Questions from the audience varied just as much as our discussion, so we answered those submitted to keep the conversation going. If you missed the live conversation, go back, and view the How Risk Management Adjusts for Tomorrow recording.
Q: Does Onspring have in the roadmap to develop pre-canned assessments to gauge risks of the new normal according to NIST, PCI, etc.
A: Onspring already offers pre-canned assessments to gauge levels of risk using several standards, including NIST – so you don’t have to wait for future product releases!
Onspring customers can also build assessments around virtually any regulation.
If you’re new to using the NIST risk management framework, check out our blog post that tells you how to implement this risk assessment process in your own organization.
Q: How do we identify emerging risks that might be 2 to 5 years from materializing as a threat?
A: Start by reviewing your business plans and long-term strategic planning initiatives. Then overlay your risk profile and begin to build business continuity and disaster recovery plans for all identified risks.
Testing your BC/DR plans is an integral part of the risk management process because it tells you what will work, what won’t, and how you need to adjust to better manage risk. While no one can predict the future, understanding your gaps now helps strengthen your position for what’s to come.
If you need help getting started, check out this free resource on the reports business continuity leaders are using today.
Q: Can you provide an example of the types of risk you are measuring now? What are you looking at that is new?
A: For the insurance industry, Cameron Mutual measures hit ratio, which is a formula based on the number of applications received and the number of applications approved. Their goal is to keep the ratio within a certain threshold to avoid spending too much effort on prospects who will never convert to customers.
This metric is specifically tied to profitability and impacts the work of multiple departments.
Within 3 months of analyzing this hit ratio, Cameron Mutual developed action plans for marketing and actuaries to improve this one enterprise risk.
For your business, finding the right risks to track and measure should be determined by the most important parts of your business.
- Is it your sales pipeline?
- Your supply chain?
- Your cyber vulnerability?
- Your physical location?
Identify those elements then bring together department leads to discuss interconnected risk mitigation.
Q: How should we be looking at innovation right now?
A: Make sure everyone in your organization is given a voice to foster innovation. The old adage “no idea is a stupid idea” rings true in today’s times.
Go back to your BC/DR plans to identify where you have gaps and put several heads together to come up with solutions. Some organizations go so far as to create a whiteboard (virtual whiteboard in many cases) where business problems are posted and every employee can make suggestions.
Sometimes those suggestions turn into smarter processes or new team-building activities, but other times they lead to new product ideas. If your organization needs to evolve into more of an innovation culture, reinforce that it’s ok to fail. This is where we get learnings on how to improve.
“Avoid becoming a risk-avoidance culture and shift into a risk adaptation culture so you’re not afraid of failure. Innovative ideas will fail but you’ll learn, adapt, and grow from those.”
– Brian Hill, Cameron Mutual Insurance Company
Q: What key paradigms about strategic and operational risk, do you suppose, will have to shift post the crisis?
A: Post-pandemic, boards are turning to senior management to understand the overall impact on strategic growth and acquisition. Long-term growth plans will begin to surface to the top of the risk list alongside cybersecurity threats.
Rick Good from Ceridian also commented on the role insurance will play for businesses in response to this pandemic. Every organization should start reviewing their own policies to ensure you can cover critical losses in human capital, offices, plants, technologies, and others.