Thanks to the global pandemic’s impact on organisations, the ‘unknown unknowns’ have really been hammered home. The ground has shifted beneath everyone’s feet. Risk management was among the top conversations at all levels in forward-thinking businesses before COVID-19; now it’s the only conversation worth having.
Overcoming doubt and apprehension in companies is a massive issue, so it’s essential that company directors and departmental managers are on board. Their ‘buy-in’ – figuratively and literally – is crucial and in a world where demonstrating accountability matters.
Here are six things, as a risk manager or director, you should be doing right now to best protect your company and its bottom line in a post-COVID-19 world.
1. Flex your communication skills
The direction you are taking and the decisions you make are important. The organisation (and everyone in it) needs you, so talk to your people.
Ask them the right questions: what are their environmental concerns? Are there any social issues that could impact the organisation? What political issues do they feel might impact the company in the coming weeks or months?
Communicate, listen, then act. Let staff know that their voices have really been heard, and that you have taken action based on their insights.
2. Become a storyteller
If you want the board and other executives to fully resource you, you must learn to appropriately frame the message. Find evidence and stories of other organisations that either fell down or rose above the rest – depending on their approach to risk – and contextualise them for your business.
Ask them to take the thought experiment with you: take one risk or risk domain and playout for them what would happen if that risk materialized, and how it would impact the company.
Explain to the board that your company’s success rests on its ability to identify, assess, and consider risk in all aspects of decision making. The key element to this is your skill in acting as a futurist for the company.
3. Know your tech
With cybersecurity now taking over as the leading global business risk, risk managers worldwide have to race to stay ahead of the trends. A serious cyberattack can shut your business down in seconds, so it’s paramount that you have a solid understanding of your digital universe, including internal – people, processes, and technology – as well as all external suppliers and customer touchpoints.
The next tech step is to do your research on software-as-a-service (SaaS) products that can help to leverage your risk approach and also integrate with AI to automate risk identification, assessment and mitigation.
4. Enlist the whole team
There is a key element of current risk review processes that you should lift and insert into your team. The risk owner.
Nominate someone from each department to continuously ‘own’ the risk perspective within their unit. They can monitor risks, report on them, and – crucially – act on them. They look outside and talk with partner organisations and third-party vendors to increase the efficiency of that communication, effectively plugging this straight into your risk pipeline.
5. Invest, educate, and evolve
Don’t just analyze insurable risks, then go ahead and purchase insurance and wipe your hands of the process.
Continue to consider organisational risks and connect your risk management processes to the company’s strategy as a whole. What can you foresee that might have a direct impact on your board’s ability to govern properly?
Check out every company you can find in the risk, compliance and cybersecurity space and subscribe to their newsfeeds and social channels. You may just find a nugget of future tech or opinion that will give you the edge!
Keep investing in your company’s safety and future – its livelihood depends on it.
6. Keep one eye on the horizon
There’s no silver bullet solution for the ‘unknown unknowns’, but the right mindset is as good a place to start as any. The question is, ‘How can we continuously be glancing over the shoulder of our organisation’s present moment and feel confident?’
How you frame your risk attitude and information security largely determines how you will experience it. Keep reading. Stay informed. Subscribe to other knowledgeable sources, and regularly set aside time to research emerging risks. Keep a watchful eye on politics, litigation, product developments and launches, and societal changes to best inform your company’s processes.
To get all your risk profile ‘ducks in a row’, there are plenty of SaaS platforms and cloud tools to help you get there, so make sure you do your research. Be sure to subscribe to one which provides a governance, risk and compliance solution, and has innovation and content ‘baked in’ to ratchet up your capability. It’ll give you a great platform and a much broader multi-domain approach to risk.