As we come to the end of another year, still dealing with the remaining vestiges of Covid-19, it’s timely to reflect on the year that was and what might be coming down the funnel next. (FYI text below video)
The starting point for organisations and the focus of this discussion is to recalibrate some fundamentals. Whilst returning to somewhat ‘normal’ after Covid-19 lockdowns and other restrictions (By January, 300 million cases had been recorded worldwide and 10 billion vaccinations had been administered), it is critical to remember that all the other risks that existed before the challenges of the pandemic are still there. Sure, the context is likely to have changed and the priority been revised but they are still to be dealt with, nonetheless.
Tip #1: Revisit the Risk Register and prioritise the key threats and opportunities. Challenge the assumptions that sit behind the details of risks and controls
Let’s examine some of the key issues that organisations dealt with in 2022.
The Russian invasion of Ukraine in February – an example of a major miscalculation – mistaking ambition for capability. It appears that Vladimir Putin thought invading Ukraine would be a quick and painless exercise. As we know now, some 10 months later, that couldn’t be further from the truth.
The Russian leader may have even believed that many Ukrainians would side with Russia in the conflict but as missiles rained down on their homeland, Ukrainians were galvanised into standing up to the aggressor in a way that has not only done them proud but has shocked the Russian military leadership to its very core. A costly error indeed.
Of course, the shock waves from the war have been felt across the world with spiralling energy prices, food shortages, particularly in third world countries and massive disruption to supply chains.
There is an old risk saying that goes ‘never waste a crisis’ – now is the time to take the lessons learned from any disruptions and commit them to writing in policies, processes and systems before they fade from memory.
Tip #2: Review the organisations’ Business Resilience capabilities – Emergency Response, Business Continuity, IT Disaster Recovery and Crisis Management
It is fair to say that 2022 has bought much relief as Covid impacts recede but there have also been many other issues driving increased anxiety and uncertainty. This has been exacerbated by things like the war in Ukraine but also by the massive amounts of change happening in society more broadly. Working from home, once a rarity but now an expectation after Covid, the ‘Great Resignation’ (particularly in the US but felt elsewhere), and labour shortages are impacting organisations and their ability to achieve their objectives.
Mental health issues, which had been on the increase as a consequence of lockdowns and general anxiety associated with a pandemic, are continuing to rise. Part of the reason is a positive – people are more willing to talk about when they are not ok and seek help. But the pressures of modern day living – home affordability, inflation, and less face-to-face time with colleagues has been contributing negatively. The focus on Mental Health has been maintained, if not strengthened in 2022 - we have reason to hope that those needing help can seek and will continue to receive the assistance they need.
Tip #3: People are the centre of any organisation and developing, protecting and supporting them is an investment not a cost. Review how your business can reduce its impact on people’s Mental Health
Supply Chain challenges continue although they have improved somewhat in 2022. We are still seeing product shortages, extended delivery times, reduced transport availability and elevated costs. Over exposure to single suppliers or particular geographies are still a challenge for some organisations and highlights the importance of Boards and Executives getting ‘under the covers’ to understand their risks and the effectiveness of controls to manage them.
Tip #4: Organisations must examine their exposure to Supply Chain disruption – from silicon chips to consumer goods – and understand who their key partners are and where any single point sensitivities exist.
Cyber Security incidents have continued and indeed accelerated in 2022. We’ve previously referred to this as an arms race between hackers developing new attack vectors and organisations implementing new defences. In Australia, two major attacks (Optus and Medibank) seem to have been relatively unsophisticated although full details are yet to emerge. It reminds organisations yet again of the importance of getting the basics right – good password hygiene, regular patching of software, disciplined control of access to systems, regular training of staff in recognising phishing / spam email attempts etc.
Tip #5: Cyber Security is a classic example of prevention being better than the cure. Organisations should review and gain assurance on the effectiveness of their preventative controls on a regular basis.
Natural disasters have continued unabated in 2022. In January, there was the volcanic eruption in Tonga, and Tropical Storm Ana that killed 115 in Madagascar. This was followed in February by Cyclone Batsirai killing 123 in Madagascar, Mauritius and Reunion.
June saw a 6.2 magnitude earthquake strike between Afghanistan and Pakistan killing at least 1,163 people. In mid-July, heatwaves hit Europe causing 53,000 deaths and multiple wildfires, travel disruptions and record temperatures. Flooding occurs n Pakistan in August claiming the lives of over 1,000 people.
Closer to home, Australia experienced massive flood events along the east cost including in the capitals of Brisbane and Sydney. The Northern Rivers and Western regions of NSW had major and repeated flood events.
As a timely reminder, the Intergovernmental panel on climate change (IPCC) released in 6th Assessment Report indicating many of the impacts of climate change are becoming irreversible.
Tip #6: Climate risk is impacting all organisations, be it directly or indirectly. If not underway already, organisation’s need to examine not only their exposure and responses to the impacts of climate change but also what they are doing to reduce their contribution to the causes.
Along with Cyber security insurance, covers for perils of climate change has been more challenging to secure. Insurers are refusing cover or providing dramatically reduced cover / major increase in premium for sites affected by natural catastrophes. The hard market cycle has continued in 2022 and organisations that understand the relationship between strong risk management and better insurance outcomes have fared better than most. There is further scope to develop long term value adding strategies for organisational insurance programs.
Tip 7: At ABM we firmly believe that businesses must ‘sell risk, not buy insurance’. This means having a robust Risk Management program. Organisations should assess the organisation’s Risk Management competency and develop a plan to address the gaps.
As the world has emerged from the worst of Covid-19 and the flow on impacts, businesses have refocussed on growth and opportunities. However, the playing field has changed - online shopping experienced massive growth during lockdowns and is here to stay. Employees have relocated out of major cities in record numbers seeking a better lifestyle whilst maintaining the ability to pursue a career. The geopolitical environment is continually shifting forcing organisations to re-evaluate supply lines and partnerships.
This should also prompt reflection and consideration of the operating environment the organisation is now in and what risks business is prepared to, or indeed must take to achieve its objectives.
Tip #8: Engage the Board / Senior Executive and update the Risk Appetite Statement to consider the operating environment that now exists.
As the worst impacts of the pandemic recede, organisations need to be cognisant of not reducing their efforts in regard to risk management. Indeed, the post-Covid world may indeed be even more volatile, uncertain, complex and ambiguous.
More than ever, organisations will need to practise proactive, not reactive risk management, investing the time, effort and resources into increasing the competence and capability of the organisation and its people.
Our focus at ABM Risk Partnership is on helping organisations up-skill and reap the benefits of robust Risk Management – capitalising on opportunities and minimising threats. Give me a call on 0404 829 040 to find out more.