By Leah White
The past year has introduced unprecedented levels of personal and professional change. Terms such as “social distancing” and “self-isolation” are now part of our everyday vocabulary. Many of us saw our revenues nosedive as we were forced to close our businesses—temporarily or permanently—to reduce the spread of COVID-19. We fought to keep our organizations afloat, all while home-schooling our kids, looking after co-workers, and ensuring the safety of aging parents.
While the pandemic has presented many unpredictable sources of stress, we can empower ourselves by proactively assessing and planning for risks that are within our control.
What does this have to do with risk management?
Risk management addresses uncertainty. It involves proactively thinking about things that could affect your organization in order to reduce the likelihood that they will happen in the first place and to be prepared if they do. It’s about anticipating setbacks and developing a plan to deal with them.
Let’s put this concept into practice with an example. We all use IT systems, and the pandemic has increased our reliance on them. But hackers know this too—cybersecurity incidents have skyrocketed, and you’ve likely received at least one phishing email trying to convince you to click on something harmful. A successful ransomware attack on a business can be catastrophic, and some organizations have spent months (and many tens of thousands of dollars) trying to recover.
Once you’ve identified cybersecurity as a risk, the next step is to determine whether it’s a risk you’re willing to live with, or whether you want to put some additional processes in place to reduce your risk, such as awareness training for employees, up-to-date antivirus software and firewalls, cyber-insurance, or an incident-response plan.
Much of the stress from the pandemic comes from unanticipated negative events. But what if we take a step back and think about the potential risks that could affect us and our organizations so that we feel prepared for them? A detailed risk-management plan follows the same logic as having a fire-evacuation plan or taking a self-defence class—it outlines concrete, actionable steps to mitigate harm. There’s a degree of comfort in knowing how to take control in a tough situation—like a cyberattack or a pandemic.
If you haven’t implemented risk management in your business, consider these simple steps, and know that no matter what happens, you’re in control.
Identify: Proactively think about potential risks to your business.
Assess the impact and likelihood: Prioritize risks based on the highest impact (how much they could affect you) and the likelihood that they could happen.
Close the gaps: If you have a lot of high-priority risks, think about what you can do to reduce the impact or likelihood, such as stronger internal control procedures or more insurance.
Develop a response plan: No matter how much you’ve put in place to prevent a risk, you’ll never reduce the likelihood to zero. For high-impact risks such as cybersecurity, make sure you have a plan in place to deal with the consequences of a security breach if it happens.
Don’t stop: Risk management is an ongoing process, and risks are constantly changing.
Make sure you regularly set aside time to think about those changes, how they might affect you, and whether you need to strengthen your internal controls to address them.
A proactive, comprehensive risk-management plan could help you transform uncertainly into an opportunity for growth. If you’re interested in learning how your business could benefit from a risk-management plan, please reach out.
Leah White, is a Partner with Grant Thornton LLP and the Risk and Forensics Leader for Atlantic Canada. Leah has a proven ability to identify the business and technology risks and to develop practical action plans to help organizations reach their goals. She has in-depth experience providing risk assessment, internal audit, controls consulting, and cybersecurity advisory services to a wide variety of industries.
Contact Leah White at Leah.White@ca.gt.com or +1 902 491 7718.