Skip to content Skip to footer

Loading Results

Optimising risk management in a post-pandemic world

11 June, 2021

The past 12 months have brought a heightened awareness of risk. As Ireland emerges from the pandemic, there is an opportunity for the risk management function to rethink its overall approach. Using COVID-19 as a catalyst for change, the risk function can maximise its value by rethinking the fundamental principles of risk management:

  • How is the risk function governed? 
  • Who does it serve?
  • How does it increase attention to emerging risks?
  • How does it contribute to business decision making? 
  • How does it enable strategy execution?
  • How does it make use of technology and data analytics to enable change?
Image of man looking at computer screen.

Even under the best of circumstances, risk management can be challenging. Who should provide input? What risks need to be considered, and who should own the risks? What are the best sources of information, and how far into the future should we aim to predict? 

When assessing risk under stress, dynamics can also become amplified, for better or worse. CROs and other business leaders might slide into groupthink, not fully challenging the risk profile, the information or the data available. They can become too risk averse and end up avoiding making decisions entirely. They can continually seek information to base decisions on, despite that information not being forthcoming.

At the organisational level, it can be easy to underestimate potential threats, especially those linked to the pandemic. Of all the corporate executives polled in PwC’s 2019 Global Crisis Survey, none said they expected to one day face a global health pandemic.

Our 24th Annual CEO Survey highlighted that 59% of Irish business leaders  are now extremely concerned about the threat of pandemics and other health crises. As we emerge from COVID-19, the challenge for CROs and business leaders is to understand how the pandemic has impacted the way they assess and manage risk, what changes are permanent, and how to exploit any opportunities. 

The CEO Survey also found that 90% of Irish business leaders are planning to reassess their organisation’s tolerance for risk as a result of the COVID-19 crisis. Some of these measures will be short-term fixes to help the organisation deal more effectively with the pandemic. But others will have fundamental shifts in the way they approach risk. 88% of CEOs also said they plan to focus on preparing for systemic risk and low probability, high impact risk events. 

Traditionally, the review of high-impact risk events have assumed a short-to-medium term duration and centred on whether an organisation would be resilient enough to sustain the blow. The pandemic introduced a new category of risk: sudden high-impact events that hit everywhere at virtually the same time for a sustained period. As a result, there may be a shift in thinking and focus away from the traditional assumptions used in assessing the overall impact of risk and related tolerance.

The CEO Survey told us that business leaders are seeking a new approach to managing risk. This mirrors the findings from our 2021 Pulse Survey. It identified that 44% of risk leaders have already updated their organisation’s risk appetite to reflect changes in the risk profile from their transformation and optimisation activities. Almost half of respondents (45%) also said they are applying new risk management principles and 43% have reviewed risk-related activities across all three lines of defense.

For many organisations, optimisation of the risk management activities involves combining data and technology with human insight to identify short-term uncertainties while horizon scanning for long-term threats, reframing the view of risk and reward so they can confidently seek opportunities. In our CEO Survey, 41% of Irish business leaders said they will increase digital transformation significantly, while 25% said they will increase leadership and talent development. COVID-19 has accelerated digital transformation across most businesses. But this is only the beginning. 

What do these challenges mean for businesses?

Looking ahead, horizon scanning will become a fundamental risk management tool. It should be integrated into the organisation’s enterprise wide risk management framework. This could be completed across all material risk categories or based on the organisation’s ‘top risks’ as they are reported to the Risk Committee or equivalent on a periodic basis. 

Navigating the complex risk landscape in today’s world is challenging, to say the least. Looking at the future, we expect more volatility, disruptions and shocks. The risks facing you as an organisation will keep changing, only the pace of such change is increasing. What will distinguish a successful organisation from an unsuccessful one is its ability to look beyond what is necessary today and prepare for tomorrow’s challenges. This starts with a forward-looking risk taxonomy with a stronger focus on emerging risks to your organisation, whilst not losing sight of the risks today. 

It is vital to have a comprehensive insight into all material risks for your business. Only then can you decide how to organise yourself, make sure you have the right skills on board, invest where you should, and take sound and strategic business decisions.

Actions risk management functions should take now 

There are a number of actions that risk management functions can take now to challenge their existing approaches and maximise their value to the organisation. They should take time to reflect on lessons learnt and prepare for what may come next.

Establish a clear risk appetite and tolerance

In response to COVID-19, risk appetite and tolerance levels may have been altered to respond to change in a dynamic and pragmatic way. Emerging from the pandemic, organisations should reassess their risk appetite and tolerance to risk to ensure they remain aligned with the strategic direction of the organisation. They may need to re-evaluate their 'red lines' while being mindful of the potential impacts on stakeholders, including employees, investors, customers and suppliers. Reassessing risk appetite and tolerance in light of the business model and change agenda will facilitate alignment across the organisation and take positive steps towards a post pandemic transformation.

Combine data analytics with human insights

Moving forward, a data-driven approach for managing and reporting risk is essential, particularly  during horizon scanning and planning for the high impact risk events. Presenting data with contextual, actionable insights of risks can assist CRO’s and other business leaders to challenge the assumptions made for those low probability high impact risk events. Combining data analytics with human insights will give in-depth insights of trends and changes to risk along with higher precision levels and greater risk coverage. Collaboration across the three lines of defence will also reduce the likelihood of blind spots or significant events materialising.

Perform horizon scanning to inform long term strategic planning

This past year has reiterated that early detection and management of risk is key to cushioning any impacts and allowing for timely focus on risk mitigation strategies. Risk management functions are encouraged to modernise their processes and integrate tools to enhance their ability to proactively identify and manage risks. Horizon scanning, thorough challenge of assumptions and a proactive approach to identification of emerging risks can play a significant role in long term planning and strategic decision making. Embedding a continuous risk sensing process across the three lines of defence will also help with long term planning.

Prioritise people and embrace continuous learning 

People remain the risk function’s greatest asset. Investment in people, their skillset and wellbeing remain critical success factors. 51% of Irish CEOs said that a skilled, educated and adaptable workforce is a priority in order to deliver on their strategic priorities.

Enabling employees to access data, share knowledge and exchange ideas using innovative tools and technology across the three lines of defence is essential, especially as organisation’s move towards a hybrid workforce. For people to be truly empowered to make these changes and embrace the art of the possible, the organisation must support a culture of care and continuous learning. 

Look back and reflect on lessons learnt

Risk leaders should set aside time to review what worked well and what could be improved as they navigated through the pandemic. They should assess whether the risk function reacted quickly and adequately enough; if they had the right data, and if not, whether they require this data going forward to enhance decision making. At the same time, they should continue to assess and build capability across the three lines of defence to facilitate identification and monitoring of emerging risks. Any lessons learned can then be embedded into the organisation’s risk management framework to ensure it is better prepared for next time.

We are here to help you

By understanding the way the COVID-19 pandemic has impacted traditional approaches to risk management and adapting to these changes, your risk function can emerge stronger. CROs and business leaders must be ready to rethink risk in the post-pandemic world. We are ready to help you as you face the future. Contact us today.

“The interconnected nature of business today increases the velocity and unpredictability of sudden high impact events”

Andy Banks Partner, Risk Assurance

Contact us

Andy Banks

Partner, PwC Ireland (Republic of)

Tel: +353 1 792 6805

Jason Hickey

Director, PwC Ireland (Republic of)

Tel: +353 1 792 5190

Louise Campion

Senior Manager, PwC Ireland (Republic of)

Tel: +353 1 792 5875

Micheline Archibald

Senior Manager, PwC Ireland (Republic of)

Tel: +353 1 792 7136

Follow PwC Ireland