If you don't have an umbrella, why check the weather?
Enterprise Risk Management can be very complicated. If you are a multi-national with global supply chains and a threat matrix that includes physical, cyber, competitive, brand, disruption, and high-impact, low-probability events (like COVID19), then you have a lot to think about. Add in the risk elements of the global economic recovery, and it’s easy to become swamped.
Complexity is the Enemy of Enterprise Risk Management
Complexity and overload are the enemies of Enterprise Risk Management. Simple things can make a big difference during a crisis. Being ready is a combination of situational awareness and resources. The right resources help you prevent situations that put your organization at risk.
Consider this: 100 years ago, getting proactive information was fraught with problems. For example, Galveston was virtually destroyed by a hurricane they didn’t see coming. Today, we’re swimming in information. It can overwhelm us and cause us to miss things in the river of news, alerts, warnings, emails, texts, sensors and more.
3 Keys to Enterprise Risk Management
Enterprise Risk Management can be complicated. But it doesn’t have to be. Here are 3 keys to success.
Key #1: Set Risk Level
Does your company have a well-developed, tactical risk identification and response capability? If not, there are many services and tools available to help you once you understand what you need. Key to assembling the right arsenal of capabilities is the Board and C-Suite setting the overall risk appetite, approving the threat matrix, and allocating the resources needed to monitor and respond when called upon.
Key #2: Acquire Contingency Resources
Another key is finding contingency resources that can be mobilized to augment your dedicated personnel. These can be a combination of internal and external personnel and flexible services that can be scaled when needed.
Key #3: Be Flexible
Key to your technology selection is flexibility. Are you going to face a 3-year unbreakable contract? Or a flexible capability that can react to your budget? Do you use the tool continuously, so an emergency is just a bump? Or is it a scramble to remember the passwords and how to use the product? (In other words, “break glass in case of emergency.”) Can you interact with outside stakeholders? For example, customers, suppliers, and regional and industry sharing partners?
The threat picture is getting more complex by the day! When you see it’s going to rain, make sure your umbrella is close at hand.