Introduction
The COVID-19 pandemic has indeed shocked
the world and are putting many business in a fragile state in being able to
sustain in the long term. COVID-19 as the current biggest threats to organisations
regardless of their industry and locations, has pressured businesses to
reevaluate their priorities and business strategies to strive in the already
challenging world but companies has taken a step back to assess whether its
current risk management process is robust enough for the business impact from
COVID-19 or other external risks.
The Rise of Environmental, Social and Governance Risks
The World Economic Forum in one of its
recent reports has shared that the biggest risks businesses will
face in the next year (up to 18 months) is the prolonged recession of the
global economy. Organisations should be
aware that external risks, including the Environmental, Social and Governance
(ESG) risks are categorised beyond the fallout of the pandemic; economic risks,
societal risks, technological risks and environmental risks and should raise
concerns amongst businesses.
Organisations by now should have already
looked at the approaches to feasibly integrate ESG risks into its business risk
management. Just like the business threats imposed from COVID-19, these ESG
risks are not expressed using financial metrics. But as from what has been
vivid from the pandemic, they certainly pose great financial implications.
Climate change has been under the focus of many businesses nowadays as not only
it has gained tractions from regulators, but it has caused social unrest and
physical disasters or transition and physical risks to organisations. This also
has caused the risk landscape to be changing, and changing drastically. The
rise in not only economic, but health, social and environmental crises we all
are facing today could only mean that organisations must reevaluate the
corporate strategy, reframe their business future ambition and revamp the risk
management framework as a whole.
New Approach to Risk Management
It has taken the detrimental effect of
COVID-19 to coerced organisations’ Board directors and managements to scrutinise
external risks (including ESG risks) as the core subject, and relook at the
areas lacking in management and monitoring of external risks.
Just weeks before the pandemic, the result
from a survey of 500 Board directors and Chief Executive Officers (CEOs) found
that only around one-fifth of Board directors were “very satisfied” with their
effectiveness in overseeing changes to the risk landscape and resulted in adjustment
in organisations’ risk appetite accordingly. This is also the same ratio that represents that Board directors were “extremely
confident” in risk reporting from management on a range of significant issues.
These findings signifies the point that
conventional risk management processes should change and improve, and companies
are paying attention. The World Economic Forum also provides insights from a
published paper on integrated governance that noted the necessity for
businesses to also improve in stakeholder engagement in order to manage risk
strategically.
One of the six recommendations is to internalize
material ESG & Data factors in enterprise risk management and Boards must
gain more in-depth understanding of rapidly evolving environmental, social,
governance and data stewardship risks.
Recently, COSO launched a report that
focuses on the integral components of the Enterprise Risk Management (ERM)
framework, the Risk Appetite Framework. The report by COSO highlights the
approach on transform business ‘to anticipate and understand their risk when
change happens and to better embrace change and be more agile in challenging conditions’.
This is mainly because in complete absence
of a good governance of risk management of both from the internal and external
stakeholders’ perspective, organisations will not have the necessary resources
and capacity to set up a robust external risk management processes. This will
also come hand in hand with the fallout from the lack of trust with
organisations’ stakeholders. External or ESG risks management do not only
require organisations to look at how they can protect shareholder interest but
it’s about being prepared and responsive to the societal and environmental
needs as a whole.
The Limitations of Conventional Risk Management
The survey by EY global risk also shows that close to 80% of
Board directors indicates that organisations are unprepared for significant
events such as the COVID-19 pandemic. This is probably due to the lack of governance
practiced in conventional risk management as only 40% of Board directors and
management explained that ERM are effective in managing atypical and emerging
risks.
This is contributed due to data management
and analysis. We have now seen that the majority of the current risk management
processes have become obsolete and are not built to manage the abundance of
critical data generated. Without efficient data management and analysis, the
typical risk management process may not succeed in extracting meaningful
insights and apply the necessary steps to gain the value and benefits from data
analysis.
50%
of financial leaders concur to the statement that they spend more time
gathering and processing data than they do analysing it, yet alone the
decision-making process based on through risk data analysis.
Apart from good corporate
governance practices, the Board directors have
imperative roles in ensuring risk management practices in organisations run
efficiently. The power of data should not be overlooked. Obtaining and most
importantly, utilising a continuous stream of valuable and latest data and
information is paramount in order to gain buy-in at the Board level.
Evaluations and understanding of emerging trends, and prioritising the needs
and demands of stakeholders are key considerations to ensure organisations to
improve in the overall risk management processes and improve the organisations’
performance. Thus, it is absolutely essential for Boards directors to have the
support via data analysis to gain the awareness and insights of the impacts of
poor external and ESG risk management on the business.
Technology is the Solution
The current business environment requires
organisations to meet stakeholder demands and expectations. The question is; Do
organisations have enough resources and capabilities to meet the demands and
expectations? One of the pressing matters to get internal management’s buy-in is
the investment in technology. Organisations cannot be both timely and accurate
in producing information from data analysis without the very latest technology.
Organisations need a defensible, technology-driven process to back that up and
to monitor the risk landscape as it evolves.
The business world we are in today are
exposed to complex external risk environment that make organisations vulnerable
to broader, complicated and often indirect risks that are very challenging to
manage and monitor. As mentioned earlier, effective risk management presses
organisations to be focus on data-driven approaches that allow organisations to
mitigate the external landscape and focus on the risks that are the most
material. These insights will provide with strategic considerations to enable a
more dynamic business decision making.
Organisations should start to reinforce
risk governance and internal controls and these need to be aligned with the
areas that are deemed critical to be improved and transformed. Together with adoption
of sophisticated technology software and infrastructure, organisations will possess
the systems in place to utilise extensive range of data into something useful
and viable information to develop business strategies and profitable business
making processes, where and when it matter most.
If we revise the impact of the pandemic,
organisations should have already anticipated the drastic response from
regulators, governments, peers and wider society. According to Datamaran that tracked regulatory and corporate responses to
pandemic more broadly by applying Artificial Intelligence (AI) to analyse the
COVID-19 specific responses in real-time, the access to information are more
accurate and obtained faster that are imperative for data analysis to give the
edge to strive during and post COVID-19 crisis.
AI does not only save laborious time for
data consolidation, but it is extremely useful for consistent monitoring. This would
be beneficial in order for organisations to identify, structure and prioritise
specific risks that are the most impactful to them during a specific period of
time. With this, organisations will always be flexible and responsive to any
external risks impacting them.
Communication on Data-driven Approach in Risk Management Processes
Responding to risks is the defensive
approach for companies to be resilient. Proactive approach can be taken with
embracing data-driven strategies for other external risks that at the moment
are unclear, undetermined and uncertain. Leveraging on data with the right
systems and technologies should facilitate organisations to be ready when these
external risks emerge and impacting the business and the stakeholders within
the operational boundaries and value chain.
Organisations’ plans should not be based on
subjective judgements. Acknowledging that risk management is core to
organisations, investment in resources and capacity needs are crucial to ensure
overall business operations are robust and responsive. Organsations should also
focus on communicating the outcome of data-driven approach are being taken to
its stakeholders. Organisations should provide more information in the content
of the annual reports, that include the risk factors and the forward-looking
statements (should) be based on and rely on the risk analysis realised through
the risk management framework and corresponding processes. Organisations are
also encouraged to express how the Board directors and management determine the
risk level organisations are ready to accept that are based on data-driven
approach (Risk Appetite Framework). Stakeholders that are made aware of when
data feeds into organisations’ decision making, will be assured that the
overall business’ risk management processes are more robust, thereby increasing
confidence in the organisations.
Conclusion
As we look past lockdown to the rest of
2020 and beyond, robust external and ESG risk management is going to be
increasingly vital for building resilient businesses and improving the trust of
their stakeholders. Organisations should place the right governance and
strategies to ensure data-driven approach are integrated into the current risk
management processes to ensure responsiveness to the challenging risks to the
business.
All views and opinions expressed on this site are by the
author and do not represent any particular entity or organisation
0 comments:
Post a Comment