John Ludlow, CEO of Airmic, shares his thoughts on using lessons from a year of crisis to drive improvements in risk management

The Prime Minister has adopted a slogan “Build back better” to refer to efforts to stimulate and rebuild the economy after Coronavirus. However, what would this mean for risk professionals learning and applying lessons from the pandemic?

Risk and crisis management are inextricably linked. Many risk professionals had to think on their feet in 2020 and in some cases learnt the hard way. Not that we’re out of the woods yet, but a crisis can provide real-life lessons for future preparedness.

I’d recommend reading the latest pandemic crisis management Airmic Guide in association with Control Risks, which came out in September: “New Challenges, New Lessons: Covid-19 pandemic and the future of crisis management”. Adding to that, here are some further thoughts and questions to pose.

Firstly, purpose. I think we should take a step back to decide whether we are, in everything we do, properly aligned with stakeholder demands and expectations. We might need to repurpose ourselves to be more consumer-centric and to focus on ‘what really matters’. That applies not just for risk professionals but senior management in general, to align culture with taking responsibility for stakeholder outcomes. When a crisis strikes, the value of being consumer-centric suddenly becomes most apparent, because any organisation suffers as soon as its stakeholders are damaged.

Secondly, the need for more collaboration, throughout the business and across government and industry partnerships. The pandemic has exposed and emphasised the links that bind us – as individuals, as businesses and as a society. Enterprise risk management as a concept looks more necessary than ever, while working together for ideas and innovation is how we will emerge from this mess. “Working Together” was the theme of 2020’s Airmic Fest and why we have teamed up with other related membership bodies for thought leadership initiatives such as the new Resilience Alliance.

Understanding risk connections is my next point. ‘Connected risks’, including cyber-attacks and supply chain threats, have been in the consultancy lexicon for some time, but came into sharp focus in 2020 as the far-reaching effects of the pandemic managed to flicker on warning lights simultaneously across the bulk of the risk register. Connected risks are multipliers. Risk professionals need to think not just in terms of high impact or high frequency risks, but which threats have high connectivity, and therefore how best to mitigate them before they get out of hand.

The next point is to invest in key risk mitigation capabilities, across people, platforms, and processes. We have an opportunity to double up investment to get the budget to address these risks while they are still foremost in the minds of the board. Don’t waste the opportunity because history suggests people have short memories. Risk management never seems so relevant as in a crisis, and the aftermath of a crisis is the best time to push our profession to get the most organisational benefits.

Lastly, build preparedness levels for future crises. You can plan all you like, but preparedness is more than just a paper plan made by somebody sitting behind a laptop. Preparedness means situational awareness and figuring out your response teams at the highest level, practicing those plans, turning scenario planning led by risk management into exercises that involve peers across the whole organisation. Agree options to reduce critical dependencies, putting in place resources and creating a Plan B whenever possible. Crises will always involve thinking on your feet, but preparedness reduces the risk of being caught flatfooted.