Deputy CEO and Technical Director, Airmic
Contrary to some commentators, COVID-19 is not a “black swan” event. A global pandemic was not only predictable, it was predicted: scientists and experts have warned for decades that a global pandemic like COVID-19 was a plausible scenario.
The pandemic is a high impact, low probability risk. This type of risk does make it onto risk registers at country or company level, but often fades into the background when risk severity is considered as a combination of impact and likelihood.
These risks are also often hard to detect, difficult to assess, and easy to ignore. Leaders are more comfortable dealing with more obvious threats – it’s also much easier for risk professionals to ‘sell’ risk controls for more tangible and better understood risks. Leaders need the confidence to say they don’t understand – and work together to reach solutions.
This all matters, because it affects how we judge the world’s response to the pandemic, and therefore what lessons we learn for the next phase of this pandemic – or other pandemics that may grip our world in a similar way.
Managing risk cannot be a strategic afterthought
We knew this before the pandemic, but COVID-19 has hammered the message home with brutal effect. As the World Economic Forum’s COVID-19 Risks Outlook report1, published in May, makes clear, it is now vital to anticipate the emerging risks generated by the pandemic’s repercussions. In other words, we are still in a crisis phase.
Too often, risk is managed in business silos, resulting in leaders playing down emerging risks until they arrive.
This pandemic has taught the value of strong leadership exercised with agility for governments and businesses. Clear and unambiguous communication, with people front of mind, has long been considered important for effective crisis management – and it continues to be a differentiator between pandemic response winners and losers.
A change in approach is required
First, risk assessments and heat maps used for more conventional risks should be complemented by structured, creative discussions across business units that bring different and collaborative perspectives. This can help organisations to better identify emerging risks and understand potential risk trajectories, velocity and knock-on effects.
Second, the frequency of risk assessments and analysis should be a function of how fast risks are emerging and the level of their materiality rather than determined by traditional institutional administrative cycles. A time lag can open up when events move faster than the organisation, creating a gap between reality and perception.
Third, organisations should focus more on the interconnections between risks. An integrated enterprise-wide risk management framework can align risk-based decisions with corporate purpose and culture. Too often, risk is managed in business silos, resulting in leaders playing down emerging risks until they arrive.
From any crisis come new risks and opportunities
More than ever, organisations must focus on strategic ambitions and commercial priorities, and understand business dynamics. Risk professionals must step up and partner the business as ‘time-keepers’ helping to synchronise business reactions with external realities. Risk professionals who take a role supporting strategic decision-making can contribute to the creation of the risk-intelligent organisation.