If the past year has taught us one thing, it is that the traditional approach to risk management simply does not work. The global pandemic fundamentally challenged how companies identify, assess, manage, and monitor risk, tossing aside long held beliefs around security, IT resiliency, crisis management and business continuity planning. The past year has also changed the inherent risks companies with US operations now face as they seek to navigate the intersection of geopolitical unrest and business engagement.
During this period of unrest and uncertainty, Control Risks has been working alongside our clients to not only respond and recover from events that impact their operations, but also to fundamentally rethink how security and resilience teams can best integrate and align to support core business more effectively – from the strategic through to operational and tactical.
Here are the key lessons learned to date:
Traditional risk management programs rely on outdated models and frameworks: Traditionally, programs often sit across different disciplines within an organization, relying on management systems that tend to conflict with one another. While there has been a trend in recent years to align risk management programs under the same function or management structure, there is a new urgency to ensure that risk management programs are optimized by data, metrics, and technology.
The sharing of risk data across the business enables the transparent measurement of program maturity via robust metrics and reporting visualized in real-time dashboards. The use of technology serves as a driver and platform to store, manage, and operationalize all aspects of the program, from risk identification under ERM, physical security or cyber resilience, to operational response and recovery under crisis management and business continuity.
Risk management models must include a better view on the world around us: One of the most important lessons from the past year is that an effective approach to all-hazards planning and procedures must incorporate worst case scenarios. In addition, program owners and response teams must maintain a level of operational flexibility in their planning by broadening their perspective on the risk scenarios-to consider through a program that integrates multiple sources and is driven by intelligence gathering and reporting. At Control Risks, our Global Risk Analysis specialists provide intelligence on world events that in-turn can be used by clients to prepare well in advance of a political or social crisis occurring. In a post-Covid world, the need to better understand current events and how they impact your business will play a critical role in assessing risks—as well as opportunity.
Know your competitive risk environment: Our clients come to us to understand how their peers and industry leaders are thinking about risk, benchmark their programs, and gain an external expert perspective on the opportunities that lie ahead. At Control Risks we work with leading companies in every sector on both advisory and operational matters, and are therefore uniquely positioned to share best practices our perspective on the most forward leaning thinking both in the US and abroad.
De-escalation is a critical piece of recovery: Traditional risk management assumes that actualized threats and acute crises can be managed in every stage of an event using the same command and control protocols throughout the lifecycle of a crisis. Covid and political unrest over the past year have demonstrated in the harshest terms the need to create frameworks and risk management playbooks that are agile, well-communicated and understood. This in turn enables a scalable approach that allows for efficient escalation and de-escalation to better manage the limited resources dedicated to operational risk management activities.
IT resiliency should be the cornerstone of your risk management strategy: While companies found themselves able to work remotely and even to thrive in this new environment, the need to ensure the absolute protection of IT infrastructure and the data it holds has never been clearer. As employers look to consider their long-term hybrid work strategies as part of their rebound, they must integrate IT and digital risks into all aspects of the discussion around protecting the business.
At Control Risks, we are often asked “so what’s next?” Our view is that while there is cause for optimism as some economies recover, a true "post-pandemic" world is still a long way off - so we should all expect to continue managing through a highly fragmented and multi-speed global recovery for at least the next year. This means that crisis and resilience teams will need to integrate the lessons learned from 2020 to maintain a higher degree of flexibility, agility, and efficiency in responding to – if not anticipating– the continuous curveballs thrown their way. This can only be done effectively by leveraging the right data and technology tools.
In today’s environment, the key to getting – and keeping – your organization on the front foot is ensuring it is equipped with the capabilities and tools to continuously scan for emerging issues, to anticipate what’s coming next, and provide relevant information to make the right decisions and take decisive action.