The collapse of Silicon Valley Bank and the recent concerns about Credit Suisse are a sharp reminder — if any were truly needed — that risk is always with us and, by its very nature, comes when and where we least expect it. In a timely article, Strategy & Business, the digital magazine published by professional services firm PwC, suggests that leaders need to look at the issue in a different way.
As the article says, the current environment for leaders is a bit like playing a hectic game of whack-a-mole. “Economic turbulence here, a supply chain snarl there — look out, it’s a cyber attack!” Moreover, these risks do not just appear one at a time, but come in pairs or even groups. Just consider how the pandemic disrupted supply cans and then was swiftly followed by war in Ukraine, which caused a spike in energy prices, which contributed to inflation that was already rising as a result of the supply chain issues and the disjointed emergence from the pandemic.
The PwC team focuses on three of the biggest risks of the moment — cybercrime, supply chain disruption and the climate crisis. But the methodology it proposes applies to any type of risk and, more important, combinations of risk. It boils down to See risk, Share it, Sort it.
See risk. This requires senior executives to “zero in” on the plausible risks that could most hurt the company and its customers. It means challenging assumptions. As an example, PwC points to how leaders of a housing-management company thought that collecting rents via its app was the key to its resilience and business continuity. A “what if” exercise showed that, in fact, paying its suppliers promptly mattered more. If the app crashed, rental payments would be late, but the company could withstand that longer than it could live with the customer anger caused by disruption to such third-party services as heating and repairs.
Share risk. Leaders need to collectively discuss, debate and then map the relevant processes, hand-offs and dependencies of the business areas most at risk. In this way, they can identify blindspots. For instance, a financial services company had created and stress-tested contingency plans for all of its six divisions and so thought it was prepared for a payments system meltdown. But a mapping exercise and subsequent management discussion revealed that the plans were fatally flawed because none of the divisions’ “workarounds” could scale adequately.
Sort risk. Organizations should use technology to create “real-time dashboards” that support the human aspect of risk assessments. For example, a global manufacturer used an AI-enabled data-collection program to indicate spare production capacity and alternative supply routes. Accordingly, when the container ship Ever Given blocked the Suez Canal in 2021 the company was in a better position than many others to deal with the ensuing chaos. Using the information it had gained, it diverted ships and adjusted its supply chain in order to maintain deliveries.
The authors conclude that — as in so many other areas — trust is vital to risk management. More particularly, though, executives have to look hard to see where the risks to their business really are (not always where they might expect them to be). Doing this requires collaboration of the sort that is not always present in organizations that operate in silos. And once they have determined the risks that are most important, they need to commit to sharing responsibilities for dealing with them across the enterprise.
“Only them can risk get sorted,” says the article. “Because if you hang on to established modes of thinking, you’ll likely be stuck playing a never-ending game of whack-a-mole.”