In the current COVID-19 pandemic landscape, organizations are faced with an unprecedented duality: of managing the transition to a “new normal,” while also reimagining the future of work and business. The recent pandemic has also brought to the forefront the current state of enterprise risk management (ERM) and highlighted the interconnectedness of risks and the velocity at which the risk landscape can change. Given the likely continued waves of disruption ahead, resilience will need to be an organizational priority every day, not just in times of crisis.
Advancing risk oversight to enable enterprise resiliency and agility
Prior to the pandemic, boards were concerned that their organizations were insufficiently prepared for an event regardless of likelihood. The most recent EY Global Board Risk Survey17 indicated that only 21% of boards felt their organization was very prepared to respond to an adverse risk event from a planning, communications, recovery and resilience standpoint.
With organizations facing the prospect of quickly and effectively responding to the “new” business environment, there is a renewed focus on enterprise resiliency that relies on coordinated risk assessment, planning, monitoring and response across the enterprise. Leading boards and audit committees are motivated to enhance the oversight of ERM, make sure that the ERM process incorporates recent lessons from the pandemic, and evaluate ways to adapt and strengthen ERM.
As organizations look to enhance risk management, some key areas of focus include improved risk identification (including the detection of weak signals of risks that are emerging slowly), more rigorous scenario planning, simulations, stress testing over more variables and extremes, disaster response/contingency planning, incorporation of external data/perspectives, and the need to better leverage technology/digital experience.
Leading organizations have also been changing their resiliency planning efforts and evolving their risk frameworks, processes, and controls to allow them to be more agile and resilient. Resiliency planning should involve more sophistication and build more agility into the organization. This includes using data-enriched, multi-risk and multi-step scenarios that stress test the organization’s ability to respond to complex operational threats, mitigate the impact to customers and critical services/suppliers, and withstand a range of adverse economic effects. Read the full report.