Bouncing back with authority: resiliency and the evolution of risk management

May 3, 2023

People walking on an elevated walkway between buildings.
Share on LinkedIn Share on Facebook Share on X

We’ve known it all along, but it took a global pandemic to drive the lesson home: Resiliency and adaptability are the cornerstones of a successful risk management program. At this week’s RISKWORLD®, the 2023 RIMS conference and exhibition, we had the opportunity to explore the concept of resiliency and how the risk management profession has evolved in recent years. Outlined below are some of the ideas shared there.

What is program resiliency?

In a previous blog on mental wellness, my colleagues discussed the quality of personal resiliency, citing the popular definition of “positive adaptation … and the ability to bounce back from, cope with, and adapt to unfavorable or stressful situations.” The same principles apply to organizations, too. An adaptable risk management function is critical to an organization’s capacity to withstand the shock of a crisis and bounce back with authority.

Key qualities of a resilient risk management program include:

  • Fortitude: Strength in the face of adversity and the ability to absorb disturbance.
  • Redundancy: Backup systems and excess capacity to support the maintenance of core functionality in the event of a disturbance.
  • Flexibility: Ability to adapt in a crisis, resourcefulness to respond appropriately, and openness to transforming a negative event into a positive opportunity.
  • Mobilization: Readiness to respond quickly in the face of a crisis.
  • Readjustment: Capacity to regain a degree of normalcy after a crisis and to learn from the experience.

From defense to offense

Whereas risk managers once focused on playing a strong defensive game rooted in identifying risks and responding quickly to incidents as they occur, today’s professionals must now master a host of offensive strategies. They have to anticipate the possibility of wide-ranging disruptions to the workforce, operations, revenue, supply chains and more — and pivot instantaneously to accommodate conditions changing at the speed of light. The need for a strong offense against unexpected disruptions of all types and at any time has elevated the value and prominence of the organizational risk management function.

The seismic shift from defense to offense can be attributed to two main factors:

  • Risk velocity: This refers to how quickly a risk, once exposed, impacts the business. A prime example of swift risk velocity is the severe shortage of infant formula the U.S. experienced in 2022. Multiple issues contributed to the fast-moving crisis, including manufacturing challenges leading to product recalls, supply chain and distribution disruptions, OSHA investigations and regulatory limitations. Whereas a crisis of this nature in years past might have been better contained by risk management professionals and more quickly rectified, the rapid pace of change and information sharing in today’s world magnified its immediate and widespread impact.
  • Risk complexity: Trends like increasing globalization, rapidly changing regulatory environments, talent shortages, technology innovations, extreme weather events and more have created a highly complicated web of risk dependencies. (For more on risk complexity today, read this article in the latest edition of our digital magazine, edge.) Look at the far-reaching, trickle-down impact of the semiconductor shortage on the automotive industry and auto liability claims: Social distancing prompted by COVID brought many microchip factories and distribution channels to a standstill. It also created overwhelming demand for electronic devices as people transitioned to remote working and learning. The combined result was a lack of semiconductors for use in the safety and infotainment systems of new vehicles and auto repairs. The convergence of these issues, along with inflation and other economic considerations, has led to rising costs in auto claims. Because risk factors are so heavily interconnected in today’s complex landscape, risk managers must now take a broader view and preemptive measures to protect their organizations.

Preparedness for what may lie ahead

The role of risk manager has gotten harder over the years, but it’s also gotten a lot more interesting. Risk management professionals are in a position to make a meaningful organizational impact by addressing a wide range of operating challenges. They can no longer operate in a silo, but rather must have visibility into and understand all aspects of the business.

The following are recommendations to help risk managers build program resiliency:

  • Follow the data to understand your exposures: It’s not enough to have a bird’s-eye view of the organization. Keep a close watch on the numbers to know where the organization’s most significant risks lie — and where they are headed.
  • Secure executive buy-in: Engage leadership in the planning process, and make sure they appreciate how the direction of the risk management function helps to protect and future-proof the organization.
  • Tell a compelling story: Related to the importance of securing buy-in is the ability to relay your risk management narrative in a meaningful way. Risk managers must be able to show their efforts are beneficial to the organization as a whole.
  • Keep learning: Continually evaluate, and learn from your successes and your mistakes. That’s the surest way to build something better for the future.