2020 is nearly gone and it will forever be remembered for the pandemic that has devasted the economy, businesses and our social lives. I’ve heard risk managers say this is our time and indeed I’ve spoken to risk managers that have been in the centre of their business’ response to the pandemic and lockdown. Similarly, I’ve spoken to many risk managers that have been furloughed and made redundant. The difference between the two camps are stark, those that have stepped up now have a platform to excel; those that have lost resources will eventually need to rebuild because whether they recognise this or not – risk and the need for risk management has not gone away.
I’ve been busy in speaking engagements and pulled together a few current headlines, these were a collection of clippings from October 2020. I’ve avoided all the articles about redundancies which are not surprising but what this reaffirms is that businesses are not only dealing with COVID-19, its business as usual when it comes to other risk events happening whether it be regulatory breaches and fines, cyber-attack, fire and safety events, social unrest, or activist shareholders – these are still highly relevant. In fact, when the organisation is already financially stressed by COVID-19, the impact of the next event is relatively more severe and who knows which is the straw that breaks the camel’s back.
So, what’s next for risk management? Just like businesses, staying in survival mode is unsustainable; we must develop and implement strategies to flourish or we become irrelevant and die. For risk management, there is no room for the proverbial ‘ticking of the box’ and the problem remains unchanged, we must improve risk maturity (i.e. effectiveness), to make risk management a relevant and useful exercise. To me, this means:
Whilst the problem statement hasn’t changed, the world is very different. There is a lot more working from home, this means our stakeholder relationships are different, this means committee meetings are virtual, this means sharing screens is the norm.
In terms of embedding, well this means getting more people involved in risk management. This is extremely hard to do when people are working from home, but a technology platform can unlock this. At GOAT, we recognise embedding risk management simply means getting more people engaged in, contributing to and aware of risk so we recommend, particularly for larger businesses that risks need to be Distributed to owners, but further, the risk details need to be distributed to the team members. Those actually delivering the actions, designing the controls, creating the metrics and reports. There is no way you can get this kind of collaboration in a manual spreadsheet.
When it comes to decision making, we know how leaders make decisions. They need to synthesise the business context, logical problem solving/gap analysis, and want to see data. Risk scoring is essential for prioritisation and visualisation of risks relative to each other, but to the c-suite decision makers, these scores are not data. This is why GOAT enables performance metrics to be tied in with the risks, so we are able to performance manage our risks. This makes the risk discussions grounded in facts rather than anecdotes and scores. The traffic lights that measure completion of actions are now supported by the measurable impact and outcome of actions.
We know financial resources are stretched and achieving change must be done cost-effectively. Yes, your risk register spreadsheets are free but are not fit for purpose but we’re now in a time benefitting from cloud-based software as a service which enables technology solutions such as GOAT to be implemented at extremely low-price points and flexibility. Long gone are the days of 5-year commitment contracts and five or six figure technology solutions with a massive implementation cost by a system integrator. Check out www.goatrisksolutions.com to incorporate into your 2021 plans, start your free trial now and get started immediately.Find out more about GOAT Risk™