Six Ways the KRM22 Enterprise Risk Cockpit can support your firm during the COVID-19 crisis
The COVID-19 crisis will, in the short term, require firms to focus on one thing: survival. However, as the crisis hits and rapidly unfolds, too many firms will find their enterprise risk management approach and systems lacking. Typical issues that will quickly become apparent are;
- Too many risks that do not threaten the survival of the firms are reported and managed, creating noise within the executive & board. However, too few (if any at all) that genuinely threaten survival are given the attention they require.
- Related to the first point, firms have a habit of monitoring ‘known risks’; risks which are relatively easy to monitor. Unfortunately, this creates a false sense of comfort and control. Executive and Boards need to regularly and robustly challenge the risks reported to them, bringing to bear their experience and what they see in the real-world.
- The risk management ‘drumbeat’, particularly within enterprise risk is aligned to monthly or even quarterly executive and board meeting cycle rather than the business ‘drumbeat’ i.e. real-time.
The KRM22 Enterprise Risk Cockpit was designed from day one to be a real-time application. This means that as this crisis unfolds and changes, often very quickly, these changes are reflected into the firm’s risk profile in real-time. This enables real-time decision-making and supports communication around the firms actions throughout the crisis.
There is an old mantra ‘you can’t manage what you don’t measure’. In the midst of the COVID-19 crisis it might be tempting to move into a reactive mode and deal with the next urgent issue. However, this is not the optimal approach; now is the time to focus solely and intently on your most critical key performance indicators (KPIs). Use these KPIs to generate early insights into the current (new) reality and understand if you and your team are making the right decisions to adapt, survive and recover from the COVID-19 crisis.
The KRM22 Enterprise Risk Cockpit provides powerful metric functionality enabling firms to define measures and indicators, including KPIs, in real-time, set thresholds to generate RAG or RAGAR status and alerts.
Metrics can be easily linked to various internal and external data sources so rather than using excel or similar ad hoc tools to manually report KPIs on a monthly basis for executive or board meetings, use the Risk Cockpit to deliver critical financial and non-financial KPIs in real-time to enable better, faster decision-making at all levels in the business, in real-time.
Throughout the COVID-19 crisis, firms will need to make decisions, quickly and with limited information which will change rapidly. In this environment, firms need to ensure that once decisions are made, they are implemented quickly. As the situation changes, having real-time status updates will be important as firms continuously adjust and adapt their responses to the crisis.
It was always our philosophy that the Enterprise Risk Cockpit should not just provide insights into the firms risk profile, but should also provide the functionality to manage the implementation of decisions and manage change via initiatives and task. This means firms can proactively manage on an exception basis, bringing risks back into acceptable boundaries and drive performance improvement when thresholds are breached.
“Events, dear boy, events” is a quote often attributed to former British Prime Minister, Harold Macmillan. Managing events in real-time as they emerge throughout the COVID-19 crisis will be critical to your firm’s ability to adapt, survive and recover.
The KRM22 Enterprise Risk Cockpit enables firms to capture events in real-time either via a API or manually. To enable firms to effectively respond and manage events, the Risk Cockpit includes powerful initiatives and task management capabilities, including the RACI accountabilities model.
For senior decision-makers, under pressure from the recently introduced SMCR regime, the Risk Cockpit provide powerful, visual timeline dashboards for events within your accountability ‘Line of Sight’, highlighting ‘neglected events’, and all the activities completed and open related to the event.
This gets senior decision-makers out of their inbox, stops them wasting time chasing multiple email threads to try to under the status of events and related initiatives and tasks. Instead they are able to monitor all events using a ‘real-time’ status timeline dashboard; creating clarity of action and freeing up senior management time to focus on managing the overall COVID-19 crisis.
As the COVID-19 crisis evolves, your definition of what is critical to your business will change. Therefore, it is important to define, for each crisis level, clear, immediate objectives and a set of critical activities (processes and initiatives), systems and assets to be protected and managed.
For your firm to successfully get through COVID-19, and to be positioned for rapid recovery, your brand, your people and your information assets are going to be particularly important. Therefore, particular care must be given to managing these through the crisis.
If your firm has implemented CIA triad (confidentiality, integrity, and availability) for information assets, use this prioritise and re-prioritise as the level of crisis changes.
Review your process architecture and portfolio of change initiatives to determine what is the earliest point when individual processes and initiatives can be shut down and restarted.
If your firm uses the ‘big three’ business continuity indicators; Recovery Time Objective, Recovery Point Objective and Maximum Tolerable Period of Disruption, these should inform decision-making as the crisis evolves.
COVID-19, along with a very ill-timed oil price war has triggered a market correction which has gone further, faster than any previous financial crisis. This will create causalities across the financial sector and will ripple out, at the speed, to those industry which provide services to financial services firms.
In this environment, firms need to double-down on their 3rd Party Risk and Counterparty Risk processes. Changes in the risk profiles of individual 3rd Parties or Counterparties must be quickly integrated into the firm’s overall risk profile; the right people alerted and critical changes managed.
3rd Party and Counterparty Risk are two risk disciplines which feed into the enterprise risk discipline and are supported with specific functionality within the KRM22 Enterprise Risk Cockpit.
With its ability to monitor, measure, analysis and optimise risk across the boundaries of the firms the Risk Cockpit enables firms to manage and collaborate with their 3rd Parties and Counterparties in real-time; identifying potential issues early and working together to minimise their impact together.