16
GLOBAL RISK LANDSCAPE 2021
GLOBAL RISK LANDSCAPE 2021
17
ARE RISK FRAMEWORKS STILL FIT FOR PURPOSE? The coronavirus pandemic has tested risk frameworks to the limit
Risk frameworks aren’t
broken - but the focus needs to be on how they are applied JAMES CRASK, MARSH
“The risk frameworks aren’t broken,” says Crask. “Rather the focus needs to be on how they are applied.” It wasn’t that risk frameworks were too rigid either, says Julia Graham, chief executive of Airmic. Instead, they weren’t initially designed to respond to emerging risks such as the pandemic, which require completely different tools and interventions. “An effective risk radar is vital, so risk managers have the tools that can keep an organization informed and up to date when something is happening at speed,” says Graham. “However, no matter how good the tools, people are always more important. Resilient companies are likely to have fast and agile risk management and crisis management in place, empowered with the ability to respond with agility, flexibility and adaptability to keep up with events.”
The effectiveness of organizations’ internal risk frameworks has been called into question after they were tested to breaking point during the COVID-19 pandemic. In the wake of the crisis, concerns have been raised about whether they were, in fact, too rigid in the face of such unprecedented disruption.
address risks,” says Iain Wright, chair of the Institute of Risk Management. “In many ways, last year’s experience only serves to reinforce their importance.” The challenge with COVID-19 particularly, says Lizzie Cryan, risk manager for Heathrow, is that it manifested itself in such a wide-ranging manner. And many frameworks had never before been exposed to such a widespread risk, she says. “Particularly in our industry, because of the pandemic’s nature it is a far-reaching, long-tail risk that has caused widespread disruption throughout the supply chain,” says Cryan. “As such, risk frameworks have never been tested before to this magnitude, so it has been a massive learning curve for all of us.”
But risk managers and experts disagree with this analysis.
“There has been a huge amount of investment in internal risk frameworks by organizations to identify, measure and
of respondents had “global health crisis” on their risk register for 2020 53 % 58 % 90 % agreed that it had helped them to manage the risk in reality Of those of all respondents agreed that 2020 triggered them to re-evaluate their risk framework entirely
PROBABILITY VERSUS IMPACT
PRIORITIZING FUTURE RISKS
Our survey found 53% of respondents had a global health crisis on their risk register for 2020, indeed pandemics have been on the World Economic Forum’s Global Risks Report top ten risks for the past decade. Of those respondents, 58% agree it had helped them manage the risk. Yet, 90% of all respondents say last year’s event has prompted them to re-evaluate their risk framework completely. That’s because many were taken by surprise by the pandemic’s extent. Now that it’s on their radar, businesses must prepare for the likelihood of similar future events. “One major reason why events have still taken organizations by surprise is the pandemic is a low-probability but high- impact event,” says Graham. “A significant factor that many business have struggled with is the sheer speed at which events took place, the changing profile and level of impact it has had across the world.”
James Crask, resilience advisory lead for the UK and Ireland at Marsh, says the key takeaway is the need for greater focus on future risk. But with so many potential threats, it’s about prioritising the most important, he says. “Many organizations hadn’t necessarily prepared for such an event that impacted on all of their geographies at once on such a scale as the pandemic has done,” says Crask. “This meant the controls they had in place didn’t work as well as perhaps they should have done than if they had considered the risk more broadly, which is a note of caution for the future.” He argues frameworks need to be rigid to an extent to enable a consistent approach to managing risk. The risk register, he adds, also needs to be used in conjunction as a tool to inform better decisions, rather than in isolation.
Made with FlippingBook HTML5