The definition of risk management is to ensure the survival of an organization and the delivery of its services regardless of the circumstances. But, in a world where crises are becoming more frequent and more severe, disruptions are increasingly difficult to predict.
Today’s businesses face environmental and public health pressures, geopolitical tensions, social disruptions, cyber threats, business challenges, macroeconomic crises, regulatory changes, etc.
The impact of unforeseen events is tougher on small and medium-sized companies, mainly because of the possibility of losing physical inventory and damaged infrastructure. At the same time, larger companies not only have to look after their own survival but also that of their supply chains.
Companies must therefore move from a risk management approach to one of strategic resilience. In the past, risk management was defined primarily by financial risks. However, as our operating environment becomes more dynamic, companies must look for more holistic and long-term strategies. Maintaining financial stability during a crisis is not enough if stakeholders’ trust is lost along the way.
How did the Covid-19 pandemic change businesses’ approach to risk and resilience?
The pandemic crisis revealed the true value of resilience management for business leaders. The severity of demand shocks and supply chain disruptions brought companies worldwide to the brink of disaster. When Covid-19 hit, many companies still had a defensive risk management approach, as it was reactive rather than proactive.
The effect of the public health crisis was to broaden leaders’ view of one or two risks that they had previously considered worth preparing for. For example, many companies had never considered focusing on workplace safety and being ready to deploy the infrastructure to enable remote working. They also had to watch out for cybersecurity breaches that work-from-home security vulnerabilities allowed. In short, the global pandemic has made risk and resilience much more critical and complex for organizations.
Reactive versus proactive resilience
Risk management must move from a reactive to a proactive mode, and it must be integrated into a broader business strategy. This is how companies can move closer to corporate resilience.
While the pandemic left a lasting impact on the way companies deal with risk, many have yet to take a broader perspective. Fundamentally, they have not embraced the reality of our crisis-defined environment.
The next crisis is just around the corner, and many risk being dragged down again. For example, the asset tax reform currently being debated in Colombia has the potential to destroy its growing tech startup ecosystem.
A cross-functional, holistic approach
A fragmented and siloed approach to resilience will never really work. Companies tend to retreat to this defensive approach to risk, which will only prove to be a bad decision in the long run. Instead, companies should strive to integrate risk with other core functions on a more permanent basis.
As systems become more interconnected and catastrophic events become more frequent, risks also become more complex and unpredictable. But it is the interconnected nature of businesses around the world that makes it critical for companies to develop cross-functional capabilities and strengthen resilience in strategic areas.
During the pandemic, Toyota was the only automaker equipped to deal with the chip shortage. But how did they manage it? The tragic earthquake and tsunami that struck Japan in 2011 severely affected Toyota’s production and supply. Following this event, the company embarked on an improvement strategy and a business continuity plan with its key suppliers. The plan required suppliers to stock between two and six months’ worth of chips. This measure ultimately put the company in an advantageous position when the next crisis arose.
The company did not settle for fixing what was broken but used it as an opportunity to build solid foundations. This is a great example of how adopting and integrating corporate resilience into long-term strategy becomes a competitive advantage in times of disruption.
A broader spectrum of resilience capabilities
There are as many types of resilience capabilities as there are core functions in a company. Each strategic node will translate into a particular type of resilience.
Financial resilience is the most obvious: when revenues fall, credit problems arise, or costs increase, companies with sufficient liquidity and a strong capital position will be able to ride out the storm.
Operational resilience was particularly impacted during the pandemic, as it refers to how production capacity remains stable during operational disruptions. When companies fail in this instance, we see product shortages or products with a reduced quality.
Technological resilience means avoiding cyber threats and technological breakdowns, and organizational resilience refers to a company’s ability to attract and retain talent in strategic areas.
Reputational resilience is sometimes overlooked. This happens when companies that do not align their values with their actions and words are held accountable by their stakeholders, and regaining their trust is very difficult.
Foresight capabilities encompass all these types of resilience, and it stands for crisis scenario testing. Organizations can study relevant data to develop these crisis scenarios and discover resilience gaps accordingly. This is one of the most effective methods to anticipate and prepare for future crises.
The pandemic certainly transformed companies’ awareness of how to manage disruptions and crises. Many developed tools that helped them recover, but most companies have not adopted strategies to navigate the continuously dynamic and uncertain environment in which we live.
In the future, disruptions will be different and increasingly unpredictable, especially as environmental catastrophes become more frequent and extreme. Incorporating strategic resilience will be decisive for companies to withstand not only the primary impact of shocks but also their second-and third-order effects.