Mitigating
Risk
Mitigate
Risk
Increase Operational Resilience
Improve
Agility
Select a different issue
Mitigate
Risk
Improve
Agility
Select a different issue
COVID-19 has been the ultimate organizational, industrial and societal stress test, shining new light on risk management’s role in resiliency and agility. During a period of economic uncertainty, managing risk takes center stage as companies shore up against potential threats to their business. Being able to identify and mitigate risk—and ask the right questions—early on will enable your organization to adapt more readily in the future.
Risk management doesn’t go away as soon as immediate threats are neutralized. Now, organizations must shift their focus to what’s next, proactively preventing the threats that can be anticipated and improving response and recovery time for those that cannot.
Increase Operational Resilience
In this new environment of increased uncertainty and ongoing risks, it doesn’t make sense to attempt to prepare for everything one can think of—and by the same token, one cannot think of everything that could possibly occur. The next black swan event may come without any warning whatsoever. Businesses that come out on top will be those that are resilient by design rather than simply acting retroactively. Agility involves thinking about and preparing for the unanticipated.
Improve Agility
Efficient Performance Reporting
4 Tools to Unlock Agility
return to top
Conduct a business continuity risk assessment to identify potential operational, financial, cyber and market risks.
Determine direct and indirect impacts and generate an action plan.
Identify a response team to lead ongoing crisis management efforts, coordinating with appropriate federal, state and local authorities.
Communicate with internal and external stakeholders—as well as their surrounding communities—about coronavirus updates and how your organization is responding.
Reassess Risk
Anticipate What’s Next
Monitor Emerging Risks
Read more on reimagining business resilience for the agile age >
Mitigate Risk
persevere
MAINTAIN
RECOVER
Increase Operational Resilience
How prepared is my organization— and what does “prepared” look like?
persevere
MAINTAIN
recover
What is our third-party
risk exposure?
What is our organization’s insurance coverage, and do we have funds to support this crisis?
How can this threat unfold and evolve, and what scenarios do we need to consider for our organization?
How prepared is my organization—and what does “prepared” look like? Determine your organization’s level of preparedness.
What is our third-party risk exposure? Limit and manage your third-party risk exposure.
Identify critical third parties and assess which are most impacted by COVID-19.
Develop risk scoring for third parties through surveys, interviews and audits, and ensure contracts are updated.
Build scenario models to understand the potential impacts of third-party disruption on your organization.
Review risk controls in contracts and reach out to vendors to understand how they will be enforced in the current environment.
Consider engaging business partners to support their resiliency efforts, thereby lessening supply chain risk.
Create a backup plan. Identify alternate options should your primary vendors be unable to deliver on goods or services.
What is our organization’s insurance coverage, and do we have funds to support this crisis? Review insurance coverage and map out claim recovery.
Evaluate your insurance coverage for business interruptions.
Determine if policy covers crisis management support activities.
Identify the impact from civil authority and ingress/egress coverage, service interruption, supply chain interruptions, loss mitigation, and extra expenses like increased logistics and redistribution costs, higher costs related to workforce disruption as well as shifting productions to potentially higher-cost locations, and others.
Establish milestones for claim recovery. Resources are likely going to be stretched thin for the foreseeable future. It is important to create milestones and hold all members—from the adjusting team to internal stakeholders—accountable for achieving those goals.
How can this threat unfold and evolve, and what scenarios do we need to consider for our organization? Plan ahead to identify threats and mitigate risk.
Regularly monitor announcements from the WHO and the Centers for Disease Control and Prevention to determine additional potential impacts that could be coming down the pike for your organization.
Establish various versions of your enterprise risk assessment and related action plans that can be adapted to help mitigate risk should additional waves of the outbreak take place, taking into consideration where they might unfold.
Evaluate both control and accounting implications within the different scenarios—for example, COVID-19 could complicate how businesses comply with the new Current Expected Credit Losses accounting standard because of how challenging it is to accurately estimate credit losses in the current environment.
Predict
Prevent
Prepare
Predict
Refresh your organization’s risk profile based on current risk appetite and tolerance.
Put a process in place for identifying and collecting information about new or changing risks.
Continuously monitor relevant macro trends through qualitative and quantitative indicators, and refresh overall risk assessment and plan as needed.
Likelihood
Impact
Effectiveness
Residual Risk
+
-
=
Update and document controls and processes (with a focus on leveraging technology to automate where possible) to mitigate identified risks, including monitoring and adjusting action plans as needed.
Revisit compliance programs and ensure they’re operating effectively for the new risk environment.
Reevaluate your vendor relationships and ensure accountability measures are in place.
Bolster Internal Controls
Update Compliance Processes
Reduce Third-Party Risk
Prevent
Embed risk management in planning, communications and training across all functions.
Engage
and Evangelize
Test and
Remediate
Update Insurance Coverage
Improve
Response Time
prepare
Test the design and operation of new controls and remediate as necessary.
Revisit your risk retention and transfer strategy, and optimize your insurance coverage.
Evaluate your organization’s performance during the height of the crisis to identify areas of improvement for the next crisis.
Building an Agile Risk Management Function
Agile Problem Solving Over Overpreparation
Think Differently
Data-Driven Decision Making
Contingency planning reaches a point of diminishing returns as the list of worst-case possibilities grows infinitely longer and increasingly dubious.
Executives need a problem-solving and decision-making framework and capabilities that align with the various types of known and unknown risks.
When facing ambiguous and unpredictable situations, real-time agile problem-solving skills trump traditional preparation activities.
Applying problem-solving skills to any situation, under significant pressure and time constraints, takes training.
Employees need to be taught methods for making sense of disruptive change, interpreting information and gaining additional insight when information is incomplete.
Whether the risk environment is predictable and stable, or complex and unknowable, different risk domains require different concepts and techniques to react effectively.
At the crux of agility is data. Data is the engine of faster, smarter decision making. Turning data into insight and insight into action requires more effective use of technology.
Data-Driven Decision Making
Think Differently
Agile Problem Solving Over Overpreparation
4 Tools to Unlock Agility
Dynamic Forecasting
Integrated Performance Management
Enterprise Data Governance
Reinforces alignment by staying focused on the KPIs that really matter.
Shifts the balance of management’s focus toward a heavier weighting on the future.
Focuses on shortening the cycle between gaining insight and taking action related to Critical Success Factors and Key Performance Indicators.
Focuses on ensuring enterprise data is available, accurate and timely to make informed decisions and catalogued to extract business intelligence and risk.
