Many companies are increasing risk budgets in response to COVID-19’s wide-scale disruptions in 2020. Unfortunately, many widely used risk management practices such as point-in-time assessments and one-time health reviews were ineffective as the situation and risks continued to change and cascade. Is doing more of the same the right answer moving forward?
Additional investments will not provide improved resiliency without fundamentally changing the approach to risk. To maximize their “bang for the buck,” enterprises need to rethink their risk budgets and adopt new solutions by investing in areas that will increase resiliency, enhance security, avoid costly business disruptions, and support revenue. It is crucial to understand which current risk practices failed to perform and which key investments in risk management should be prioritized.
The Shortcomings of Current Risk Practices
The shortcomings of traditional risk practices can be summarized in a few key observations. Firstly, periodic risk management was not adequate. Point-in-time data quickly becomes stale in a rapidly changing risk landscape. During the pandemic, current risk management approaches have simply been too reactive and slow to respond to emerging issues.
Secondly, most companies’ risk focus was too narrow as well.With a focus primarily on cyber and financial risks, the view was limited and left businesses vulnerable to other third-party and location-based risks, especially considering that other risks like employee health, compliance issues, infectious diseases and geopolitical events are some of the most disruptive events today. As a result, the traditional due diligence process did not enable rapid onboarding of new or replacement vendors during the early days of COVID-19 when unexpected disruption ran rampant.
Lastly, procurement, compliance and risk management lifecycles were too siloed and not integrated. Most companies relied on multiple sources of data that are used independently across business functions. As a result, there was no single view of an organization’s risk landscape.
The lessons learned throughout 2020 have left organizations in a ripe position for change, and to get started, there are three critical investments companies should make to overhaul their risk programs and ensure resiliency in 2021.
The Roadmap to Resiliency
For optimal return on investment, companies must overhaul their risk approach to overcome the previous year’s shortcomings and significantly improve resiliency with strategic investments in risk management. Here is how to put your money where it matters most:
- Invest in a risk program that is ongoing and continuous. In other words, the risk program is “always on” and not periodic. Continuous risk monitoring and risk intelligence enables a company to move from responding to events reactively to making proactive risk decisions that minimize or even prevent disruptions before they occur. This will also benefit due diligence and onboarding assessments as one can get a current risk snapshot at any point.
- Invest in increasing your risk aperture. Monitoring risksbeyond financial and cyber to include other third-party risks and location-based risks increases risk awareness.After all, you cannot mitigate risks you do not see coming.
- Invest in a company-wide risk intelligence system. Useable by all business functions, this gets everyone on the same page and provides the organization with a clear and consistent view of all risks across the organization in a single dashboard. Also, consider maximizing the benefit of investments the company has already made. For example, by integrating continuous monitoring into the company’s workflow software, you have enhanced the value of a past investment by enabling seamless access to critical risk intelligence across the organization.
Reallocating Budget to Prepare for 2021 Risk
During the current crisis, many companies are facing considerable financial pressures and feel constrained to make investments for 2021. But improving resilience in 2021 is not a “nice to have” but a “must do.” Organizations can free up risk budget by reducing spending on ineffective practices while setting themselves up for resiliency.
Companies currently spend significantly on due diligence when onboarding suppliers and on periodic assessments of their supplier base. By reallocating a portion of these funds to continuous risk monitoring, companies will have access to an up-to-date risk status for a supplier at any time, including during onboarding. Additionally, as an alternative to paying for multiple sources of static risk intelligence, there is a hard dollar savings available by utilizing a multi-category, single source risk intelligence solution that leverages automation. Also, the accuracy improvements and efficiency savings from using a single source for these multiple risk categories versus integrating multiple disparate systems is considerable
By reallocating risk budget to make critical strategic investments, leaders can enable a proactive risk approach that will improve resiliency, enable security, avoid costly disruptions, and preserve revenue in 2021 and beyond.