Sustainable recovery in uncertain times

Sustainable recovery in uncertain times

By Clare Power - Risk Assurance

Share this article

How the right approach to risk management and compliance can drive resilience

Even as late as February 2020, if the word ‘pandemic’ featured at all in an organisation’s risk management plan it was somewhere near the bottom of the page, way below cyberattacks, financial crises and risks around conduct and ethical behaviour, possibly squeezed in tiny type.

Prior to COVID-19, this seemed entirely reasonable given that the most recent pandemic was more than a century ago. Still, it raises important questions about how to take a more proactive approach to risk management and compliance in an uncertain world.

As we emerge from the immediate response phase of COVID-19 and enter what’s being termed ‘COVID-normal’ we can expect a period of fluctuation and volatility. Cities and regions  worldwide, including in Europe, are already facing second waves of  shutdowns. Safety regulations can shift overnight, as can border restrictions. Business will face rolling changes in compliance and regulation, while consumers will alter their behaviours again and again. 

The question is: how do organisations operate during such a changing environment? And how do you take a proactive approach to risk, controls and compliance rather than simply respond?

Risk management: don’t set and forget

A risk framework outlines your organisation’s risk management approach, risk appetite, and risk tolerance, plus accountabilities and responsibilities for managing risk. We advise that in today’s world you should constantly reassess and update your framework – as frequently as weekly, or even daily. Organisations that are proactively managing their risk, controls and compliance activities will potentially be better positioned to respond to change.   

The risk interconnectivity factor

Risk is a complex ecosystem. Right now, for instance, thousands of businesses are in danger of being forced to shut down (or remain shutdown) depending on how the  government is  managing the COVID-19 crisis, and on how the public is responding  to the health rules.

Then there’s the fact that risks are interconnected. For a current example that is not COVID-related, look at climate change. The World Economic Forum’s Global Risks Interconnections Map 2020 shows climate action failure is linked to extreme weather, which is linked to food and water crises, which in turn is linked to critical infrastructure failure. Crises are often interdependent and, even when they’re not, what’s to stop more than one crisis occurring at the same time? 

Businesses in Australia, for example, are entering the bushfire season right now, while those in the northern hemisphere face the winter flu season. Is your organisation equipped to handle these challenges while also coping with COVID-19? 

The answer lies in being proactive. Effective risk management and compliance is about being a step ahead, rather than waiting to respond, and the best way to do this via scenario planning. 

Staying agile

Scenario planning allows you to assess what risks your organisation is facing – both those you can influence and those you can’t – and then plan how you might head them off. And if COVID-19 has taught us anything it’s that organisations (including government organisations) can respond remarkably nimbly in a crisis. 

For example, many businesses fast-tracked their digitisation process in 2020, such as enabling remote working and ecommerce. PwC’s 2020 Annual Corporate Directors Survey found most board members think executives have done a great job of navigating the challenges thrown at them in the early days of the COVID-19 crisis. But how are organisations preparing for the next set of hurdles? What scenario planning and proactive planning is underway that harnesses the agility and responsiveness of the past few months and applies it to future risk management and compliance?

A compliance function that’s fit for the future

From taxation to trade to environmental regulation, compliance is a significant and often costly consideration. PwC’s 23rd Annual Global CEO Survey found 36% of chief executives reported being extremely concerned about overregulation, ranking it the top threat to their organisation’s growth prospects. (The survey was conducted in late 2019, before the coronavirus pandemic took hold.) 

Your risk management function should be efficient and agile and your organisation should  always manage risks responsibly. This means identifying and communicating responsibilities and accountabilities, plus having clear escalation pathways.

Assess your risk management framework

The hallmarks of a good risk management framework are pragmatism, flexibility, informed decision-making and ecosystem connectedness. In particular, businesses should consider:

  • How good are you at thinking through risks?
  • Have the core principles guiding your organisation remained consistent during the COVID-19 recovery phase? Are you continuing to respond to the original needs and expectations of your stakeholders?
  • Do you have clarity around expectations from all stakeholders?
  • How capable is your organisation at escalation and decision-making protocols?
  • What learnings can your team take away from its initial response to help inform potential future challenges?  
  • Do you have the right information to make critical decisions? 
  • When planning, what is the risk of customer or  citizen (for Government) behaviour not matching assumptions and how do you respond?
  • Program coordination: who is responsible and accountable for what, when it comes to risk?

Your risk management function should be efficient and agile, and your organisation should  always manage risks responsibly. This means identifying and communicating responsibilities and accountabilities, plus having clear escalation pathways. Acting now can position you for greater success in the months ahead. For a deeper discussion on how to assess and manage your risk management efforts for sustainable recovery, contact your local PwC Assurance team or me directly.

Contact us

Clare Power

Clare Power

National Leader, Third Party Trust, PwC Australia

Tel: +61 (3) 8603 2360

Follow PwC Australia