What 2020 Taught Us About Risk and Resiliency
By most accounts, we are closing in on exactly one year removed from the timeframe when COVID-19 transitioned from a regionally-focused concern to a health crisis of global scale and consequence. For those of us that are part of the risk management community, we have all been trained to think about the risks on some basic level through the lens of likelihood and impact. COVID-19 was obviously not history’s first pandemic, but it was unique and taught us that likelihood however low has no ‘floor’ such that risks with large scale impact can go unmanaged. Adding pressure to this equation is the pace with which the impact of the pandemic was felt, not only due to the rapid spread of virus itself, but also the level of interdependency built into modern businesses.
The new realities can be vividly seen in the input of top executives in their assessment of key priorities for the business in 2021. Survey after survey of business leaders exhibit some consistent views:
Businesses must learn to be more resilient to broad, sweeping changes that can force a shift in both strategic focus and operational execution
This heightened level of resiliency can come only with effective enterprise wide operational risk management
A high digital IQ and the use of advanced analytical capabilities can be a force multiplier in their ability to predict, respond to, and recover from such disruptions
Obviously, Business Continuity Management (BCM) has long been an element of organization’s risk programs, but some approaches let us down through this pandemic. The typically siloed nature of BCM plans having some boundary (geography, business function, etc.) did not support businesses needs to recover in concert to an event as sweeping as COVID-19. And through that short coming they have fueled what we see as an active dialogue around the concept of Operational Resiliency—the idea of a plan for continuity and resiliency that is more conscious of the interdependencies within and across businesses.
As we consider the past as momentum to drive change for the future, it’s important be sure we have a handle on lessons learned, including some areas we saw success this past year in adapting the change and applying technology to adjust critical operations. As hard as 2020 was in so many ways, one redeeming element was observing several customers leveraging Archer to provide agility within acceptable boundaries of risk.
For example, a nonprofit health system supporting more than 1,500 doctors and 250,000 patients across 6 states needed to address a complicated physician, licensing and credentialing situation in response to a spike in demand. To secure temporary licenses for each physician in each state this customer used Archer to quickly build, collect, track physician information and licensing. They documented and built workflow for a chain of review/approval all the way up to the Chief Licensing Officer, and also automatically created an audit trail for historic reference. This flexibility greatly enhanced this customers’ ability to meet the urgent and expanding needs of COVID-19 patients.
A second example comes from one of largest family-controlled commercial banks in the United States, with over 500 branches across 19 states and $39 billion in assets. Their extensive ecosystem of suppliers needed to be quickly assessed in terms of risk for maintaining branch operations. Additionally, bank employee services and working capabilities needed to be assessed to ensure operations in a remote working environment. Archer’s Third-Party Risk solution was leveraged to quickly tailor assessments needs and gather critical information from suppliers that when combined with business impact analysis allowed the customer to understand vendor criticality and adjust plans accordingly.
Both of these examples are of course rewarding for me . . . seeing customers apply the capabilities of Archer in times of great stress gives a higher purpose to what we do. But they also tie to three existing trends in risk management that I see being fueled by the challenges of 2020.
Accounting for the complex interdependences that make up modern businesses. By now it’s understood that most businesses rely on an expansive ecosystem to deliver goods and services. A new urgency is shifting focus from cataloguing third-parties towards enabling a more proactive, ongoing assessment of vendors and operational or regulatory risk they pose.
The opportunity presented by leveraging technology platforms that truly understand risk. If ever there was an area of risk management ripe for benefits of a consolidated platform for assessing and managing risk, it would be BCM. The gaps that 2020 presented to organizations is one of the reasons we see leading analysts and other experts predicting that as BCM programs transform, many will move into an Integrated Risk Management (IRM) platform to better support responsiveness.
The value of peer insights that reside collectively within the risk management community. Within the Archer team we’ve been doing a great deal of research around the over 1,300 deployments of our technology, and how intersections across certain risk domains tend to correlate to higher measures of risk management maturity. 2020 created many opportunities for our team to apply the collective knowledge to help customers respond to new challenges.
These three take-aways from the events of 2020 remain very much on the minds of the team at Archer, and will be areas that in 2021 we look forward to continuing to work closely with customers and the risk management community to advance us all on the journey towards greater operational resiliency.
Read our Key Principles in Building Operational Resiliency whitepaper to learn from Archer experts about how to transform from business continuity to broader operational resiliency.