It’s no secret that the COVID-19 pandemic grossly impacted business operations across industries and regions. In Australia, we’ve seen continued pandemic related disruptions and unpredictable natural disasters that have now collectively forced a redefinition of operational best practices.
The ‘new normal’ for savvy businesses has essentially become mapping out the potential unexpected events, and planning – as best as you can – for them through flexible risk management frameworks.
Historically, the practice of risk management was often undertaken as a series of ‘box-ticking’ protocols, rather than an evolving, prioritised framework deserving of space on boardroom agendas. However, despite the new-found interest in the practice, it’s still not entirely clear whether businesses are now more prepared as it relates to assessing, mitigating, and addressing risks, or whether they’re simply following their pre-COVID playbook.
The increased need to invest in risk management
Broadly speaking, the management of emerging risk and crises were often siloed by function (eg. A physical security risk addressed by an on-the-ground employee may not be communicated to the communications team), as well as underinvested in as a separate function. Beyond COVID, other recent events – such as 2020’s wildfires which have been described as one of the worst wildlife disasters in modern history, and this year’s massive flooding in the east – have encouraged a dramatic change in how risk management is viewed within the Australian enterprise landscape. Critical decision-makers were forced to assess and evaluate whether they had the tools and processes to anticipate and respond to the next crisis. In most cases, it became increasingly evident that they did not.
While some may agree that the worst of COVID-related downturn is over, it’s crucial that businesses don’t dismiss this pandemic as a once-in-a-generation disruption. Widely impactful disruptions can happen anywhere, at any time and they’re only growing in diversity with the increased economic interdependence and growing technological advances.
For example, the Suez Canal disaster was not predictable, yet its impact can be felt across Australian industries dependent on trade. You can also look at the recent cases involving the reputation of Crown Casino and Allianz Insurance to see that deficient risk management processes can have a catastrophic effect on both a company’s bottom-line and its reputation.
It’s evident that the sophistication and variety of risks that businesses now face has never been greater, but what are decision-makers doing about it?
A recent study commissioned by Dataminr with Forrester Consulting asked 410 risk-and-compliance decision makers at companies with more than $500 million in annual revenue to reflect on their risk management priorities and practices. The study revealed that 42 percent of businesses are still improvising when it comes to risk management – confirming the notion more can be done proactively.
Something that we have certainly seen and advised against within organisations is a siloed approach to holistic risk management, but in order to proactively manage and mitigate emerging risks and crises, enterprises must adopt a flexible, but coordinated approach. This means that ownership of risk would be shared across the enterprise.
To start, individual departments should have clearly defined and mapped spheres of responsibility, so that when a risk occurs, the response across the board is orderly and efficient. Then, function leaders should create flexible plans that anticipate probable risks that their company will likely encounter in the future, and regularly simulate these risks with stakeholders.
The connective tissue that supports this kind of overarching, agile crisis response framework are advanced technologies such as real-time information platforms.
Evaluate your critical information system
For an enterprise, nothing is more critical in crisis response than the ability to have access to relevant information in real time in order to alert you and your frontline leaders across functions to risks, and protect against those risks.
Decision-makers with a role within the crisis response framework need to assess the technologies used to either fill in the gaps, or support efforts in response. While doing so, they need to survey the team and evaluate tech gaps such as how they’re detecting emerging threats and what are the tools needed to effectively communicate them across the response framework.
For example, relevant, up-to-date information is crucial in risk mitigation for global security operation centers (GSOC). For security teams, getting an accurate picture of the scope and potential impact of the crisis is critical in making better-informed business decisions. Within an agile crisis response framework, a GSOC would receive critical information at the same time as other stakeholders within the business and then align internally about a coordinated response.
Ultimately, the business landscape will never be the same again, and this new risk landscape needs to be reflected within the modern enterprise’s crisis response framework. The world is a fast-paced, unpredictable, and sometimes unforgiving environment – one that businesses cannot afford to improvise their way through potential disasters or crises. It’s now time for leaders to look at the sector as an opportunity and put everything in place to ensure their business’ future and reputation remain firmly intact.