Rethink: Enhancing resilience through strategic risk management
As COVID-19 continues to challenge commercial life, it’s more important than ever for organisations to seek assurance over their risk and control structures and their response plans for the short, medium and long term. By managing risk successfully, businesses not only survive, but also enhance their resilience and position themselves to take advantage of new opportunities.
By applying BDO’s ‘Rethink’ framework, businesses can react effectively to the current crisis, build resilience for the future and ultimately realise long-term goals in the new operating environment. They can also develop a practical approach to identifying, analysing and mitigating risks associated with the COVID-19 pandemic and beyond.
As BDO’s Risk Advisory Services team has identified, the COVID-19 outbreak raises significant challenges for corporate governance. For example, some organisations may need to enhance their reporting and information systems to help the board monitor impacts on the business. Disaster plans may need reviewing, along with board and management succession plans.
Businesses also need to look afresh at their approach to risk management. Managing risk in a dynamic, agile way has never been more important. Businesses may need to adapt risk registers – developing a ‘working risk register’ to manage current risks while reacting to the pandemic, as well as a ‘recovery risk register’ to identify emerging risks during the period of transition to more normal operating conditions. When considering life after COVID-19, businesses need to think about risk in numerous areas, from impacts on the business model and supply chain, through to fraud exposure and cyber security. Being alert to the upside opportunities that change presents is also essential, now that new, smarter ways of working have been tried and tested.
As businesses respond in such ways, internal audit teams will have vital roles to play in risk profiling and delivering assurance over future business resilience in areas such as financial sustainability, supply chain management and IT. Internal controls may need to evolve to adjust to developments such as increased remote working. Changes to the control environment need to be handled in a structured way to safeguard the business and protect the integrity of financial reporting.
Key risk management areas for consideration as the UK emerges from the COVID-19 pandemic include:
- Infrastructure and technology – remaining compliant with data privacy requirements when more staff are working from home, personal information may be processed in different ways and other risks (e.g. supply chain visibility) may have increased
- Financial – maximising cash flow and financial headroom, as well as ensuring effective internal controls are in place to mitigate against the risk of fraud
- People – Protecting the health and wellbeing of all staff, reviewing policies (e.g. to embrace flexible working), assessing skills available for seizing new opportunities and identifying training requirements
- Supply chain – managing risks associated with factors such as the rapid onboarding of new suppliers and the need for new terms and conditions, as well as rethinking longer-term supply chain strategies to reduce vulnerabilities
- Leadership and ethics – supporting collaboration across the business, undertaking scenario planning and emphasising the importance of acting with integrity, even during tough business conditions, to avoid ethical failures that can damage brand and reputation
- Legal and compliance – keeping up with new legislation and regulations, assessing risk associated with employee rights as working conditions change, and revisiting contractual agreements, including leases and loans, in the light of current conditions
- Change management – rethinking the business model and way of operating over the next 12 to 24 months before developing a comprehensive change management plan that includes key areas such as financials, customers, employees, suppliers and digitalisation.
Get our Enhancing Resilience Publication
Head of Risk and Advisory Services, Midlands