Has there ever been a more important time to be monitoring new and emerging risks to your organisation? Perhaps it is becoming one of 2020’s most overused words that we are living in “unprecedented” times.
The emergence of the global coronavirus pandemic this year has forced every organisation to review its business continuity plan and take a number of other steps to ensure the safety of employees and clients, modify operations, change marketing priorities and shore up the financial position.
On the subject of coronavirus, CBB have shared a link to some resources available through the South Australian Department of Human Services via our LinkedIn page which readers may find of interest. Other information is available from the NDIS Quality and Safeguards Commission.
However, even in the midst of this significant risk scenario unfolding, there are other emerging risks that also need regular attention.
We have seen the impact of the summer bushfires which has been a challenge in some regions, and put together with current job losses and share market volatility will put pressure on donations to some not for profits . Regulatory changes are emerging with the Disability and Aged Care Royal Commissions, and the NDIS continues to evolve and make changes almost daily. Cyber attacks have continued, and not for profits are not immune from events like this. Social behaviours have changed as a result of shutdowns within society now, and it remains to be seen how society will permanently change after the current crisis.
Last month we looked at the specific risk in relation to whistleblowing after issues at World Vision. You can click here to go back to that article. We have also written recently on steps to protect your organisation from cyber risk.
It is important that Boards and management committees regularly review and monitor for new and emerging risks, and that risks other than the coronavirus still remain part of regular board discussions.
The frequency of reviewing risks and the risk register will vary depending on the complexity of the organisation, pace of internal and external change, and risk exposure. Whilst lower risk organisations in a stable environment might review risks quarterly, many organisations should look at it more frequently.
However, best practice organisations make risk a part of the business as usual with regular monitoring of the internal and external elements of the organisation for changes, and then alerting decision makers to these changes in a timely way, so that appropriate actions can be taken.
We believe that best practice risk management monitoring includes the following:
- Ensuring a well-constructed risk register is in place and reviewed regularly for changes.
- Undertaking broad engagement across the organisation to identify new and emerging risks, ensuring that different perspectives are taken in to account and the full range of risks have mitigation plans.
- Risk appetite is discussed, understood and calibrated across the board and management, with changes made as context changes.
- Making a report on new/emerging risks a regular part of the board reporting template helps the Board and management team consider the risks in a timely manner.
- Including responsibilities within key management team member position descriptions to monitor and report on risk.
- Monitoring of relevant internal KPIs (staff turnover, safety incidents etc) to look for emerging internal trends and risks.
- Involvement in industry forums and conference attendance to hear from thought leaders on how the market is changing and new risks that are emerging.
- In coming months and future editions of Foreword, we will provide more suggestions on how to develop your risk management to a greater level of maturity and integrate it into everyday decisions and business practices to provide a robust framework for managing risk.
If you have a topic that you would like us to consider when writing more about risk, then please get in touch with us and we will endeavour to include it in a future edition. HOW??