The state of risk management
Risk functions can fortify their resilience in response to COVID-19.
The risk climate already was volatile—businesses across all sectors have struggled to keep pace with relentless change. COVID-19 has added fuel to the fire, exacerbating and reshaping the challenges risk leaders face.
Among the dramatic shifts resulting from COVID-19:
- Deepening geopolitical tensions, combined with new work practices and collaboration tools, are creating new cyber vulnerabilities and points of weakness that fraudsters and criminals can exploit.
- Huge swings in financial markets are aggravating credit and liquidity risk, leaving businesses of all sizes threatened on multiple fronts.
- Will the risk climate return to a “normal” volatility level when the pandemic fades? It might. But while tackling this crisis, consider aiming both to stabilize the business now and to prepare for future crises. Doing so can increase operational resilience, equipping your business to recover more quickly—whatever the future brings.
Steps risk leaders can take now
By repositioning the risk function, risk leaders better equip themselves to navigate the pandemic. Done right, they can gain the added advantage of more robust preparedness for future crises.
We offer five steps risk leaders can pursue now to emerge stronger from COVID-19:
- Redefine what needs the most protection: Businesses can’t protect everything, so instead they can:
- Identify their most valuable, mission-critical assets and devote more resources to protecting them.
- Adopt agile, dynamic planning to accommodate the continual change generated by a volatile risk climate.
- Review and update assets that are most “worthy” of protection—in a climate of constant change it is an ongoing effort.
- Learn what makes these assets vulnerable: From what will priority assets need protection? Risk leaders can:
- Understand which priority assets might be more—or less—vulnerable as the risk climate changes. Given talk of a “second wave” of COVID-19, coupled with the perennial threat of other pandemics, the risk function should include pandemic planning in its outlook.
- Continue to monitor the full spectrum of risks—not just pandemic planning—focusing on building awareness around emerging and non-traditional risks.
- Look past the norm: How might risks undermine operational resilience in previously unthinkable ways?
- Assess the strength of old models: Should sensitivity testing be based on potentially more severe scenarios? To provide model currency, businesses can:
- Rethink how to measure risk sensitivity, since, for financial firms, assumptions around liquidity and market demand may no longer apply.
- Re-calculate how COVID-19 and its various recovery scenarios impact operations and finances. This advice extends beyond financial firms. Businesses in all sectors can model the impact of specific changes and the potential for shock events to trigger new, unforeseen scenarios.
- Hand the reins to the risk function. By collaborating with stakeholders across the business, risk teams can unearth risk interdependencies and provide a real-world view of how shocks might unfold.
- Actively consider how to respond to another major shock, such as a crippling cyber-attack or natural disaster, during this crisis. A myopic focus on the pandemic won’t suffice.
- Consider rewriting, testing and making active business continuity plans. The COVID-19 pandemic exposed the insufficiency of business continuity and crisis plans. Updated plans can include actionable, prescriptive instructions for maintaining continuity.
- Evolve to stay relevant: Once the pandemic has eased, where will the risk function be? Efforts the function can tackle include:
- Readying the business for future volatility, including identifying new supply chain models, assessing potential markets and supporting new product development.
- Supporting digital transformation efforts. COVID-19 is driving businesses toward more digital solutions—the risk function is well positioned to weigh in on potential concerns and vulnerabilities.
- Engage with regulators: How can businesses stay compliant? They can:
- Expect scrutiny. In highly regulated industries, regulators are watching, and may request multiple datasets. Businesses can be prepared to slice, dice and gather data that may be in demand.
- Invest in tools and technologies to ease data management, improve response capabilities to data requests and strengthen the business with better insight into risks and opportunities.
- Provide ongoing compliance. COVID-19 disrupted many things, but compliance ideally should not be among them. The risk function also can take the lead by informing the broader business on the implications of non-compliance.
- Anticipate and prepare for new regulations. Will new requirements surface in COVID-19’s wake? Risk leaders can connect with business leaders—as well as their own peers—to prepare for potential new regulations.
A future-ready function
Risk leaders taking these steps should do so with an eye on bigger picture strategies. The effort they invest in now to define the fundamentals of their risk function can pay off today, as well as tomorrow.
To remain future-ready, risk leaders can keep these elements in the forefront of their strategy:
Accenture is ready to help risk functions wherever they are in their journey—whether it’s immediate support to address pandemic concerns or rebuilding into a more future-oriented function. Together we can help you outmaneuver uncertainty and emerge stronger.
To help our clients navigate both the human and business impact of COVID-19, we’ve created a hub of all our latest thinking on a variety of topics.