Managing Risk and Building Resilience
Key Insights
- The scope of business risks continues to accelerate in both breadth and depth. COVID-19 has accelerated and exacerbated threats in cybersecurity, supply chain, and workforce continuity, among others.
- The unpredictable risk landscape requires new approaches to identify, prioritize, and mitigate risk. Traditional annual executive-level reviews need to be supplemented with top-down and bottom-up scenario planning, feedback loops, and interviews inside and outside the corporation — with a focus on continuous, rather than episodic, assessment.
- In this dynamic environment, companies need to come to terms with acceptable risks, and draw clear lines between unacceptable and acceptable risks. Prevention of all risk is both impossible and undesirable: Growth opportunities come from risk, and clear corporate purpose helps distinguish risks worth taking.
- The resilient enterprise balances flexibility with redundancy. Redundant systems and processes used to be sufficient to mitigate internal risks around products, security, et al. Now that many significant risks are external and uncontrollable — e.g., cybersecurity, climate change, and COVID — business agility in the face of the unexpected is at least as important.
- Practice makes prepared. Rehearsing different situations at the executive, department and corporate levels, including table-top exercises, stretches and improves organizational thinking, and defines clear roles and responsibilities in time of real crisis.