Altered Risk Landscape
There was a consensus among survey respondents that coronavirus had dramatically altered the risk landscape most organizations face, introducing some very fast-emerging issues. Impacts such as a rise in mandatory/voluntary work from home, shift in customer behavior, preparedness for cost optimization, and third-party or supply chain risk all have accelerated or changed priority.
ERM teams are monitoring several implications of working from home becoming the new normal, such as cyber security risk, shifts in productivity, and how they can operate an ERM program remotely. For example, they are evaluating how to run a risk workshop while everyone is working from home
ERM teams are speaking with risk owners to determine how the risks they own have changed and if their mitigations are effective. “Audit and risk leaders need to distil this information and use it to focus discussions with the board and senior leadership around the near-term business impact of these risks to ensure the enterprise response is updated to reflect the current environment,” said Mr. Herd.
The tactical measures that most ERM leaders are taking immediately are:
· Updating risk assessments to account for changes in risks such as third party, supply chain and cybersecurity, and ability to execute remotely
· Working with senior leaders to ensure the organization does not adopt a disproportionately risk averse posture
· Working with senior management to ensure cost optimization decisions account for risk and potential impact
· Updating communications to the board and management with specific risk-based insights surrounding near-term COVID-19 impact and recommended actions steps
Another way the ERM team should seek to demonstrate value and leadership during this crisis is by liaising with the numerous teams managing different aspects of the crisis.
“ERM should use its unique position having an enterprise-wide purview to extract lessons learned from the teams involved in managing the crisis,” said Mr. Herd. “These lessons include understanding the efficacy of business continuity and crisis management plans, interdependencies, and emerging risk sensing and assessment practices.
Gartner clients can access the full research in ERM Heads’ Short- and Long-Term Actions for the Coronavirus Outbreak.
Learn more about how to lead organizations through the disruption of coronavirus in the Gartner coronavirus resource center, a collection of complimentary Gartner research and webinars to help organizations respond, manage, and prepare for the rapid spread and global impact of COVID-19.
About the Gartner Risk Management Leadership Council
Senior executives need actionable information to make quick decisions. Successful organizations embed risk management into strategic decision-making processes to help the business execute on its growth priorities. Gartner Risk Management Leadership Council equips enterprise risk management leaders with insights, advice and tools to better navigate high-risk growth decisions. More information can be found at: https://www.gartner.com/en/audit-risk.