COVID-19 updates 21 September

Some IoD courses and events may be affected by changes to alert levels. Read more

Future IoD

We are now working on transitioning to the new IoD Rules. Find out more

The keys to building a more resilient business

type
Article
author
By Marsh
date
9 Sep 2021
read time
3 min to read
Abstract blue glass building

The Marsh New Zealand Directors' Risk Survey is currently open for New Zealand directors and will close 20 September 2021. We welcome director input into the key risks facing organisations in Aotearoa.


This following is an excerpt from our 2021 
Risk Resilience Report: Keys to Building a More Resilient Business.  We surveyed nearly 1,000 organisations across nine regions around the globe representing 30+ diverse industries. The survey explored organisations’ practice of and attitude toward risk management.

Risk and reward

Organisations operate in a hyper-connected world of risk, where seemingly isolated events expose the fragility of global systems. From the grounding of a container ship that shut down the Suez Canal to the ongoing COVID-19 pandemic, recent events demonstrate the increasing interconnectivity, impact, and velocity of risks.

While businesses are challenged to better plan, prepare for, and respond to shock events, other risks can unfold over a longer time. These risks, such as geopolitical change and regulatory issues, while often slower to evolve, can have similarly pervasive consequences.

Looking at current and emerging risks, one thing is clear: Organisations must be resilient. More than ever, resilience is crucial to organisations’ ability to compete and achieve strategic growth. 

Organisational resilience encompasses more than business continuity planning and the capacity to absorb negative events. Beyond the ability to recover quickly from and respond to events, resilience enables organisations to both foresee upcoming threats and capitalise on opportunities.

A risk resilient organisation is able to minimise losses and quickly resume business as usual following an event — and more. A risk resilient organisation has a strategic competitive advantage over less-prepared peers because it seizes growth opportunities during times of operational and/or financial stress.

The journey to resilience

While gaps in perception vs preparedness leave organisations vulnerable to immediate and long term disruptions of their business operations, assets, and revenue streams, the journey towards resilience involves four common steps and behaviours. Together, these steps can transform risk management and support organisations in becoming more resilient:

  1. Anticipating risk
  2. Connecting risk to strategy
  3. Avoiding gaps in the perception of preparedness
  4. Measuring what matters.

In applying these steps, increased visibility into, accountability for, and collaboration on risk must span across organisational roles. From traditional risk management functions to IT to compliance, legal, HR, and more — along with your trusted risk and insurance advisor — we all have a part to play in bolstering risk management strategies and building more resilient organisations.

Risk impacts on core business areas

We analysed six emerging risks in relation to the impacts they have on organisations’ core business areas: human capital, clients/ customers, market/ stock price, physical assets, reputation, and supply chain.

1. Cyber risk

Clients/customers and reputation are viewed most often as being impacted by cyber/technology risk.

46% of respondents said their organisations can withstand the financial impact of a significant cyber attack. However, less than one-third of that group forecast and model cyber risks, inviting the question: How are organisations are sizing the financial risks from cyber attacks?

2. Emerging technologies

Clients and customers are the areas most often seen as being highly impacted by emerging technologies' risk followed closely by supply chains and human capital risks.

More than 80% of organisations surveyed indicated they are prepared or highly prepared for risks from emerging technologies. Yet more than 30% say they are challenged to identify, respond to, and implement changes based on emerging technologies.

3. Climate/ ESG

Clients and customers are the areas most often seen as being highly impacted by climate/ESG risk followed by human capital and supply chain risks.

While 85% of respondents rate climate/ ESG risks as either important or very important, 45% say they have an ineffective or no process for identifying, responding to, and implementing changes based on climate/ESG risks.

4. Geopolitical

Nearly 60% of companies believe geopolitical risk impacts or highly impacts their clients, customers and supply chain. Only 16% of firms with revenue under US$10b monitor geopolitical exposures.

5. Pandemic

About 60% of respondents said the pandemic either impacts or highly impacts human capital and supply chains. While 46% of respondents say they have a model-based approach to pandemic risk, only 28% believe they are highly prepared. 

6. Regulatory

Clients and customers, supply chains and reputation all seen as areas being highly impacted by regulatory risk.

While 10% of respondents say they are not well prepared for regulatory risks, 73% say they only partially measure regulatory risks — or not at all. This indicates a significant disconnect in organisational perception around regulatory risks.

Is your organisation resilient?

Given the ever-changing nature of emerging risks, it’s not a surprise that resilient organisations tend to outperform their peers. There is a direct correlation between resilience and viability, growth, and competitiveness.

The path to becoming more resilient will be different for every company, but the journey involves four common steps and behaviours:

  1. Anticipation: expect the unexpected
  2. Integrate risk management and strategy
  3. Gaps: avoid misconceptions or preparedness
  4. Metrics: measure what matters.

To begin a journey towards building resilience, it is important for organisations to raise some questions internally:

  • Do you have a robust mechanism in place to anticipate future risks?
  • Can you model and forecast the risk once you have identified it?
  • Are you agile enough to identify, respond to, and implement risk management measures?

Finally, we found that resilient organisations tend to develop a cadence to continually challenge risk assumptions and will also adopt a long-term perspective to risk.

 

Marsh logo 

Related content