Heyrick Bond Gunning, CEO, S-RM
Two things stand out about risk today and what it means for CEOs and corporate boards in the future. One is that the number of serious threats will continue to increase. Established threats, such as political instability, environmental disasters and regulatory action, now sit alongside newer, rising threats such as cyber breaches, climate change and the malicious use of cognitive technologies.
The other is the increasing challenge of resolving these crises when they arise. Everyone knows that the world is now exceptionally well connected. The public, governments and corporate partners demand increasing transparency and accountability. Disinformation is a growing problem. This creates unprecedented scrutiny and complexity for CEOs and their teams when working through a crisis.
Both trends are well known. But few organisations have adapted, and that’s where CEOs will need to focus so they can build real resilience to risk and be prepared when a crisis eventually hits.
S-RM has worked with organisations across many different industries to transform their approach to resilience and risk. No two organisations are the same, but all organisations need to work through a similar set of problems.
Setting a clear risk strategy and culture
First, CEOs should develop a deep understanding of risks in their specific organisation, from the traditional to the emerging, and how to build resilient processes that mitigate them. They need to set and communicate the organisation’s risk tolerance in the context of its business goals, strategy, competition and operational environment.
Organisations then need to engage critically with the process of assessing, planning and training to transform their approach to resilience. They need to embed a risk mindset and culture where an organisation’s people and third parties understand the firm’s risk strategy and can adapt to new threats as they arise. Everyone should understand their roles, and practising is essential. Everyone should also know that a crisis of some size will probably happen in the next year or two, even if they do everything right. Organisations should run scenarios to test their response in the event of a real crisis. It’s like taking a mock exam — if you risk not doing it, you will fail the real thing.
Staying informed through ongoing intelligence and insight
Second, organisations need ongoing intelligence, data, monitoring and analysis to understand themselves and the changing world around them. Most CEOs feel they have inadequate insight into risks, often due to a deluge of data and not enough analysis. Building analytical capabilities, combining advanced technology with human expertise, can create a step change in the way an organisation understands and responds to threats. Conducting regular horizon-scanning exercises also enables an organisation to see which risks have potential to impact both them and their peers, so they can get ahead of the situation.
Responding with clarity and speed
Third, when a crisis hits, CEOs and their teams need to respond clearly and rapidly. This is rarely achievable without robust planning and training. They should start by assessing the situation quickly and activating their crisis response team. Most crises are amplified and accelerated by coverage on social media, which can distort the real problem faced by an organisation. CEOs who wait to have every piece of information and advice often miss early opportunities to start engaging with stakeholders. Common reactions in the early stages of a crisis are denial and fear of overreaction, but it is far better to expect the worst than to hope the issue is not a big deal and then be caught off guard when the situation shifts.
Assume the worst and be transparent. Think about the core values of your business and use them to tell your side of the story. Remember that resolving the immediate crisis is only one step on a long road. Your organisation needs to come through a crisis with its culture and values intact. Finally, organisations must have the discipline to return quickly to building resilience and preparing for the next wave of threats and opportunities.
Learn more about building your organisation’s resilience to risk at www.s-rminform.com.
Follow us on LinkedIn and Twitter.
To get in touch, contact us here.
Read S-RM’s report on the Future of Risk here.