- Business Risk and Resilience
This article is a part of Risk Update 1.
In January, the World Economic Forum published their Global Risk Report 2019, exploring economic, environmental, geopolitical, societal and technological risk factors.
A critical component of strategic management is the ability for CEOs to successfully identify and prepare for potential discontinuous events. While respondents to this survey were primarily from Europe and the USA, there are implications relevant for CEOs and CROs within the Australian market, particularly given the increasing adoption of offshoring and outsourced services, such as Software as a Service.
1. Organisations should conduct frequent assessments of their risk profile against their strategic direction
CEOs cannot simply look at risks in isolation but need to assess the inter-relationship of risks. This is critical for organisations that operate both within Australia and at a global level as consideration needs to be made on potential domino effects should multiple risks be realised. The importance of undertaking risk assessments at an enterprise level, such as through Group Risk scenario planning, is emphasised by examples of systemic risks being realised, such as the Global Financial Crisis.
The rapid rate of technological change through the adoption of emerging technology (such as Artificial Intelligence) and the potential disruption from malicious attacks mean that an organisation’s executive team need to have strong technology literacy to enable effective risk management and strategic planning. A further implication is the need for increased frequency of assessments of an organisation’s strategic direction to enable adaption and evolution at a similar rate to the technological landscape.
Variable risk perception is driving an increasingly complex global business environment. This complexity is driven by increasing technological threats, reduction of investment capital, new global regulations such as General Data Protection Regulation (GDPR), and individual government decisions with global ramifications (e.g. Brexit).
2. Organisational resilience is critical in the face of the increasing volatility of the global operating environment
Building effective organisational resilience is a fundamental consideration given the range and depth of potential disruptive events. This may include, for example, occurrence of an extreme weather event followed by a cyber attack. How well could your organisation withstand two significant business continuity events occurring within a short period of time? Given the risk landscape associated with operating in two or more countries, companies must consider scenarios where multiple events occur within quick succession, and prepare accordingly.
The report reinforces the importance of robust Business Continuity Planning. This includes the requirement for thorough business impact assessments and business continuity preparation. Should significant events occur, companies who have effectively identified appropriate scenarios and have built resilience into their people, process and technology, will achieve a better recovery.
Business continuity testing needs to incorporate critical systems at both local and international levels. Whilst the complexity of effective business continuity testing is increasing, it represents a vital operating expense in enabling confidence if a business continuity event was to occur. The report findings highlight the need for testing scenarios encompassing an organisation’s entire operating landscape, ensuring resilience in interdependent business critical systems, which may operate at international and local levels.
3. An organisation’s supplier network should be holistically assessed for resilience
Holistic assessment of supply chain resilience is needed to identify and remediate any critical points of failure. Assessing suppliers in isolation presents the risk that any interdependence between services is not adequately assessed and tested, leading to potential weaknesses which are only exposed in a business continuity event and result in a higher impact to the organisation.
Well considered and strategic supplier selection becomes increasingly important given the implications of risk management in an environment shaped by globalisation. This encompasses supplier location, working conditions and complexity of local regulations, which are essential factors in the face of unexpected significant events such as a high impact natural disaster or rapidly escalating geopolitical tensions.
Effective initial and regular evaluations of suppliers enable organisations to gain highly valuable intelligence regarding whether expected standards are being met, including critical controls being in place. Whilst this may form part of the initial selection assessment of a supplier, regular evaluation is required in order to ensure alignment of quality expectations as well as the identification of any corrective actions.
The findings within the Global Risk Report 2019 do not fundamentally change the requirement for CEOs and Boards to regularly scan the environment for risks, including those that may result in a discontinuous event, as part of their corporate governance responsibilities. The rapid rate of change and complexity of the global environment support the view that an increased frequency of assessment is required at an enterprise level for the broader landscape to be well understood and adjustments made to strategic direction. As the trend increases of services and business operations being outsourced, robust risk management across strategy, business continuity and supply chain should enable organisational resilience, protecting market position and competitive advantage.