Remain resilient by being aware of the ‘not-so-obvious’ risks

Tiisa Group - Outsourced Risk Management
Pearl Hlabangana

An organisation that doesn’t manage its risks, is an organisation that is destined to destruction. Staying alive is an instinct that, without even realising, is built into the operations of most organisations. Research shows that in most cases businesses are confident that they can recover their operations against ‘anticipated’ risks – such as natural disasters, legal, regulatory and financial risks. This confidence comes from the fact that these categories of risks are planned for and in some cases rehearsed. However, the risk landscape of doing business today has grown increasingly complex and the question most organisations should be asking is whether they would be able to handle the unknown?

The closure of any business that has been existence for some time, irrespective of their size, should be a wakeup call for all. Instead of seeing it as someone else’s problem, we should seek more to understand the real reasons. What in that organisation impacted its ability to be resilient? Then turn the same question on our own organisations – Would my organisation have been resilient enough had it been in the same or similar situation?

I want to caution that it is in the unforeseen incidents within known risk categories that we find ourselves unprepared.

Below are two examples of these:
• Negative cashflow within a business. For any business to survive it needs cashflow, it is what pays the bills. However, even a profitable business that has adequate financial controls, cannot always anticipate risks such as negative prolonged cashflow interruptions. A prolonged period of negative cashflow caused by an unforeseen circumstance e.g. a major supplier that can’t make payment on time can send any business into a downward spiral.

• Intellectual property lawsuits. This is something that most businesses don’t think of as an unforeseen risk. This is because no organisation goes into business wanting to copy or plagiarise another organisation’s material or assets. But what if someone who works for your organisation does something wrong like use an image without permission or use another company’s name or image incorrectly – unintentionally or naively. A lawsuit from such can come with a heavy price tag and potentially irreversible reputational damage.

If we agree that unforseen incidents can bring an organisation to its knees, how does an organisation ensure they are prepared? It is about a changed mindset. A mindset of not only monitoring the known risks on the risk register, but being aware of the not so obvious risks, and prioritising mitigations to ensure that the organisation is prepared.

Everyone needs to understand that in every area of the business there is an element of risk – be it the accountant who notices defaults or late payments from vendors or a receptionist with an active social media presence – risk is everywhere and should be on top of mind and raised by e-v-e-r-y-b-o-d-y. This is part of going beyond standard practices to monitor near misses and picking up on incidents that can escalate to significant risks. Everyone in the organisation needs to remain vigilant of the not-so-obvious risks and play an active role in identifying, reporting and managing risks to build resilience.

In conclusion, it is becoming clearer that the role that each individual plays with regards to risk management is far more significant than understood or prioritised. It is not only the responsibility of the risk management teams. Building a resilient organisation is going to require increased awareness and a change of mindset to proactive contribute to existing risk management practices in order to build resilience in the organisations.