The recent announcement of the official end of the COVID-19 pandemic makes this a good time to review the five types of risk. During COVID, business tended to focus on only two of the five risk types; however, organizations that want to prosper over the long term need to be cognizant of and plan for all five kinds of risk.
Related on MHA Consulting: The ABCs of ERM: The Rise of Enterprise Risk Management
The government recently announced the official end of the COVID pandemic. This makes this an opportune moment to remind everyone that there are five types of risk—and that the prudent organization takes all of them into account.
During COVID, business focused mainly on two types of risk: operational and financial. This made a certain amount of sense during the most acute phases of the pandemic. In many cases, operations- and finance-related risks pose the most immediate threat.
However, for long term security, businesses need to balance a concern for those areas with vigilance about the other types of risk: strategic, compliance, and reputational. Over the medium and long term, these last three risk types have the power to do grave injury to the company. The wise organization develops strategies and plans to mitigate and prepare for all five types of risk.
In one respect, COVID continues to distort people’s approach to risk. It does so because recency bias makes recent past events loom the largest in people’s expectations of the future. Today many business continuity professionals are worrying disproportionately about the possibility of another pandemic, to the exclusion of other threats. Another pandemic could occur. But it’s also possible the next threat that impacts your organization will be something totally different. Organizations need to consider all types of risks, not just focus on preventing what has happened in the past.
As indicated above, the five types of risk are operational, financial, strategic, compliance, and reputational. Let’s take a closer look at each type:
The company that wants to protect its future continuously assesses and mitigates its risks across all five of these areas.
I mentioned previously that COVID has distorted some people’s assessment of likely future risks due to recency bias. That’s only one way in which our experience with the pandemic has pushed people’s planning and thinking in the wrong direction. Another repercussion of COVID is, we’ve noticed that some of our clients have concluded that the measures they took in response to the pandemic have left them fully prepared for all possible operational risks. This type of thinking has led some companies to develop a false sense of security.
In fact, at many of these organizations, long-term risks such as system outages caused by cyber events, human errors, and technological-implementation errors still have the potential to impact operational capabilities.
And last one point pertaining to the end of the pandemic: In situations where unwilling employees are required to return to the office, the potential exists for resentment, division, and damage to morale. This could potentially lead to new operational and financial risks. The prudent planner will take this possibility into account.
The following are some steps you could take to help your company manage its risks across the board:
In analyzing and managing risk, organizations must guard against letting recent past events over control their current thinking. While operational and financial risks may pose the most immediate threat, businesses must balance concern for those areas with vigilance about the other types of risk: strategic, compliance, and reputational.
Companies should assess their risks across all five areas and identify those with the highest probability of occurring and the greatest impact if they did occur. The suggestions given above point the way toward a rational, comprehensive approach to assessing and mitigating risk.
For more information on risk management, and other hot topics in business continuity and IT disaster recovery, check out the following recent posts from MHA Consulting: