An Evolving Threat Environment: New Challenges Facing Governance, Risk, and Compliance
From work-from-home conditions to evolving millennial needs and expectations, the current work environment is no longer reflective of the past.
Compounding these changes is a rapidly evolving threat landscape, increased risks of weather-related threats, heightened socio-economic challenges, glaring social inequalities, and crisis fatigue affecting organizational leaders and management on a global scale. With each challenge it becomes more and more clear that the gap between risk management practices of the past and the issues we face today has grown.
So, as risk and resilience professionals, how do we re-ignite an interest in risk preparedness across our organizations when we are facing unprecedented levels of crisis fatigue and change?
Instead of shying away from these rapid developments, we’re choosing to lean in and explore the governance opportunities offered by the World Economic Forum 2021 Risk Report. By further highlighting how microsimulations, dynamic workflows, and whole organization risk awareness can support risk management strategies from the ground floor – up, we’re certain that new challenges require new strategies and that we’re ready to step up to the plate.
Before we get into the nitty gritty, let’s summarize a few of the key factors forcing a change in risk management plans. Why? Because you’re going to get asked why you need to consider, and adopt, a new approach.
Key factors of change that are not going away anytime soon include:
1. Evolving climate change and weather-related events: the rate and impact of natural disasters is on the rise. 2020 produced natural disasters that cost the globe a 40% higher than average economic loss.
2. Socio-economic change and heightened inequalities: with increased expectations of ongoing employment crises and civil unrest, potential physical threats from a community-based level could rise.
3. New workforce expectations: differing from their Generation X and Baby Boomer colleagues, Millennials are expected to make up 75% of the workforce by 2025 and have different management and collaboration needs.
4. COVID-19: dramatically increased the number of remote workers and distributed teams, accelerating our propensity for digital transformation, but also our reliance on technology.
Even in the face of so many challenges, the World Economic Forum Global Risks Report highlighted several opportunities for better governance and risk response. By considering the potential benefits of adopting better communication strategies, public and private partnerships, and risk management frameworks, the Report shines a light on a few dark corners—and we tend to agree with a lot of it. Because of this, we’re prepared to share a few ideas as to how risk professionals can update their outdated practices to better respond to the difficulties of this new and evolving world.
5 Considerations When Reviewing Your Risk Management Plan
If you’re looking at the new threat landscape and noticing a gap between your current risk and resilience capabilities and needs, some questions to consider when assessing your preparedness for emerging threats may include:
1. How many organizational risk and resilience champions do we have?
2. Are risk and resilience champions embedded in the organization at all levels?
3. Has the appetite for traditional risk preparedness training (e.g. half-day crisis simulation exercises) dropped off? If so, how do we fill the void?
4. What public and private partnerships can we leverage to better prepare for events?
5. Does our organization know how to rapidly distil critical information and filter out clutter?
6. Do our Risk and Resilience Frameworks leverage the organization’s ongoing digital transformation?
Building Organizational Risk and Resilience and Capabilities from the Ground Up
Testing your organization’s ability to respond to the changing threat landscape is a sure way to measure the difference between perceived preparedness and actual success; however, given the widespread prevalence of crisis fatigue in 2021, it’s important to recognize that the appetite or half-day simulation training might simply not exist. We are still managing COVID-19 after all.
To bring organizational risk awareness and engagement back to life, there are strategies that can help revive your organization’s preparedness and response capabilities in a way that doesn’t further tax their fatigue. Before we get into these, it’s important to note that if your Risk and/or Resilience framework was last approved pre-COVID, then it’s time to consider its value in your current operating environment. Considering how your framework likely holistically accounts for ongoing digital transformation, now is the time to further include dynamic risk management strategies. Options to re-ignite awareness and preparedness may include:
1. Embed Risk and Resilience Champions: Winning hearts and minds takes influence. If you’re on a journey to embed Risk Champions, consider reframing the role to also cover “Resilience”. Both on two sides of the same coin, these Risk and Resilience champions can have a major impact during times of preparation and response.
2. Engage your public and private partnerships: Mitigating strategic risk exposures and effectively managing critical events will take engagement across multiple organizations and agencies. Re-establishing these relationships with your Risk and Resilience champions will be critical to ensure network strength during major events.
3. Build regular awareness through microsimulations: Light bulb moments about key risks take place when those risks materialize. Short, frequent, critical event microsimulation exercises can familiarize risk champions and their cohort with best response strategies before an event comes to play. Through microsimulations and workflows, your champions can action bite-sized risk preparedness exercises to raise awareness on key exposures. Although this shouldn’t replace your larger crisis simulations, it can complement them and increase capability at all levels.
4. Establish bite-sized dynamic playbooks and workflows: Agility is key. Core processes and checklists that increase the flexibility and agility with which stakeholders can respond to unique critical events is pivotal. Playbooks and workflows should include:
- Assessing the situation,
- Analyzing the impacts,
- Escalating for support and resource, and,
- A focused response given the impacts.
5. Increase threat awareness through automated intelligence: Leveraging lead indicators for risks, automate your threat monitoring. Using one of the innovative critical event management platforms on the market, your organization can go a long way to bring risk information to life without manual processes or bank breaking analysis. Even better, systems can also assist your organization in identifying credible sources of truth and reduce the risk of misinformation.
We can’t expect every worker to be a risk and resilience professional, so keeping things simple and low touch will be key; and, fortunately, technology can play a big role here. On the flipside, if you’re looking at systems that will still require management or team members to do a process that they didn’t do in the first place, then it’s not the right system. Fact.
Looking for a better way?
If you’ve been looking for a way to adapt to the new threat environment and increase your team’s critical event capabilities, consider adopting digital risk and critical event management tools. By making ongoing risk training the new norm among your team, you can take the weight off your finite critical event management team’s shoulders and help to operationalize an organization wide response.
With the opportunity to show evidence of revaluated governance and risk compliance strategies and a faster, more effective way to respond to a natural disaster event, leading technology and critical event platforms can help streamline your risk management plan and keep your people safe.
—
Resources