7 steps to consider when reviewing risk management

13/08/2020 - 09:52

Bookmark

Save articles for future reference.

Now is a good time for boards to review their risk management strategies, say Peter Deans and Anthony Stevens.

Now is a good time for boards to review their risk management strategies, say Peter Deans and Anthony Stevens.

Restarting business operations and looking to some sort of return to normal remains the priority for most boards as the economy reopens for business. However, rethinking strategic and business priorities for the future is also top of mind. Boards should carve out time to reflect on risk management practices, past and present. Lessons from this period can be used to reshape the future of risk management across all businesses. Here are the initiatives to plan for:

  1. Develop (or refresh) business continuity and crisis management plans Many businesses operated in crisis mode for months during the pandemic, using outdated or makeshift crisis management and business continuity plans. It will be important to document what has worked well and what hasn’t, and implement a framework for future events — particularly if none were in existence prior to the pandemic.
  2. Develop and implement/enhance an enterprise risk management framework ERM is a well-developed methodology for organisations to manage risks. It encompasses the identification, assessment and management of risk. AICD has also published several guides on how boards should approach ERM.
  3. Leverage technology innovation to streamline processes Advancements in mobile and cloud-based technology mean it is easier than ever for directors and executives to use technology to better manage risk management processes. Better still, financial and human resources otherwise tied up with risk “administration” can now be allocated to activities designed to ensure a better system overall.
  4. Consider the financial resources allocated to risk management Are there sufficient numbers and capability of personnel — with sufficient authority — to oversee risk management in the organisation? Does the organisation need a senior risk officer — such as a chief risk officer or head of risk management — who can regularly present to the board? What investment in technology can best support these resources to do the best possible job?
  5. Assess the need for more frequent reporting and discussion of risk at board meetings Often risk management matters are left to management forums or tucked away in finance or operations reports. Does the organisation need to invest in technology-based tools to oversee and report risk management? If one is not already in place, consider if there needs to be a formal risk committee.
  6. Connect the top and bottom In recent years, regulators have focused heavily on ensuring those at the top are in control, know what’s happening and are ultimately accountable. Risk is no exception to this. In the context of healthcybersecurity and other manner of risks, ensuring a timely flow of information between the top and bottom of an organisation is critical. Technology can make this process easier.
  7. Assess the board rhythm and stakeholder engagement for discussing and determining any action on emerging risks Organisations that fared better during the early stages of the pandemic had a clear line of sight — from board level down — over emerging issues. Some boards scheduled frequent meetings and calls as events unfolded. Others waited for scheduled meetings and may have lost valuable time to prepare.

Organisations have full control over how they manage risk. While many risks are external to an organisation — and substantially out of its control — there are important decisions to be made on exactly how risk is managed. The design of the risk frameworks and governance, the frequency of reporting and discussions, and the level of investment are all in the control of directors and management. Well-designed and implemented risk management frameworks and governance will reduce operational losses, build stakeholder confidence in the organisation, and assist it to achieve its long term strategic and financial goals.

Peter Deans is founder of 52 Risks, director of Notwithoutrisk Consulting and The RegTech Association. Anthony Stevens is founder and CEO of 6clicks, and author of Chasing Digital: A Playbook for the New Economy.

STANDING BY BUSINESS. TRUSTED BY BUSINESS.

Subscription Options