In the post-pandemic world, risk managers must reevaluate what constitutes an ‘acceptable’ risk
With COVID behind us, 2023 exhibits a landscape different to the past three years when most enterprises simply strived to survive. Taking a forward-looking approach, risk managers can add a lot more value to a company from both technical and non-technical perspectives.
Risk identification and evaluation perspective
Risk management serves as the company’s internal “insurance underwriting” function with a primary responsibility being precisely identifying and evaluating risks.
The probability and significance of each risk matters to risk quantification, but how to identify risk levels and what type of composite risks really matter to a company’s operations under the “new norms” has become a fresh challenge to risk managers.
In my view, risk managers should go beyond the traditional way of focusing on risks versus analysis of financial returns or losses. For example:
- Risk managers should focus on more significant risks that result in a larger financial impact in terms of geographical spread or by dollar amount. Only by looking at the larger picture, can risk managers more appropriately develop the company’s risk transfer strategy so that the higher hazardous business activities, the more important territories, and the most significant risks can be prioritised.
- Risk managers should pay more attention to contract and contractual risk transfer. Risk managers and corporate attorneys should be working closely and keeping each other well informed of new business models or new contract forms to be used. A strong and clearly-written contract protects the company’s core interest, eliminates dispute and ensures smooth execution.
- COVID has taught us that many uninsurable exposures were underestimated in the past. Some companies could have experienced less financial loss had they have entered into stronger contracts by curving out business risks uncontrolled by the company or by prepping itself for a different risk retention strategy.
Risk interdependency perspective
No risk stands on its own. One important lesson learnt from COVID is that risks are interdependent.
Analysing how risks are relating to each other out of one business activity becomes much more important for risk management. For example, how do media risk, brand risk and financial risk impact each other?
How is the magnitude of the resultant monetary loss or reputational damages, and what could be left as uninsurable exposures?
By reflecting on what COVID has brought to us, the chain of risk exposures impacting a company’s business must be attended to throughout the entire organisation. Every business unit – business development, marketing, sales, operations, finance, procurement, legal, human resources, information technology – has its own priorities.
An action by each unit impacts another in different ways, some of which are usually not discovered until a loss happens. Often, it is too late to investigate the interdependency and gauge the magnitude of estimated losses after a claim has occurred.
For this reason, there is a strong need for having expertise in an organisation which sees and understands how business units interrelate with each other (such as marketing and loss prevention, product development and customer service) and who can statistically analyse potential financial consequences if the business is negatively impacted by external factors (such as natural hazard, suppliers, vendors, regulations).
That expertise undoubtedly lies in the risk management function. Risk managers must “know a little bit of everything” of an organisation in order to strategically manage risks and develop appropriate risk transfer options.
Strategic thinking perspective
Post COVID, many companies are re-defining their goals and objectives for quickly responding to the new industry and market environment. Risk managers should always look ahead. It is vital for risk managers to clearly understand the company’s long-term and short-term goals and align their performance with achieving company goals.
Every business has risks. Balancing risks and opportunities or rewards is hard but this is where risk managers can add value. For doing so, risk managers must be very aware of where the company is heading to, operationally, financially and geographically.
In the new era post-COVID, risk managers should recognise that fast-changing macro economy, legal environment and new technology can only result greater risk diversity as well as higher ambiguity of risks that may not be precisely quantified in a traditional way.
If a company becomes willing to absorb more risks for developing new business faster, then risk managers can be more flexible when assessing new business activities by understanding, for example, the importance of a project to the company, the estimated revenue or cost-saving, the experience of operating in the local market, alongside building a customer profile and marketing plan, and so on.
Of course, any decision by a risk manager must be also aligned with company’s risk tolerance level and self-retention strategy. Post COVID, almost every company is re-evaluating
competition in its own field. It is a time now that risk managers re-think holistically what risks are acceptable, what should be transferred (and by which means), and clearly communicate the new strategy with their business partners throughout the organisation.
I would say “communication, communication and communication”. With more creative business ideas being developed in post-COVID marketplace, it cannot be emphasised enough that timely and consistent communication is vital so that people remain on the same page and no misunderstanding occurs.
This ensures the successful achievement of company goals. In fact, reducing cost of communication is another side of efficient risk management.