The Governance Institute of Australia recently released its Risk Management Survey Report 2020, which collected responses from nearly 400 governance and risk professionals and senior executives across Australia, and identified top pressure points now and in the future. In an unprecedented year with the bushfires and the coronavirus pandemic, the report found that, understandably, more attention is being placed on risk. This has inevitably led, however, to the uncovering of gaps and issues in how organisations are managing said risks that need to be improved on moving forward.
These issues include a lack of testing risk and crisis plans, a lack of understanding of risk within organisations and a lack of improvement in managing key risks year over year. Luckily these gaps can be effectively filled with strong leadership, planning and supportive tools.
Issue 1: Under-testing (or not testing at all) risk and crisis plans
The Governance Institute's Survey reported that 39% of businesses are not regularly testing their risk and crisis plans, and just 11% of businesses are doing so regularly. In other words, the majority of businesses in Australia aren't running scenarios around risk events to test how their organisations and their people will respond. This means even though organisations might have plans in place, they aren't testing to make sure that firstly, they work thoroughly, and secondly, that they stay up-to-date and relevant.
Testing your plans to better mitigate risk or recover from a crisis can be overwhelming as well as perhaps a gruelling step after your company has thoughtfully mapped out a plan; however it is a crucial part of making sure your organisation is prepared for the unexpected. To improve in this area, organisations can benefit from software systems that keep their plans organised and enable them to easily test those plans as well as track improvement efforts post-testing. Tools like RiskWare's Business Continuity Module are specifically designed to facilitate the development and testing of your business continuity, crisis and disaster recovery plans.
Issue 2: Subpar risk culture
While 84% of survey respondents agreed that risk management is highly valued by their organisation, it was reported that there is a gap between it being valued and understood, with 26% of respondents indicating that risk management isn’t really understood at their organisations (and 43% saying they only slightly agree it's understood at their organisation). In order to improve this understanding, respondents reported that better reporting tools and raising the 'voice' of risk would be helpful. Additionally, those respondents from organisations with a risk function, like a designated risk department or team, said their companies were stronger in communicating and proactively managing risk, indicating the value of a dedicated risk department or committee.
As these results suggest, there are three main ways to create a stronger risk culture: better reporting, better communication, and a dedicated risk department or committee. The achievement of these can stem from having a sound risk management framework. Luckily, risk management software can help develop, report on and communicate this framework. RiskWare's Corporate Governance Module, for example, enables organisations to effectively create a sound risk management framework based on organisational objectives as well as better understand your risk tolerance and assign ownership and accountability within your organisation. For improved reporting, a reporting tool, like RiskWare's Analytics Module, will enable you to take your risk data and convert it into strategic information that shows real-time organisational performance and can be easily shared with your Board or management team.
Issue 3: Unprepared for key risks
While respondents cited staff conduct, legislative change and regulatory change as the best managed risks in their organisation, they reported talent, the threat of disruption or failure to innovate, the environment and economic shock were the risks that their companies were least prepared for. As the same results were captured in last year's survey, it appears that while companies are conscious of specific risks, their preparedness for them has not evolved.
This can be addressed with sound enterprise risk management, enabling companies to make sure they are identifying, assessing and controlling risks across these areas. Software, like RiskWare, also has specific modules, like its Environmental Module, which helps organisations be conscious of their environmental impact, minimise their environmental liabilities, maximise resources and build awareness among their employees. Ultimately, if you're lacking in a key risk area, software tools can provide support to get you on track.
As we wrap the financial year, exploring these issues in risk that apply to many organisations in Australia can be the catalyst to improve. Technology tools exist to facilitate the effectiveness and efficiency of organisations' risk approach.
If your organisation is looking to improve its risk management, software like RiskWare can provide the structure and support you need. Our team always has time for a conversation. Don't hesitate to get in touch!