Risk management is proactive, peering around corners to identify uncertainties that may impact the ability of an organization to achieve its objectives. Crisis management is reactive, marshalling resources to respond to a risk that has already manifested and requires immediate attention. Both require senior leadership engagement to be effective, but the roles and methods can be very different. And that includes the Chief Risk Officer (CRO). If CROs are typically focused on addressing how current exposures might impact future results, what’s their role in the middle of a crisis, when a significant risk has already manifested? Many CROs have had to manage through crises, myself included, but the unprecedented nature of the current pandemic is stretching everyone into uncharted territories. The challenge (and opportunity) for CROs is to pursue actions that can add value to their enterprises, both in the immediacy of the moment and for the long-term. The following highlights two actionable considerations that cover two distinct time horizons.
Most organizations have established an all-hands-on-deck approach for their senior leadership teams to deal with the coronavirus outbreak. This is expected and appropriate. All aspects of organizational activity have been impacted, and all leaders have a role to play in dealing with the countless discrete challenges that are arising. But what about Chief Risk Officers? What should their focus be in the midst of this crisis management scenario?
When leaders are reacting in the moment, there is often little time to assess the impact of decisions being made. Given that reality, these decisions might be creating risks in the process of attempting to deal with the immediate crisis. Organizations don’t have to wait for unintended consequences of well-intended decisions to manifest before addressing these kinds of collateral risks. CROs are skilled at anticipating these very kinds of outcomes. Having them intimately involved in these discussions provides a real-time forward-looking perspective on the known (or even the seemingly unknown) implications of these directives.
In some cases, the CRO’s risk insights might inform specifics of the decisions themselves, leading to adjustments that seek to accomplish the initial objective but in a manner that doesn’t negatively impact some other part of the organization. In other scenarios, management may continue down the original path, but identify additional or alternative risk responses to decrease a vulnerability that may otherwise be created. Moreover, management’s ability to articulate the thoughtful, risk-informed process it followed in formulating its crisis response actions could also pay significant dividends in the future. Identifying risks upfront provides a record that may clarify real-time decisions to oversight or regulatory bodies in subsequent audits or investigations.
CROs bring a different lens to the crisis management table, advising their leadership colleagues on the risk-based implications of the rapid decisions leaders are being compelled to make. CROs can help anticipate unintended consequences, proactively plan for them, and maintain a record for the future — all without distracting from the immediate demands on management for timely action in the midst of the crisis.
The second perspective uniquely suited for CROs during a crisis such as the current pandemic is to anticipate the risks that their organizations may encounter when the crisis ebbs and it is time to ramp up normal operations. The vast majority of the leadership team is almost exclusively focused on dealing with the current organizational stresses from a vantage point that may not extend beyond a few days or weeks. But someone should be anticipating the challenges that may confront these enterprises when the “all clear” is given and the competitive pressures of the business world — or mission requirements in the public sector — are suddenly subjected to circumstances they never previously encountered.
Organizations will likely face risks across the full gamut from operations to compliance to financial to human capital and even to the very essence of the enterprise. Strategies may need adjustments based on new market realities. Internal operations and even organizational culture may require modifications, trying to maintain consistency with the mission, vision, and values of the organization. Each of these realities will introduce risks that were not evident just a few weeks ago.
The truth is that “normal” operations will likely not be normal in many respects right out of the gate. Organizations will encounter all manner of obstacles in their effort to return to normalcy. In order to avoid another kind of crisis when it is time to resume operational activities, someone should be analyzing these risk areas, anticipating likely scenarios, and developing risk responses that can be deployed in a proactive, rather than reactive, mode. This responsibility is perfectly suited for the organization’s Chief Risk Officer and can be performed with limited disruption to the pressing needs of the current crisis.
Most organizations are currently in crisis mode, reacting as best they can to the unprecedented health, economic, and operational challenges associated with the coronavirus pandemic. Chief Risk Officers have a unique set of skills and perspectives to provide insights and assistance to their leadership colleagues on how to minimize negative secondary effects from crisis-driven decisions. These insights can also proactively address the kinds of unanticipated challenges that may be farther down the road. These views might otherwise be missed in the midst of the crisis. CROs should seek to fill these gaps and do what they always do, seek to enhance their organization’s ability to achieve its strategic objectives, both during the immediate crisis and far beyond.