Type to SearchView Tags

The Changing Role of a Risk Manager Post-Pandemic
Manmohan Singh General Manager ,Cybersecurity & GRC | September 8, 2020

Needless to say, the pandemic situation is a once in a lifetime event. This massive disruption has changed the operating models of many organizations across industry verticals, forcing them to rethink their business strategy. Most analyst firms, including the World Economic Forum (WEF) global risk report, have constantly featured pandemics to be a high impact and likelihood risk. But clearly, none had not predicted the extent of damage a pandemic could bring to the world. Risk managers now need to research and reassess their risk assessment as the dangers from pandemics are very different, and are impossible to ignore. 

Here are a few acute priorities that we think will change the role of risk managers for the foreseeable future. 

More Focus on the Risk Framework

Organizations will now focus on setting up a risk framework rather than handling risks on an ad hoc basis. The risk management processes have become a necessity for business survival, both for a short-term and a long-term perspective. Risk managers must invest in an enterprise level framework that provides them with the right strategy, tools, and processes to identify and monitor risks on an ongoing basis. 

Organizations will now focus on setting up a risk framework rather than handling risks ad hoc

Visibility for the Enterprise 

Risk managers must have enterprise-wide risk visibility, working on mechanisms to integrate a risk view across the three lines of defense to provide centralized visibility to the executive management. Organization-level impact of risks can be understood only if risk managers visualize how different departments are being affected by the risk. Risk managers must set up mechanisms for effective risk management rolls-up, both at an intermediate (department) level and at an enterprise level. They must work on an effective way to ensure that the whole organization can provide instant information, metrics, or reports quickly.

Risk Alignment

The pandemic will drive a fresh wave of innovation in artificial intelligence (AI), machine learning (ML), and robotic process automation (RPA) as the first line of defense. These technologies will realign to anticipate and mitigate emerging risks by requiring an increased investment to keep up with the volume and velocity of risk data. Risk managers must ensure that more risk assessment responsibility, accountability, and enablement is aligned to the first line of defense in the identification, assessment, and prediction of risks. Risk managers being the second line of defense need to shift focus on bringing more automation to drive real-time risk monitoring and forward-looking risk data rather than presenting retrospective data for risk management. 

Risk Reporting

Risk managers must take another look at their current risk metrics program. Risk reporting, which includes risk findings and metrics, will need more alignment with resilience and strategic objectives for better preparedness to respond quickly to any similar pandemic or new waves of the current pandemic situation. The risk reporting process must be more agile now, and near real-time view of the risk exposure needs to be provided to the executive management. 

Risk managers must take another look at their current risk metrics program

Risk Focus Areas 

Key focus areas in an organization will need prioritization from risk managers. One key area will now be looking at risks with a very high focus on resilience. Risk managers also need to look at technology, third party, and process risks from a resiliency perspective. Risk managers must focus on enhancing communications in the sharing of information between its employee workforce and the management. Risk managers also must focus more on the historically “bottom-up” approach, using risk control self-assessments and less of a “top down” assessment. Risk managers need to drive a process shift by making greater use of scenario analysis as an assessment technique to embed the handling of such risk areas in their assessment process. 

Faster Response Times 

Historically, risk identification and risk assessment processes were an annual process mostly aligned with the corporate reporting calendar. This has put a constraint on the constant appraisal of long-term threats, impacting the organization’s ability to invest in resilience measures. Currently, the pandemic has ensured daily and weekly risk identification and reviews, and constant review and quick assessments that are performed to deal with the current challenges. Risk managers will need to adopt a more agile risk assessment process to ensure risk reviews and assessment reports are delivered at a faster pace. They also need to invest in an automated tool that can analyze the risk assessment faster. 

The above-mentioned points are some of the measures risk managers must adopt to ensure they are aligned to the changing risk dimensions driven by the current pandemic. If you are considering how to align to these processes faster and, at the same time, increase the coverage of your current risk management practices, you should consider risk management solutions and look into effective technology usage that augments your current risk management processes. Get in touch with our risk management experts for a quick demonstration of our solutions and how we can help.