5x5 circular image thick green

Perspectives

Improve risk management in uncertain times

Proactive approach to reimagining risk management

COVID-19 has tested many organizations and shown that there's a clear need to improve risk management and be better prepared during uncertain times. This quick, 5-minute read outlines five actionable risk management insights that risk leaders, executive teams, and organizations can take today to elevate business agility within risk management.

5x5 series: Rebooting risk management

COVID-19 presented an incredible test for risk management. And in some organizations, the risk function wasn’t fully prepared for an event of this magnitude. Even after the past 20 years of continual disruption, risk management is too often misunderstood or mistakenly thought of as a compliance function. How can risk leaders break the mold and elevate the role of risk management? Read on for five ways your organization can reboot risk management.

5x5: Rebooting risk management
5 insights you should know 5 actions you can take
COVID-19 revealed that many organizations didn’t have well-designed crisis management programs in place. Before the crisis, some organizations primarily engaged in risk management that could be termed performative. But an uncertain environment likely means that the next crisis will not be any more predictable than 9/11 or the Great Recession— meaning it’s time to put an end to performative risk management. Prepare for the next crisis. Although it’s impossible to identify all conceivable risks and risk events, connecting an evolving risk profile with implications and actions—through scenario planning and simulations—can enable a transition to more results-oriented risk management.


Cultivating stakeholders’ trust requires risk leaders to think deeply about the organization’s ecosystem of stakeholders. Leaders throughout all levels of an organization should rely on a well-designed risk management program, but many risk programs are laser-focused on the obvious internal stakeholders. It’s critical that risk teams think broadly about their expanding web of stakeholders. Build trust among stakeholders. Risk programs should be designed around the needs of all stakeholders—including customers, employees, vendors, investors, the media, and society. A leading practice is to start by creating a map of stakeholders within the organization, those stakeholders’ needs, and how they’re being met. Think further than the typical stakeholders of risk management.
Many organizations don’t know what risk management costs or what value it provides. But a risk reboot can help elevate the role of risk by identifying new opportunities to deliver value.

Elevate the role of risk management. Risk leaders should understand not only risk, but also priorities of the business. To show the true value of a risk, leaders should be able to articulate how risk management can protect the organization and allow it to take risks.
When a crisis strikes, management needs a clear picture of current and potential developments. But risk management often lacks access to data, analytical firepower, and the ability to communicate with leadership in real time. In fact, 68% of organizations surveyed in Deloitte Touche Tohmatsu Limited’s Third-Party Risk Management Survey noted real-time information, risk metrics, and reporting as areas of improvement.1 Generate and disseminate risk intelligence. A successful risk reboot can empower leaders with access to data, analytical tools, and reporting mechanisms. Risk leaders and their teams should identify the tools that can help them provide early warnings of emerging risks to further support decision-making along with actionable insights and recommendations.
As deadly and damaging as COVID-19 has been, it has provided valuable business lessons regarding what a truly unanticipated major risk event can do. Those lessons have—in turn— revealed new ways of perceiving risks and new ways of creating value, even in the face of future events of similar proportions.

Shape—or be shaped by—events. External complexities, combined with complex internal processes, present the need to address the highest risk reboot priorities. While priorities vary, they’ll often include one or more of the following: elevating risk management, delivering measurable value, and positioning to thrive after the next unprecedented event.

1 Deloitte, Extended enterprise risk management (EERM) Third-party risk management (TPRM) global survey 2020.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?