How well are you and your organisation positioned to manage risk in 2021
Hello 2021 and all the risks you have install for me
The new year is a time to check our assumptions from last year and confirm that the plan for 2021 is still looking good. It is important to ensure you reflect on all the successes you had, and remember to consider all the security and risk concerns you avoided through your robust analysis and astuteness. 2020 may have brought you and your team a level of uncertainty, it certainly rocked most people’s boats. So now, most of us are keen to minimize our risk profiles and move in to Q1 2021 with a greater degree of confidence than we left Q4 2020.
Learn from our international security and risk experts how they developed successful business continuity plans (BCP) to ensure that their core activities could continue in the event of disaster. As you will hear during our interviews, disaster always strikes and these BCPs are tested in the most extreme situations. The BCPs were used during Ebola outbreaks in Liberia, during Cholera outbreaks in Yemen, during war in Syria, and in Europe during Covid. Based on lessons learned from our guests’ responses during earthquakes, pandemics, and violent crimes, we learn the real-world value of conducting practical drills, training programs, and testing effectiveness of necessary systems and structures. There are actions we can take now, that save our organisation’s money, and reduce significant pain later. Reducing costs, eliminating threats, increasing security and profit are all possible and easily achieved.
Companies will need to ask tough questions about their risk management strategies going into 2021. Is your company’s technology and infrastructure up-to-date? Do you have solid business continuity plans for when disaster strikes? And most importantly, are you sure that you guarantee the safety and well-being of your employees 24/7 when they are traveling? A strong workforce is key to long-term success and having robust and tested travel risk management systems in place is essential. Covid has highlighted three common areas of weaknesses within companies’ risk management systems including:
- Govenance and risk oversight
- Business resilience and continuity planning
- Cyber risk management
Companies that did not already have well-established risk governance structure found it difficult to fully comprehend how changes in one business unit could cause unforeseen risks in others. Companies without a formal resiliency plan made decisions “in the dark,” and the lack of a centralized strategy impeded agility when it was needed most.
Second order effects in risk mitigation planning
Covid has changed the way many people work. One of those changes is that many employees are now working remotely from the office, often from their own homes. While there have been some challenges, such as adjusting to remote desk-based risk assessments and reorganizing schedules to fit regular video calls, risk management professionals have largely benefitted from the remote work experience. Most managers and employers have considered the first order effects. Common first order effects include:
- Employees save on travel time and expense. Less need for a car and associated fuel, parking, and maintenance. Less stress from long commutes.
- Employees have a change in distractions during the work day. A less or more comfortable office.
- Employees have fewer casual interactions (for better or worse) throughout the day.
- Employers furlough employees and cut benefits.
- Other companies lose revenue from sales of food, parking, and other services the office employees usually use.
- Employers save on amenities, events, office supplies and services.
- Employers (or employees) incur an expense to upgrade the home office to include needed equipment (replicating what is already in the now unused office).
Many employees with jobs that went remote benefited from the new arrangement. Employers can benefit too, with some restructuring, for example downsizing of office space. For many employees, it is now evident that they can effectively live farther from the office in cheaper, more comfortable settings. Many larger and financially robust companies have already laid the future clear by making it clear that all employees will have the choice where they work in future, regardless of Covid.
A second order effect that affects both employers and employees is the leveling of the playing field. Companies can choose between the best candidates, not just the best candidates living near their office. Now you can genuinely recruit the best candidates from around the world. The third order effect on what this does to salaries will need further regulatory and moral consideration. For example, if a British company offers a position to a candidate in the developing world, would the successful candidate be paid the regular British salary, or the regular salary paid to an employee working in their country of residence. As always, there are significant risks, and effects for all stake holders and considering the second and third order effects really pays off in your planning.
Although nearly all executives accepted that a large shock – be it financial, criminal, or pandemic – was likely, very few companies had robust and test risk resiliency plans that prepared them for the eventuality of this predicted threat. Many companies did not have a pre-considered approach to communicating about critical decisions and operational changes, within and externally to their organisations. Their decision-making lagged, and at least in the early stages of the pandemic, many organisation’s suffered avoidable and major operational disruptions. Leaders that want to be better prepared in 2021 are reviewing their risk management strategies, anticipating further operational shifts, and planning how to remain resilient. By adopting a more enterprise-wide approach to risk management, business units and managers can be brought together to assess risks and discuss and develop the risk plans required to succeed and increase profitability in these challenging times. Consider how your organization can seamlessly identify and monitor potential risks, and pro-actively act across disciplines and across the world 24/7. Similarly, do you have partners that can bridge the language divide to ensure due diligence and risk monitoring, and quality assurance is occurring across your international partner and supply chain.
Safety risks in 2020
What were the most significant occupational health and safety risks in 2020? Amongst all the attention and drama caused by Covid in 2020, there were more pressing risks that companies should have been paying attention to within their workplaces. Here are the top ten occupational health and safety concerns of 2020:
- Failure to properly communicate about hazards
- Respiratory protection and personal protective equipment
- Industrial trucks
- Machine and mechanical machine guards
Depending on your company’s activities, you may be required to have a dedicated safety program to manage safety related risks. These safety programs may be as obvious as office building evacuation plans, but they can also be much more complicated depending on the industry and the size of your operations and number of employees. This would also include safety and risk training for both supervisors and employees in auditing, leadership, and hazard risk mitigation processes.
Cyber risks in 2021
A high likelihood and high consequence risk for all individuals and companies is cyber crime. And 2021 will present even greater cyber risks that previous years. With more people working remotely combined with an increasingly connected world with the internet of things devices, technology and cyber risk mitigation is more critical than ever. As our reliance on data and communication continues to grow, the consequence of a cyber attack increases proportionately. Cyber disruption would lead to significant financial loss and collateral damage in terms of business interruption, reputation damage, liabilities and increased regulatory scrutiny.
Cyber-risk management involves maintaining an enterprise security and risk program that aligns with best practices and standards and keeps up with operational changes and the current cyber-risk environment. Cybersecurity programs involve numerous activities that must be performed on an ongoing basis and reviewed regularly to ensure they keep pace with the evolving threat landscape. Developing your organisation’s resilience to a cyber-attack will be essential for any robust risk management plan in 2021. Risk treatment should likely include cyber insurance as well as a thorough analysis of contingency and business continuity planning, infrastructure, employee training and post-event crisis management.
(Read more about Cyber risks here)
What to do with risk
Risk professionals can do some of this work themselves by making an effort to operate across different business units to increase everyone’s understanding and visibility of risk. Executives should also ensure that the risk officer is a senior position within the organization (usually VP or Director level), to enable them to more easily take the necessary enterprise view of the company’s risks. This allows the risk manager to better identify critical risks that could have a major impact to their operations or business; prioritize and quantify risks; determine the company’s risk tolerance; work with the business units and executives to mitigate risks; ensure appropriate testing is done; develop risk transfer plans; and provide risk reporting at the appropriate level.
Listen to The International Risk Podcast to learn from our amazing guests from around the world that have employed various strategies to identify, monitor and treat risk in some of the most challenging environments around the world.