The past few years have raised the stakes for risk assessment, escalating business concern about not only traditional operating risks but also bringing to the fore an entirely new set of concerns. While we may be emerging from the ‘emergency’ phase of the COVID-19 global pandemic, there’s no time for complacency. It’s time to get real about the volatile environment in which every business, regardless of size, scale or sector, operates.
According to Deloitte’s Global Risk Management Survey, non-financial risks (NFR), concern over environment, social and governance (ESG) risks, and digital risks are at the top of the list when it comes to what businesses are now most worried about. Here’s what you need to understand about these new risks and why you need to keep them on your radar.
Non-Financial Risk (NFR)
This is a broad term that covers all risks that aren’t covered by the traditional ‘financial risk’ category.
Remember, even though these are ‘non-financial’, they can still have very real financial impacts on businesses. In fact, some of the largest risk events in recent years have stemmed from NFRs. Yes, COVID-19 has been a non-financial risk but the financial implications have been massive and will continue to be felt for years to come.
While almost all respondents to the Deloitte Global Risk Management Survey rated their organisations as ‘extremely’ or ‘very effective’ at managing financial risks, the figure dropped to 65 per cent for confidence in management of non-financial risks.
This figure alone shows that business generally needs to step up their focus and response capability in the NFR area.
Environment, Social and Governance (ESG) Risk
Don’t mistake the phrase – ESG – for a trendy buzzword. Rising stakeholder expectations around ESG presents a very strong business risk, but also a tremendous opportunity if handled well.
ESG risks range from climate change impact and wage inequality, to tax compliance. Alarmingly, 38 per cent of survey respondents ranked ESG as being one of the three risk types that would increase in importance for their organisations over the next two years.
ESG risk is real and it’s something that simply cannot be ignored.
Digital risks cover a range of categories including cybersecurity, data leaks, data security, and third-party risk, with cyberattacks harbouring the greatest potential impact across these categories. Again, 30 per cent of respondents named cybersecurity as one of the three risks that they believe will see the greatest growth in importance for them over the next two years. Considering the Australian Cyber Security Centre (ACSC) receives a report of a cybercrime attack every seven minutes, it’s no surprise that businesses are on high alert.
These new risks are of increasing importance when it comes to the ability to continue to operate and protect and preserve the reputations of businesses, brands and executives. The pace of social and technological change in our world shows no sign of slowing, and therein lies the perfect environment for crises to develop and inflict devastating effects.
Crises are unfortunately the new normal, and business need to address crisis preparedness as part of business-as-usual. Ask yourself – where does your risk management go from here? We’ll leave you with a few quick tips to give your business the best chance at success.
Some organisations will fail, some will survive, and some will thrive. Resilience is what distinguishes those that survive and those which do not. Deliberate forecasting and thorough planning can help a business to recover from even the most unforeseen and critical event. Incorporate operational resilience planning and communication into your risk management strategy and put response capabilities in place before it happens. Adopt strong governance in your business to adequately respond to risk in these unpredictable times and be able bounce back. Importantly, ask yourself what your business can learn from past crises in order to build resilience for the future.
Actively foster a strong risk-aware culture
All employees need to be made aware of their own risks in their environment and be empowered to recognise that their actions can make a difference. It’s culture, led by senior management, where employees throughout the organisation are inspired to identify and help to manage new and changing risks. This means that not only do leaders need focused development when it comes to crisis management, they also need to be involved in planning. A strong risk-aware culture can be a challenge given the prevalence of work from home practices, so methods for effectively managing and maintaining good communication with employees who are ‘hybrid-working’ also need to be considered.
Don’t let confidence outstrip competence
When it comes to responding to real risk, ‘fake it till you make it’ just does not work. Just because you feel confident in your risk management capacity, doesn’t mean you should be confident that your organisation will perform effectively when the time comes. Your confidence must come with competence. If a crisis hits and you do not have the proper systems, processes and trained personnel in place, you are risking catastrophic risk to your personal reputation, that of your business, ultimately jeopardising the trust and loyalty of your stakeholders.
The world is changing at a rapid-fire place and there’s a lot to consider. It’s time to assess whether you are truly crisis capable.