By Jim Wetekamp, CEO, Riskonnect.
Reprinted as published by Forbes.
The past year has been full of unexpected risks, unwanted surprises, and unimaginable consequences. Organizations everywhere were caught flat-footed by a risk they never planned for – and many are still contending with the disparities and fragilities laid bare by the pandemic.
Adding to the misery is that the next disaster could come at any time – even before the current crisis ends. Climate change, cyberattacks, social unrest are all top contenders. Or it could be something entirely off today’s radar – just like COVID-19 was.
How at risk are you?
That is the question everyone is asking, but it’s extremely difficult to answer if you are set up to manage risk by type, departmental responsibility, or whether or not it is insurable. In the real world, risk cuts across all areas of business. You must be able to see the full scope of what you’re dealing with to understand how at risk you are.
Getting that big-picture view is not always easy. Start by taking a long, hard look at how you are managing risk. What has worked and what hasn’t while navigating the challenges of the current crisis? Keep in mind that just because something has always been done a certain way does not mean it’s the best way to get the job done. Sometimes you must make a clean break from the familiar to gain the freedom to reimagine what could be.
Now is the time to prepare for the next “big one.” Break your old, inefficient risk management ways and evaluate people, processes, and systems that will give you the resilience to withstand whatever comes next. Here are three places to start.
1.Break Down Your Silos
Risk doesn’t respect geographic borders, business-unit boundaries, or the lines on an org chart. Something like a data breach – originating as an IT risk – can trigger an avalanche of interconnected consequences involving legal, reputation, customers, revenue, and more. Traditional risk management methods of managing risks one by one or department by department are useless when faced with a fast-moving, interconnected risk like this. By the time siloed functions come to agreement on action, not only has the moment gone, but the situation you thought you were dealing with has completely changed.Yet according to a survey from our company, 35% of organizations say their risk processes and technology remain largely siloed.It’s time to break down silos of people, data, and processes and build up a barrier-free view of risk across the organization. With broader visibility, you’ll have a better understanding of the full impact of that data breach on the organization so you can quickly coordinate and prioritize your actions for maximum results. Greater visibility also can help you identify and address seemingly inconsequential risks before they snowball into something catastrophic.
2. Break Your Risk Systems
The universally loved and ever-popular spreadsheets are easy to use, easy to modify, and easy to share. The problem is that they simply were not designed to handle the enormous amounts of data, intricate calculations, or numerous users required to manage risk today. Managing risk in a multitude of static spreadsheets owned by different departments might eventually get you a report, for instance, but there’s a good chance the data will be too old or incomplete to do much good. The fact is that you can’t make the best forward-thinking decisions using backward-looking data. Yet 62% of large organizations still rely on spreadsheets for critical business insights.Break away from spreadsheets and build back with technology that will give you instant access to real-time risk data to inform your response strategy. Accelerate your digital transformation to get all risk data in one place where it can be analyzed, shared, and visualized in a human-friendly way. Timely and reliable facts are essential to getting in front of expanding risk.
3. Break Your Risk Mindset
Bureaucracy, red tape, and personal fiefdoms all prevent you from getting what you need to manage risk effectively – that is, fast, reliable information on which to base decisions. If the right hand doesn’t know what the left hand is doing, you could end up doing duplicate work – or worse, conflicting work. Efficient coordination, communication, and decision-making are critical. Yet one quarter of organizations acknowledge that they did not communicate effectively in their most serious crisis.Break your risk mindset that managing risk is someone else’s job and build it back with the culture and tools to make it everyone’s job. For risk management to be truly effective, it should be a part of the decision-making process at every level of an organization.
And that brings us back to the question: How at risk are you?
Finding the answer has taken on a new urgency in today’s environment where risks are more numerous, more complex, and more interconnected than ever.
The truths revealed over the past year can orient you toward resilience. But it’s important to understand that the lessons learned about managing risk in a pandemic cannot be just about COVID-19. Indeed, if you learn nothing more than how to fight the last war better, you will have missed the point.
Channel that hard-earned knowledge into constructing a risk management function that brings together the people, systems, and intelligence to help you fully understand the impact of every risk and the consequences of every decision. The risk management function of tomorrow will not just help you respond well to something that already happened, but it will give you the foresight to see what’s on the horizon and the agility to change course. That’s your path to resilience.
This article was originally published by Forbes. Jim Wetekamp is a member of Forbes Technology Council. Learn more about Riskonnect’s Integrated Risk Management solution.