyone truly has a crystal ball that can pick the exact nature of events before they unfold.
This approach looks increasingly outdated. COVID-19 has cut across traditional risk categories, from supply-chain failures and digital disruption, to workforce shortages, cybersecurity and, of course, health. A global pandemic might previously have sat in the low likelihood corner of the matrix. But given the wide-ranging implications of this kind of event, can we really put it – and other such uncertainties – into boxes one by one, in isolation, and only consider the downside, just once or even twice a year?
Is it really acceptable to do so outside the core decision-making agenda of the company, as a pure governance activity? Reform is urgently needed, and this is the moment to seize the opportunity.
Beyond the matrix
- In a world of accelerating challenges, static annual documents need to make room for continuous horizon-scanning for early indicators of change and associated timelines for action. This calls for a data-driven strategy, adjusting not only processes but culture too.
- Risks and opportunities must be assessed holistically. Events rarely emerge from nowhere and disappear without making waves; they tend to have a complex web of potential causes and wide-ranging consequences. Intelligence on these should be gathered by a cross-functional team of experts, both plugged into the C-suite and interacting regularly with the front line.
- These insights should feed directly into strategic planning, financial forecasting and investment feasibilities, as well as the way decisions on business models and capital allocation are made.
- While plans may need to change in turbulent times, making them is still valuable. Planning for continuity and effective crisis response brings key stakeholders together to consider alternative realities and escalation patterns. This is helped by close alignment across an organization, from shareholders, to board level, to executive leadership, down to business planning.
- As the saying goes, culture eats even the best of intentions for breakfast. As McKinsey observes: “Many of the costliest risk and integrity failures have cultural weaknesses at their core.” Nurturing and rewarding open, healthy debate on risks and risk-taking is critical. A strong tone at the top is the beginning, but the desired culture has to be lived through each day at all levels of management, reflected in decisions around hiring, rewards and misconduct.
Building resilience
At a time when many businesses are struggling, financial resilience has a crucial role to play in a company’s ability to take on more risk in pursuit of opportunities.
But financial resilience doesn’t end at the front door of the business. As KPMG observes, in an increasingly connected world, additional monitoring of the financial viability of third parties is a must, and can be enabled by leveraging co-relationships and technology to strengthen supply chains.
Indeed, the fact that technology is both a source of and mitigation for risks has been made abundantly clear by any number of COVID-19 trends. In 2020, retailers adapted as 30% more consumers globally shopped online for food and household goods. Businesses also shifted online in vast numbers, for example to videoconferencing, and at the same time faced an extraordinary rise in cyberattacks.
These are just some of the panoply of digital risks that must be addressed. As Deloitte highlights, companies need to proactively evaluate a broad range of digital risks in order to build resilience, from data protection to shifting customer behaviour and supplier disruption. This further strengthens the case for data-driven and cross-functional risk teams who can see the challenges from many angles.
Putting people first
To identify risks, people need to feel free to speak out and any concerns they have must be investigated. This attitude must extend from the bottom to the top; encouraging mindful, reflective behaviour among leadership is also vital to avoid so-called optimism or confirmation biases. This means that we have a tendency to expect the risks of the future will be similar to those of the past.
Additionally, empowerment of people and decision-making at the right level enables faster responses, which in a multi-dimensional crisis can make all the difference. As business leaders we must all drive this cultural change through the way we treat and value people.
Working with risk
COVID-19 has overturned planning assumptions and expectations for all, across the board. But it will not be the last crisis to do so.
The type of disruption we are living through right now makes it impossible to continue on any previously planned trajectory in terms of risk protection. Everyone has been forced to reassess how to better protect themselves; 2021 is the year to put those plans into action.
Reshaping risk management may not ensure that the next big disruption will be predictable. But it will leave companies better prepared to deliver a more effective response, whatever comes their way. Uncertainty may be a source of risk, but embracing uncertainty with clarity and speed of action may be the biggest driver of competitive advantage.