How can data help you manage the rapidly changing landscape of risk?

Authors

Tonny Dekker

EY Global Consulting Enterprise Risk Leader

Excited to serve as a Global Client Service Partner with over 25 years working to transform the businesses of our big Global Clients. Straight-talker with a big heart.

Kris Lovejoy

EY Global Consulting Cybersecurity Leader

Cybersecurity guru. Married mother of four. Enjoys diving, hiking and refinishing furniture. Lives in McLean, VA.

Jim McCurry

EY Global Forensic & Integrity Services Deputy Leader

Deputy Global Forensics Leader focusing on helping organizations build their integrity agenda so they better anticipate and mitigate risk.

Kristina Albang

Consulting Managing Director, Ernst & Young Global Limited

Leader in business transformation and risk management. Passionate about diversity and inclusiveness to inspire others to achieve their full potential. Wife and proud mother of two boys.

5 minute read 26 May 2020
Related topics COVID-19 Risk Trust by design

COVID-19 creates an urgent need to rethink risk management. Embracing data can help leaders get ahead of threats and build resilience.

This article is part of a series about COVID-19 enterprise resilience.

Governments across the world are reducing restrictions on movement and business openings as COVID-19 curves flatten. But many countries are likely to turn these restrictions on and off, as the health crisis continues to evolve.

Businesses will need to adapt to these changes and bring a new risk mindset to the challenges of operating in this current phase of the pandemic. The unprecedented impact of COVID-19 has challenged previously held assumptions around plausibility and severity. As businesses adapt operations and build resilience, they will need an enhanced approach to risk that encompasses:

  • Agility: Businesses must be able to act immediately and urgently when new risks are identified and also continue to interpret and detect rapidly emerging risks in a very different landscape. 
  • Data-driven approaches: Leaders will need to shift from relying on subjective judgement towards adopting data-driven approaches – ones that link internal and external data to feed smart decision-making that aligns to firm strategy and risk appetite.

 Adapting operations

The impact of COVID-19 has created immediate implications for managing risk and raised questions around the longer-term approach to preparing for disruption. For most businesses, lockdowns have affected governance and controls across the organization, and leaders now face the challenge of reintroducing these processes as operations restart.

The disruption created by COVID-19 has also highlighted the need for greater insight into how risks faced by third parties and customers impact the business. Businesses must also ensure they have the ability to quickly elevate emerging risks as operational recovery progresses. And the importance of the right data at the right time has never been greater – amid uncertainty, leaders must use data to supplement their judgement and enable dynamic decision-making.

Key actions to tackle these challenges include:

1. Reinstate and update risk governance and internal controls

As operations transition into the next phase of recovery, leaders should take a thoughtful and measured approach to reinstating controls while also assessing where changes are needed. They may need to update internal controls on financial reporting and realign with the external auditor in critical areas (e.g. scope, materiality, timing of procedures).

Rebuilding trust with employees, suppliers and customers will also require a reassessment of whether current monitoring and support protocols of internal operations and third parties are still fit for purpose. Particular attention should be paid to their ability to mitigate risks around financial health, cyber, geopolitical and operational issues, especially around hazards related to restarting closed plants/offices.

To avoid the potential for fraud, it may be appropriate to continue to triage certain decisions, including those around interactions with clients and third parties.

2. Supplement the risk function with next-generation capabilities built on trusted data and analytics

Businesses will need to complement experience and judgement with next-generation capabilities built on data and analytics. In April 2020, EY’s Global Board Risk Survey found that fewer than 20% of board members are extremely confident in risk reporting from management on a range of significant issues. Now more than ever, CXOs must be able to rapidly bring together information sources from across the enterprise alongside external data, to allow leaders to develop a deeper understanding of more complex emerging risks.

With COVID-19 likely to create ongoing uncertainty, a data-driven approach will be critical to gaining comprehensive insight into the potential risks of a certain strategy over the long-term and considering a range of different factors. In particular, AI will allow the first line of defense to respond in real-time and give the second line of defense the confidence to focus on navigating the forward risk agenda with agility and resilience.

3. Embed the trust-by-design mindset

The COVID-19 crisis has highlighted the need for instilling a risk mindset and culture across the organization, while harnessing the ever-increasing types and sources of upside, downside and outside risk. While strategic changes can be made over time, risk leaders must have a seat at the table to provide a risk-informed perspective that can increase the trust of the business’s stakeholders.

Building resilience

Economic recovery from this pandemic is likely to be long and uneven. With experts warning of a second wave of COVID-19, leaders will need risk strategies that consider a range of scenarios for their businesses, as well as for suppliers and customers. And organizations must keep their eye on the bigger risk picture – other threats to business, including climate change, should not be overlooked.  Key actions that can build a more resilient enterprise include:

1. Stress-test scenarios as part of contingency planning: Nearly 42 percent of CFOs are not prepared for a second wave of COVID-19, and only 8 percent of them have a second wave factored into all their planning scenarios, according to a recent Gartner survey. With many health experts warning of a re-occurrence of the virus, firms will need to brace for this and its associated impact on customers, employees, third parties and other critical functions. CXOs should develop a contingency plan and stress-test plausible scenarios for third parties, cyber, operations and regulations. 

COVID-19 impact

42%

of CFOs have no contingency plan for a second wave of COVID-19. (Source: Gartner, April 2020)

2. Realign risk management frameworks with the new normal: Even as some normality returns post-COVID, EY anticipates that the path of economic recovery will be up-and-down and saw-shaped. Ongoing volatility creates a need for far more agile operating models and a risk function that can maintain effectiveness even as it flexes. The pandemic has also seen some risks become more prominent. The sheer size and scale of government support and stimulus programs will likely give rise to potential tax increases – businesses will need to monitor and prepare for the associated, significant risk. Risk frameworks and controls must evolve as conditions change.

3. Don’t neglect other megatrends and associated risks: Even as firms focus on recovering from the COVID-19 pandemic, they need to keep an eye on the various megatrends on the horizon. Some, like digital transformation and future of work, have been accelerating, making digital trust, in use and design of technologies, even more necessary. Others, such as climate change, may have temporarily receded in prominence but will come back into focus once conditions stabilize. Carbon regimes may emerge as a favored policy alternative, as governments seek to address deficits while tackling climate change. Risk leaders will need to stay abreast of all these factors to understand the impact of current proposals and potential strategies. 

Reframing risk for future resilience

COVID-19 has highlighted the importance of embedding risk management across the organization and of continually reviewing the effectiveness of controls. The crisis has created an urgent need to overhaul traditional approaches to managing risk, as the importance of data-driven, analytics-enabled decisions becomes critical. Those risk leaders that can harness data to reframe their risk mindset will support their organization to adapt more quickly to changed conditions and increase resilience for an uncertain future.

Lead through the COVID-19 crisis

We have a clear view of the critical questions and new answers required for effective business continuity and resilience.

Explore

Respond faster. Recover stronger. Reframe your future.

EY has a global network to lead you through COVID-19 and beyond. We’ll help you build a data-driven approach to risk so you can respond faster and recover stronger.

 

Contact

Summary

As countries reopen, risk leaders face dual challenges: safely transitioning people back to physical locations, and restarting operations amid complex regulatory frameworks. With many countries likely to turn restrictions on and off as the risk of COVID-19 evolves, businesses will need to adapt with agility. Taking a data-led, risk-driven approach can help businesses navigate this volatility.

About this article

Authors

Tonny Dekker

EY Global Consulting Enterprise Risk Leader

Excited to serve as a Global Client Service Partner with over 25 years working to transform the businesses of our big Global Clients. Straight-talker with a big heart.

Kris Lovejoy

EY Global Consulting Cybersecurity Leader

Cybersecurity guru. Married mother of four. Enjoys diving, hiking and refinishing furniture. Lives in McLean, VA.

Jim McCurry

EY Global Forensic & Integrity Services Deputy Leader

Deputy Global Forensics Leader focusing on helping organizations build their integrity agenda so they better anticipate and mitigate risk.

Kristina Albang

Consulting Managing Director, Ernst & Young Global Limited

Leader in business transformation and risk management. Passionate about diversity and inclusiveness to inspire others to achieve their full potential. Wife and proud mother of two boys.

Related topics COVID-19 Risk Trust by design