Managing risk in times of crisis

The ongoing COVID-19 pandemic has revealed major flaws in the way that many organizations manage risks. Although the World Economic Forum regularly warns of them in its annual global risk reports, pandemics play a minor role – if any – in risk management.

Even business continuity management (BCM) was limited in its solutions for coping with the COVID-19 crisis. Oftentimes, emergency systems and plans focused on mere IT malfunctions or disaster recovery. There was no holistic view of a pandemic with its massive effects on companies, society and politics across multiple continents in either business continuity management or risk management.

Right now, most companies are concentrating their efforts on merely managing operations throughout this crisis. As soon as the situation has somewhat stabilized, that focus will switch to assessing and modernizing crisis management. Companies will then need to ask themselves important questions. Were they well prepared to face the challenges of this pandemic? Have they made the right decisions? What must they do now to be ready when the next crisis strikes? How can they strengthen their resilience?

Companies that discuss these questions seriously will also need to address the issue of blind spots in risk management and business continuity management.

In the future, companies will need to address enterprise risk management in a broader scope so that risks related to the environment, health or even global supply chains play a stronger role in analytics. The goal is to take fast, targeted, consequent actions should these risks occur. This makes it necessary to add objective data from internal and external sources to the initial, subjective risk assessments. Creating risk scenarios and running risk simulations – especially for risks with a low probability of occurrence and high level of damage – lay the foundation for developing strategies and plans to overcome future crises.

The ongoing development of risk management has a direct effect on business continuity management and requires a strong link between both disciplines. A risk assessment and the strategies derived from it lay the foundation for the concrete actions defined in the BCM for securing business continuity in a time of crisis. BCM must focus on areas beyond IT outages and downtime and, similar to risk management, explicitly address environmental and health issues as well as the supply and sales chains. Accordingly, BCM is an integral component of active, holistic enterprise risk management.

To create a strong link between risk management and business continuity management, companies need an innovative software solution such as BIC GRC Solutions, which unites all relevant risk information on a single platform. Through this holistic view of the risk situation, companies can develop sustainable strategies to successfully deal with future black swan events. Users can clearly see the available risk information in BIC GRC Solutions, validate it by running simulations and stress tests on different risk scenarios, and define actions to steer and control in close cooperation with business continuity management. BCM then concentrates on designing and implementing these defined actions.

By integrating risk management and business continuity management, companies can drastically increase operational resiliency. Decision-makers receive all relevant risk information from an integrated, holistic risk management solution and are well equipped to respond quickly and competently to arising challenges in times of crisis. It’s important to take action now, because the next crisis is not a question of if but when.