There is no doubt that 2020 will go down as a year to remember. While the Covid-19 pandemic has had an enormous impact, the year has brought many challenges — from the forest fires in Australia at the beginning of the year to the Taal volcano eruption in the Philippines — followed by a long list of high- force hurricanes and widespread social unrest here in the US. All of these have highlighted the reality of persistent, disruptive volatility.
No individual or organization can predict specific risks. But organizations can and need to prepare for an uncertain and volatile future that includes climate change, technological disruption, geopolitical risk, threats to the global supply chain, and issues related to cyber-crime, data protection and privacy. As we have seen during the pandemic, some modern business practices (such as globalization and just-in-time inventory management) create risks of their own. And regulatory authorities around the world continue to evolve and expand their scope, addressing matters such as data protection and privacy along with money laundering, financial crime, violations of sanctions, bribery and corruption.
The problem of maintaining business operations in an increasingly volatile and complex business environment calls for proactive, integrated solutions encompassing people, data and infrastructure. Organizations should establish well-defined direction from the top level so that there is clarity on how to act when challenges arise.
- Connecting risk management more closely to business and front-office operations. Organizations need to move at a rapid pace to deal with risks as they evolve, and this can’t be accomplished if risk management is sequestered somewhere in the back office.
- Getting better leverage from technology. Emerging technologies such as machine learning and artificial intelligence show great promise in helping risk managers pinpoint specific risks and develop faster responses. Many risk teams, however, have yet to take full advantage of more mature technologies in areas including data, analytics and modeling. Among other benefits, these technologies can reduce the efforts on lower-risk areas and help managers focus their energies on real threats, to critical parts of the organization.
- Aligning risk policies with business strategy. Many risk management failures indicate the right policy in support of the wrong strategy. Risk should collaborate closely with business lines and the overall enterprise to reach consensus on how risk is defined, measured, controlled, and mitigated. Collaboration also helps reduce duplication of effort.
- Being active, not passive or reactive. Risk managers need to do more than identify and mitigate potential risks. They can, for example, tap into external data sources to identify digital signals that provide early indicators of potential future problems. New technologies can help turn this data into insights and unearth previously un-seen business threats or opportunities.
One additional consideration: Risk leaders spend a lot of time considering how the function is structured and where it fits within the organization. While there is no “one size fits all” answer, the ability of risk managers to function effectively on a highly decentralized basis during the pandemic demonstrates how this issue has become somewhat of a red herring. Enterprises need central controls, but they also need what we call “sensors at the edges” to provide objective input from the front line and from outside the organization.
Organizations are still dealing with the effects of the pandemic, but most are beginning to plan for whatever “business as usual” will look like going forward. Better risk management may not spot the next big disruptive event, but it can accelerate and shape a more effective organizational response to whatever waits for us.