This article was originally shared on pwc.ie
Risk Management and COVID19
In response to COVID-19, most businesses have already recognised the need to identify and manage the risks and activities that are critical to ensuring their survival, risk management. Many have significantly adjusted major business processes and adapted their ways of working over the last few months. For some organisations, these may be permanent changes.
At this time, it is important that organisations don’t just focus on crisis management. They must be able to proactively identify and manage new risks and opportunities while recognising how existing ones may have changed. Shifting to a focus on the long-term success of the organisation is vital.
Businesses should assess the long-term impacts of the COVID-19 crisis on their resilience, as well as on their approach to risk management. There may be a lasting impact on the risk culture of organisations. This could lead to changes in the way they approach risk, including identification, assessment, monitoring and reporting of risks. Applying a risk lens as this situation progresses is important.
This is a perfect opportunity to engage with the three lines of defence to deliver critical insights, risk assessments and credible challenges to support effective risk management. Risk executives need to help manage the threat from COVID-19, while having a seat at the table with other members of the leadership team. They must ask the right questions today to support a recovery later, as well as preparing for the next major risk event.
Five Key Actions To Take Now
Review your risk appetite
In response to COVID-19, risk appetite might have changed. Risks previously accepted might now be looked at from a different point of view. Organisations should review their risk appetite to ensure they remain within defined levels of acceptable risk thresholds. They should monitor whether breaches have occurred or are likely to occur in the future. Organisations need to re-evaluate their ‘red lines’ and be aware of the potential impacts on stakeholders, including their employees, investors, customers and suppliers. A review of the firm’s risk appetite in light of changes to the business model and strategy is crucial to develop a strategic response, prepare for the period ahead and to emerge stronger after COVID-19.
Identify and assess your risks
COVID-19 has been a major event triggering a reassessment of business risk. Risks previously identified may not be front of mind when in crisis management mode. However, they are not diminished by the pandemic. In light of COVID-19, organisations should challenge assumptions made previously. Review the existing risk profile and ensure the likelihood and impact of risks reflects the current position following the impact of the recent pandemic and the changing risk landscape. Identify the less obvious risks by looking beyond the immediate challenges and consider the potential knock-on effects.
Revisit your internal controls
In these uncertain times, organisations will want to ensure that shortcuts are not being taken, no opportunity for override of controls exists and rigor in procedures is still present. The design and operating effectiveness of controls should be reviewed to ensure they are fit for purpose in effectively mitigating risks. Where required, controls should be modified, replaced and new controls implemented to respond to current circumstances. Ensuring that internal controls are still functioning effectively should be a continual focus in today’s uncertain environment.
…For the next 2 key actions, continue reading here.
Have you Maximised Employee’s Ability to Work Remotely?
Successfully Lead Employees During This Time
Having the ability for your employees to work remotely is a huge benefit for companies to invest into.
We can help you:
Support is essential for your employees to limit any downtime or technical issues, allowing them to maximise workflow for the company. Contact us now for more information.
Our personal, hands on approach is why so many of our clients affectionately refer to us as “Their IT Department”. Contact us now for more information.