As we stumble to the end of another ‘annus horribilis’ of Covid-19 driven lockdowns, restrictions and regulations, it’s timely to reflect on the year that was and what might be coming down the funnel next.
The starting point of our discussion should be to recalibrate some fundamentals. Whilst Covid-19 and the ramifications of the pandemic have been somewhat all-encompassing for many organisations, it is critical to remember that all the other risks that existed before the pandemic are still there. Sure, the context is likely to have changed and the priority been revised but they are still to be dealt with, nonetheless.
Tip #1: Revisit the Risk Register and prioritise the key threats and opportunities. Challenge the assumptions that sit behind the details of risks and controls
Let’s examine some of the key issues that organisations dealt with in 2021.
The Delta strain of Covid entering NSW, and subsequently Victoria, changed the context of the pandemic entirely. Very quickly the broader population realised that the rare risk of blood clots from the Astra Zeneca vaccine was not as high as the risk of contracting Covid and dying. This has accelerated vaccination rates and resulted in Australia becoming one of the most vaccinated countries in the world.
One of the artifacts of the pandemic has been that organisations have had to respond to crisis situations that they had unlikely planned for – in many cases ‘building the aeroplane in flight’. Many have been pleasantly surprised at their capability to respond to the uncertainty of the last couple of years. There is an old risk saying that goes ‘never waste a crisis’ – now is the time to take the lessons learned and commit them to writing in policies, processes and systems before they fade from memory.
Tip #2: Review the organisations’ Business Resilience capabilities – Emergency Response, Business Continuity, IT Disaster Recovery and Crisis Management
Covid has also been a catalyst to change the context of many other risks. Mental health has been under the spotlight as a consequence of lockdowns and general anxiety associated with a pandemic. This has been exacerbated by the lack of face-to-face engagement - less chance for ‘toolbox talks’/team meetings, home working in its various guises etc. The focus on Mental Health seems to have become well entrenched, and we have reason to hope that it will retain its focus, as it should.
Tip #3: People are the centre of any organisation and developing, protecting and supporting them is an investment not a cost. Review how your business reduces its impact on people’s Mental Health
Supply Chain has also been greatly impacted by the pandemic. We are seeing supply chain issues in product shortages, lead in / delivery times, transportation availability and costs. Many organisations are now looking into their supply chains and finding exposures that they have not previously understood and realising the implications accordingly. Over exposure to single suppliers or particular geographies are proving particularly challenging for many organisations and highlights the importance of Boards and Executives getting ‘under the covers’ to understand their risks and the effectiveness of controls to manage them.
Tip #4: Organisations must examine their exposure to Supply Chain disruption – from silicon chips to consumer goods – and understand who their key partners are and where any single point sensitivities exist.
The world’s risk lens is firmly fixed on Cyber Security. The arms race between good and evil continues. While history may look back at the vulnerabilities we now face and attribute them to the relative immaturity of our technology, these threats are very real, and potentially catastrophic now, as we saw all too clearly in the Colonial Pipeline ransomware attack. Prevention of the myriad of potential causes and mitigation of consequences are both critical in arsenal of tools needed to manage such risks.
Tip #5: Cyber Security is a classic example of prevention being better than the cure. Organisations should review and gain assurance on the effectiveness of their preventative controls on a regular basis.
Climate risk continues to dominate the global agenda, and we continue to experience severe weather events, such as the European floods, and the ongoing annual increment in average temperatures. It seems that we have all collectively accepted the risk, with the climate change sceptics largely being excluded from the debate. Given the consequences, it’s a shame we can’t rally global resources in response as we have seen in the Covid pandemic. Perhaps we will soon realise that it’s not the planet that is at risk, it is humanity.
Tip #6: Climate risk is, or will touch all organisations, be it directly or indirectly. If not underway already, organisation’s need to examine not only their exposure to the impacts of climate change but also what they are doing to reduce their contribution to the causes.
Climate risk has also influenced most insurer’s appetite for risk, with many taking a firm stance in not providing cover to the fossil fuel sector. Insurance more generally, has presented many challenges for organisations. The hard market cycle that prevails has seen significant increases in premiums, withdrawal of cover for some classes of assets / exposures, and introduction of restrictive conditions / exclusions on cover. Organisations that understand the relationship between risk management and insurance have fared better than others and have further scope to develop long term value adding strategies for their insurance program.
Tip 7: At ABM we firmly believe that businesses must ‘sell risk, not buy insurance’. This means having a robust Risk Management program. Organisations should assess the organisation’s Risk Management competency and develop a plan to address the gaps.
There is no doubt that the operating environment for most organisations has continued to change in 2021 – largely due to Covid-19 and the flow on impacts. Businesses have experienced a broad range of both headwinds and tailwinds to their operations. This should also prompt consideration of the risks an organisation is prepared to take to achieve its objectives.
Tip #8: Engage the Board / Senior Executive and update the Risk Appetite Statement to consider the operating environment that now exists.
___________________________________________________________________________
Organisations may have gotten away with paying less attention to the broader gamut of risks whilst dealing with the pandemic but as we travel along the road to recovery, these will demand their share of attention. The events of 2021, as was the case in 2020 highlight the importance of proactive, not reactive, risk management.
Our focus at ABM Risk Partnership is on helping organisations up-skill and reap the benefits of robust Risk Management – capitalising on opportunities and minimising threats. Contact us via email or give Anthony a call on 0404 829 040 to find out more.
