The future of risk management
How risk management adjusts post-pandemic
We talked with senior management in the technology and insurance industries to understand how risk management teams are adapting to the demands of today and the unknowns of tomorrow – How Risk Management Adjusts for Tomorrow. The highlights of that conversation include lessons on adaptive working, shifting to global views on risk, and creating opportunities to innovate current risk mitigation practices. Keep reading for highlights from our conversation.
What better year to have 20/20 hindsight?
If the pandemic has taught us anything, it’s that events in far off corners of the world can have massive repercussions to our risk discipline. Regardless of the size or geography of your business, the future will require you to start considering risks seemingly outside your scope to evaluate how they could impact you, and to what extent. The future of risk management will require risk leaders to think well beyond their own sphere of influence if they want to survive in this environment.
Earlier this year, Ceridian, a human resources technology company, was in the midst of an acquisition on the other side of the globe. This acquisition target was based in Singapore but also held offices in India and Malaysia. Because of their proximity to China (the epicenter of the COVID-19 outbreak), Rick shared that Ceridian received warnings of the pending pandemic as early as January and February.
Had they not had this acquisition in the works, Ceridian would not have been ahead of the game in their business continuity/disaster recovery response.
Most companies like Ceridian are focused mostly on where their team’s office, which typically means companies aren’t looking across the globe; similarly, Cameron Mutual Insurance Company was in the same situation.
“We’ve had an indirect impact from this pandemic. Our focus is regional so we’re looking at where tornadoes, hail, and such can impact our customers. Global has always been more of an afterthought.” – Brian Hill
Brian went on to share that Cameron Mutual anticipates real impact in Q3/Q4 of this year when the global reinsurance market opens and his organization, like many others, will find renewals rates dramatically shifted (likely upward).
How to connect your risks
One of the most important skills that risk and/or continuity managers can bring in the future is the ability to not only categorize and quantify risk but demonstrate how risk events may be interconnected and impact one another. It won’t be enough to evaluate individual risks and opportunities; rather, risk leaders will have to find creative and meaningful ways to demonstrate these sometimes complex relationships.
Brian recommends the ‘try-and-see’ approach to test out what risk management approach works for your business.
“Like many organizations, as we’ve grown over the years, we’ve shifted away from a vertical/siloed approach and moved to a horizontal approach. This helps us see how does ‘Risk A’ over here impact ‘Risk B’ over there.” Once you have a strategy to track and measure risk, then your next step is to demonstrate true mitigation or resolution. That is done by getting all your players together to discuss how your risks are connected.
“When I look at risk levels, I look to mitigate individual risks to alleviate correlated risks. This lowers the overall level of risk in your inventory. Mitigate one and you can lessen the impact of others.” – Rick Good
Rick’s strategy is to go deeper at each level. For example, vendor risk assessments were included in the Ceridian business continuity and disaster recovery plan, but they went past surface-level questions. Their supply chain assessments asked, “What is your BC/DR plan?” and, “How are you working with your own vendors to evaluate whether they have enough plans in place to protect their business?” Getting to this deeper level of granularity brings surfaces the potential ripple effects we each need to manage.
You can like it, or you can love it, but you have to deal with it.
As the saying goes, “Necessity is the Mother of Invention.” As a result of the pandemic, the mindset on risk will naturally shift to a more conservative approach. Or at the very least companies will more heavily scrutinize situations that require even slight elevations in their risk tolerance level. As a result, organizations, and risk management functions, will be forced to be more innovative to solve more complex problems both in the short-term and long-term.
Cameron Mutual has slowly started to migrate their risk tolerance to be more accepting of new ideas, whether those ideas fail or succeed.
“I see the natural reaction to the pandemic is to coil-up, cut budgets. What we are focused on is leveraging risk management technology to drive efficiencies in our processes using Onspring. This pandemic has given us the cattle prod push to move towards more technology in all our disciplines.” – Brian Hill
An interesting example of true innovation brought on from this pandemic came from Ceridian. For their organization, it was important to track the health of employees so they could put additional support measures in place for anyone experiencing COVID-19 symptoms. Ceridian started by putting a process in place where employees could send a generic email to HR, but it proved too cumbersome and didn’t provide enough privacy.
Instead, they turned to their own Dayforce software and created a new use case where employees could log in and disclose if they had COVID-19 symptoms in a restricted access environment. This method provided privacy and the means to conduct contract tracing to mitigate the spread to more employees. Our own customers have now taken this new use of Dayforce and rolled it out in their own organizations.
The key today is being flexible and looking at emerging risks from multiple angles to find the places for innovation.
Data analytics should be visualized for the right people
Risk management is quickly becoming a more data-reliant practice. The days of simplistic risk evaluation techniques are coming to an end. Rather, organizations will rely on more data-rich evaluations to drive risk ratings and response procedures. But that doesn’t mean you have to rely on artificial intelligence and machine learning.
An organization that effectively leverages technology to drive informed and timely action will have a better chance of survival, and risk managers and their teams will be looked to as the stewards of this critical initiative. It’s time for risk management functions to embrace this and leverage data to make better decisions.
Traditionally, risk management has always been about impact and velocity, and predictability. For Rick at Ceridian, it was important to know what’s going on in their business models at all times because any combination of risk could have an impact on their organization. They needed a way to report on those risks in real-time, so Ceridian built out the Onspring risk assessment process that factors in their unique risk categories and scoring methods.
The most important element in their risk assessment process is getting down to the exact amounts of data that provide better visibility. If you are unable to present appropriate data analytics to the right people, who can then take the right action, at the right time, then analytics will not help reduce risks. Focus on how you visualize your risk management data based on who you are speaking to and what you want to know.
The 3 C’s: Communication, Connectivity & Creativity
As we all know by now, how we work as a society is undergoing a seismic shift. Nobody knows what the rules are going to be, companies are surprised by how well their people are doing, office plans are being seriously scrutinized – as it has been said, the times they are a-changing.
When discussing the plan for Ceridian workers to come back to the office, senior management sent out a survey to all employees. With 2,800 survey responses, 50% of employees said they were not ready to go back to the office, 40% wanted to go back on a rotational basis (between the office and home), and 10% of employees wanted to go back to the office right away. The main drivers for those who want to go back right away were rooted in social interaction and collaboration.
Rick recommends allowing employees to work wherever they want, as long as they maintain good communication, connectivity, and are creative with how they work.
As you think about your own organization, look for ways that you can be more productive in your risk management efforts. That could mean by working in locations other than your standard office, or leveraging new technologies for efficiency, or innovating new ways to look at your risk data. Now is the best time to think through your approach from a completely different lens to find out where you have issues to fix and how they should be addressed in the long-run.
About the author
Vice President at Onspring
6 years vendor management experience