Risk management in a post-Covid19 world
Covid19 has been a wake-up call for lots of organisations, who have had to implement major changes in extremely short timescales. In many organisations risk management has had very limited input into operations, even though risk managers knew (or should have known) that a pandemic has been a major risk for years. It's been on the UK's National Risk Register of Civil Emergencies since it was created in 2008.
Although we're still in the response phase of the situation, organisations need to be looking at how they can return to normal (whatever 'normal' looks like), and what they want their risk management functions to deliver going forward. This should be a perfect opportunity for risk management to be positioned front and centre within organisations, providing timely, actionable information to decision-makers and departments, including quantified analysis of risks, scenario-planning, training, and much more.
Covid19 has shown that colourful heatmaps, qualitative scoring measures, quarterly risk meetings, risk registers, and all the other activity which passes for risk management has had little or no impact in providing the information that leaders need to run the organisation, to look after their people, and to achieve their objectives. Auditors need to be looking at how effective their risk teams have been, and insist that they deliver more.