The latest enterprise risk management news from around the world

Enterprise risk managers are finding that COVID-19 is resulting in less engagement with the company board

A Gartner survey of more than 900 audit and risk leaders on March 27th 2020 has found that most of their focus is on assessing the impact of COVID-19 on organizational operations and controls, as well as revising and executing the company audit plan. Just 4 percent of respondents reported that updating the board was their primary focus at this time, while 21 percent reported executing the audit plan as the top priority.

“Many enterprise risk management (ERM) teams are finding that the board and executive teams are postponing risk committee meetings and are not getting exposed to risk-based insights on the impact and opportunities associated with the crisis,” said Dan Herd, vice president in the Gartner Audit and Risk practice. to provide senior leaders with insight into the risks COVID-19 has amplified and provide action steps that are required to address these new or heightened risks,” said Mr. Herd. “These teams need to be proactive, getting ahead of committee meetings with relevant, business-focused agendas that demonstrate the value ERM provides in a stronger internal consultant role to the executive team in the midst of such uncertainty.”

Gartner says that while many organizations had included a potential pandemic as one of their top risks, few anticipated the severity of COVID-19’s impact to their operations and health of the business. ERM teams report that crisis management generally has been successful in terms of keeping employees safe and moving to a work from home environment, but organizations are struggling to manage the downstream effects of the crisis, such as disruptions in their supply chain, additional productivity-related concerns, and other third-party considerations.

There was a consensus among survey respondents that COVID-19 had dramatically altered the risk landscape most organizations face, introducing some very fast-emerging issues. Impacts such as a rise in mandatory/voluntary work from home, shift in customer behavior, preparedness for cost optimization, and third-party or supply chain risk all have accelerated or changed priority.

ERM teams are monitoring several implications of working from home becoming the new normal, such as cyber security risk, shifts in productivity, and how they can operate an ERM program remotely. For example, they are evaluating how to run a risk workshop while everyone is working from home. ERM teams are speaking with risk owners to determine how the risks they own have changed and if their mitigations are effective.

Immediate actions

The survey found that tactical measures that most ERM leaders are taking immediately are:

  • Updating risk assessments to account for changes in risks such as third party, supply chain and cybersecurity, and ability to execute remotely;
  • Working with senior leaders to ensure the organization does not adopt a disproportionately risk averse posture;
  • Working with senior management to ensure cost optimization decisions account for risk and potential impact;
  • Updating communications to the board and management with specific risk-based insights surrounding near-term COVID-19 impact and recommended actions steps.

“ERM should use its unique position having an enterprise-wide purview to extract lessons learned from the teams involved in managing the crisis,” said Mr. Herd. “These lessons include understanding the efficacy of business continuity and crisis management plans, interdependencies, and emerging risk sensing and assessment practices.”

www.gartner.com/en/audit-risk



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.