We previously discussed what learning can be taken from Aon’s risk survey.

Now we will discuss the response and consider if COVID has changed risk management.

The question as to how to manage some of the risks identified is not straightforward. General uncertainty is prominent in the results and traditional risk management may not be enough. The answers may lie in broader scoped risk identification, but also in business continuity preparation, crisis management and general resilience planning.

For example, increasing competition (No. 8 in the survey) appears to be a fundamental commercial reality, representing opportunity and risk. In the world of professional service firms there is clearly a convergence occurring and in part it is being enabled by the application of technology. Increasing competition is therefore a strategic issue and arises from fundamental issues around purpose, strategy, resources and changing client demands.

It seems that a new awareness is emerging of the Grey Swan type of threat that is changing the approach to risk management. In the Risk Frontiers Europe 2021 Risk Survey, 50% of respondents said that COVID had changed the approach to RM in their organizations.

Why is this important?

• Future hazards may be outside of a conventional and narrow risk identification exercise, and a fresh look with a wider set of tools may be required.
• Even if risks are identified, can probability usefully be assigned? How does one plan for a 1 in 50-year event? In fact, professional service firms tended generally to have rigorous business continuity plans and with the assistance of technology were able to continue to function with risks to revenues arising from client demand rather than internal operational risks. In fact, of course client demand in some areas increased to deal with challenges being presented.
• There is now more attention being paid to the interconnectivity of risks; links between pandemics, business interruption and cyber security, being one clear example. Risk management is therefore ideally on an enterprise basis and includes a degree of systems thinking where interdependencies and externalities are considered, mapped, and assessed.
• There are parallels here with ESG, a very topical debate in financial and risk circles. The links between governance, societal risks and environmental concerns are strong and, in many cases, complex and require an organizational response that transcends internal boundaries.

Dealing with Uncertainty

There is no one plan for uncertainty, and insurance is often not the answer since there are limits to insurability where risks need to be defined and quantified. Low probability but severe risks have uncertain features for wide range of reasons, and the complexity is magnified by lack of recognition or prioritization and preparedness.

This happens due to psychological and organizational barriers often resulting from internal bias around optimism, the status quo or loyalty to long held beliefs.

An important factor is the degree to which a risk can be mitigated, and if the residual risk then falls within an organization’s risk tolerance.

The final lesson is resilience. We have seen that effective use of technology and the value of Business Continuity Management plans, which did not necessarily have a pandemic in mind but served to avoid disruption. Resilience implies an ability to adapt to the unexpected for operational and people risks.

Future risk headings clearly include cyber, digital, political and ESG. It will be necessary to explore them with detailed risk identification and mitigation planning. What will I do differently in the next pandemic? To end with Dwight Eisenhower’s advice, “I have always found that plans are useless, but planning is indispensable.”

Contact

The Professional Services Practice at Aon values your feedback. To discuss any of the topics raised in this article, please contact Keith Tracey.

Keith Tracey
Managing Director
London