Securing risk management wins from the pandemic

It is important for us to ponder the lessons learned from navigating risks triggered by one of the world's biggest crises in decades. Many of the techniques executive teams and boards used to manage risks triggered by COVID-19 may actually be worth preserving. Let's explore a few of those opportunities.

Continue engaging people representing multiple functions

Early in the pandemic, executives scrambled to pull together their leadership teams from all parts of the organisation to put their heads together to solve one of the biggest risk management challenges they had ever faced. Members of the C-suite and their direct reports from multiple functions dropped what they were doing to collectively address the huge challenges of flipping their operations to a socially distanced, remote, virtual environment — overnight. Product and service deliveries had to be redesigned so that businesses could survive.

Most executives quickly realised that bringing teams together from multiple functions helped their leaders quickly and creatively identify innovative solutions. Diversity of perspectives on how risks might affect units across the enterprise helped pinpoint solutions with a holistic, cross-functional view so that solutions to those risks could be identified collectively.

As we move beyond the pandemic, business leaders may want to consider whether the ad hoc teams formed to deal with the pandemic should be retained. They could continue bringing cross-functional perspectives together for regular dialogue about emerging risks and techniques on how to navigate around those risks. It may be worth considering: "Who were the key players involved in those efforts and how can they continue to be engaged?" Also, for organisations with existing management-level risk committees, consider pondering: "What was the role of the risk committee during the pandemic — what worked well, what didn't?"

Maintain the communication pipeline regarding risks

The sharing of information about the unfolding risks triggered by the pandemic increased for most organisations. There may have been reluctance in some organisations for business function leaders to raise risk concerns to the C-suite or the board. But the overwhelming nature of risks triggered by COVID-19 was so extreme that executives invited their teams to communicate continually about risks the new realities presented. Many organisations hosted conference calls or Zoom/Microsoft Teams-based virtual meetings regularly, with some meeting multiple times per day. Boards received timely updates about changing risk conditions and how the entity was responding.

That flow of information about risks and the entity's plans for responding is likely worth preserving for the long haul. Business leaders should evaluate the nature, format, and timing of those risk communications to pinpoint factors that helped contribute to frequent dialogue about risks. Risk leaders may want to consider: "What was different about the nature and frequency of our risk reporting to the C-suite and the board of directors during the pandemic relative to what was happening previously?" and "What reporting practices should we retain?"

Preserving risk culture

We often say "culture is king" when it comes to effective risk management. If the tone at the top fails to embrace a culture that encourages open dialogue and transparency about important risks on the horizon, it is difficult to have an effective risk management process. Unfortunately, for some organisations, those in the C-suite tend to penalise individuals for raising legitimate risk concerns, usually inadvertently through their reactions and visual cues. This leads recipients of those implied messages to conclude the C-suite only wants to hear from individuals who are positive and optimistic about the organisation's capabilities and successes.

One advantage of the experiences of 2020 and 2021 is that most organisations experienced an openness and transparency in how they engaged in dialogue about all the emerging risks triggered by COVID-19. As core operations were flipped upside-down, everyone knew there were huge issues to solve, and they were encouraged to bring them up frequently so the leadership team could figure out how to solve them. For many organisations, that kind of willingness to "share bad news" led to quicker problem-solving and innovative solutions, with some of those solutions leading to new market opportunities.

Risk management leaders may want to think about how their organisation's culture was different (hopefully for the positive) regarding risk management during the pandemic and what helped improve transparency about sharing risk information. To what extent were senior executives more willing to engage in risk dialogue compared to pre-pandemic discussions? How can those benefits be sustained?

Retain the strategic risk focus

The pandemic's effect on business, particularly in 2020, interrupted most aspects of how an organisation goes to market with its products and services. Workforces were banned from face-to-face customer service in most cases, forcing their leadership teams to suddenly find ways to perform key tasks virtually. Entities that traditionally provide products or services mostly in an in-person, tangible way had to pivot quickly to identify new ways to become digitally savvy in a virtual world. IT systems were tested in new ways as capabilities for remote operations were expanded overnight.

Over the years, our research has revealed that business leaders often struggle to find ways to increase the intersection of risk management and strategy. In many cases, the management of risks often sits in one silo of the organisation while the leaders of strategy sit in other parts of the business, with few executives realising the importance of strengthening the integration of risk and strategy discussions.

Dealing with the impact of the pandemic may be helping change that. Now more than ever, business leaders are seeing first-hand the importance of linking risk discussions to what's most critical to the driving value for their organisation's business model. In the early days of addressing the challenges of COVID-19, risks were front and centre in the discussions as management teams realised quickly that they had to be suddenly innovative in adjusting how they deliver their core products and services. That provided a tangible example of how risk-taking and innovation go together. Obstacles to generating sales were identified and prioritised so that responses to those risks could be implemented in order for sales to continue. Discussions about risks and the related strategic solutions came together, quickly revealing the advantages of integrating risk and strategy conversations.

As business leaders look to the future, it would be worth pausing to consider how they might be able to strengthen the interconnectivity of risk management with strategic planning, budgeting, and capital allocation. And they may want to reflect on what contributed to "out-of-the-box" innovative thinking and problem-solving that helped the organisation identify new ways of doing business. Enhancing the connection of risk management and strategic planning will help elevate the value proposition for risk management investments.

Take time to reflect

Most of us pray we never experience a time like 2020 and 2021 again in our lifetime, hoping to leave the challenges behind us. But, before rushing ahead, now is the time to reflect on elements of our experiences that presented valuable risk management benefits while dealing with COVID-19. The "all-hands-on-deck" approach to surviving the pandemic actually uncovered some positives that most executives would like to preserve. Before memories fade, spend a moment reflecting on what worked well, and why, to pinpoint what might be worth keeping.

— Mark S. Beasley, CPA, Ph.D., is the KPMG Professor of Accounting and director of the Enterprise Risk Management Initiative in the Poole College of Management at North Carolina State University. To comment on this article or to suggest an idea for another article, contact Neil Amato, an FM magazine senior editor, at Neil.Amato@aicpa-cima.com