Even as late as February 2020, if the word ‘pandemic’ featured at all in an organisation’s risk management plan it was somewhere near the bottom of the page, way below cyberattacks, financial crises and risks around conduct and ethical behaviour, possibly squeezed in tiny type.
Prior to COVID-19, this seemed entirely reasonable given that the most recent pandemic was more than a century ago. Still, it raises important questions about how to take a more proactive approach to risk management and compliance in an uncertain world.
As we emerge from the immediate response phase of COVID-19 and enter what’s being termed ‘COVID-normal’ we can expect a period of fluctuation and volatility. Cities and regions worldwide, including in Europe, are already facing second waves of shutdowns. Safety regulations can shift overnight, as can border restrictions. Business will face rolling changes in compliance and regulation, while consumers will alter their behaviours again and again.
The question is: how do organisations operate during such a changing environment? And how do you take a proactive approach to risk, controls and compliance rather than simply respond?
Risk management: don’t set and forget
A risk framework outlines your organisation’s risk management approach, risk appetite, and risk tolerance, plus accountabilities and responsibilities for managing risk. We advise that in today’s world you should constantly reassess and update your framework – as frequently as weekly, or even daily. Organisations that are proactively managing their risk, controls and compliance activities will potentially be better positioned to respond to change.
The risk interconnectivity factor
Risk is a complex ecosystem. Right now, for instance, thousands of businesses are in danger of being forced to shut down (or remain shutdown) depending on how the government is managing the COVID-19 crisis, and on how the public is responding to the health rules.
Then there’s the fact that risks are interconnected. For a current example that is not COVID-related, look at climate change. The World Economic Forum’s Global Risks Interconnections Map 2020 shows climate action failure is linked to extreme weather, which is linked to food and water crises, which in turn is linked to critical infrastructure failure. Crises are often interdependent and, even when they’re not, what’s to stop more than one crisis occurring at the same time?
Businesses in Australia, for example, are entering the bushfire season right now, while those in the northern hemisphere face the winter flu season. Is your organisation equipped to handle these challenges while also coping with COVID-19?
The answer lies in being proactive. Effective risk management and compliance is about being a step ahead, rather than waiting to respond, and the best way to do this via scenario planning.
Scenario planning allows you to assess what risks your organisation is facing – both those you can influence and those you can’t – and then plan how you might head them off. And if COVID-19 has taught us anything it’s that organisations (including government organisations) can respond remarkably nimbly in a crisis.
For example, many businesses fast-tracked their digitisation process in 2020, such as enabling remote working and ecommerce. PwC’s 2020 Annual Corporate Directors Survey found most board members think executives have done a great job of navigating the challenges thrown at them in the early days of the COVID-19 crisis. But how are organisations preparing for the next set of hurdles? What scenario planning and proactive planning is underway that harnesses the agility and responsiveness of the past few months and applies it to future risk management and compliance?
A compliance function that’s fit for the future
From taxation to trade to environmental regulation, compliance is a significant and often costly consideration. PwC’s 23rd Annual Global CEO Survey found 36% of chief executives reported being extremely concerned about overregulation, ranking it the top threat to their organisation’s growth prospects. (The survey was conducted in late 2019, before the coronavirus pandemic took hold.)
Your risk management function should be efficient and agile and your organisation should always manage risks responsibly. This means identifying and communicating responsibilities and accountabilities, plus having clear escalation pathways.
Assess your risk management framework
The hallmarks of a good risk management framework are pragmatism, flexibility, informed decision-making and ecosystem connectedness. In particular, businesses should consider:
Your risk management function should be efficient and agile, and your organisation should always manage risks responsibly. This means identifying and communicating responsibilities and accountabilities, plus having clear escalation pathways. Acting now can position you for greater success in the months ahead. For a deeper discussion on how to assess and manage your risk management efforts for sustainable recovery, contact your local PwC Assurance team or me directly.
© 2017 - 2020 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Liability limited by a scheme approved under Professional Standards Legislation.