Published

Five key things to consider for Risk Management in 2023

From global to local, macro to micro, we look at the 5 keys shaping the future of Risk Management in 2023.

2023-04-12Author: Ansgar Toscha

Bio: Principle Consultant Ansgar Toscha has 20+ years of experience as an ERM/GRC Supply Chain Risk Management expert and is the author of ‘An Introduction to Enterprise Risk Management’.


Author: Cornelia Flodell

Bio: Specializing in risk and continuity management, Cornelia supports municipalities and global enterprises’ Risk Management and Business Continuity Management.Above all else, what are the top trends shaping risk management in 2023 and what should you keep in mind as you look to navigate the upcoming threat landscape?

Find everything you need to know for the year ahead in this almanac written by 4C risk experts Ansgar Toscha and Cornelia Flodell.While early last year, the risk landscape in a post-pandemic world was a key consideration in risk management, much has happened since to exacerbate this.

The outbreak of war in Europe has led to a humanitarian crisis and had a profound impact on the global geopolitical situation and with that, the risk landscape. The disruptions to supply chains caused by the pandemic have been compounded by these events, while the energy crisis has increased the cost of living and the costs for business, significantly.

As risk experts, our job is to support organizations in identifying and preparing for such events. Even if many risks aren’t new their timing, scale, and speed can be challenging to predict. In today’s volatile, ever-changing world, where events have a geopolitical and macroeconomic impact, the margins for mistakes are smaller. A systematic and structured risk management process is crucial to ensure important risk events do not pass under the radar and that they are adequately assessed.

So, what key things must organizations consider for their risk management in 2023?

5 key trends shaping risk management in 2023

  • Supply chain disruption
  • Macroeconomic development
  • Continued reliance on IT
  • New regulations
  • Managing risk in a state of Permacrisis

Take control of Risk Management

Ansgar Toscha, Principal Consultant, has over 20 years’ experience as an ERM/GRC supply chain risk management consultant and author of ‘An Introduction to Enterprise Risk Management’. We speak to Ansgar about why risk management is so important and how the 4C risk management model can help with better business decision-making.

1

Supply chain disruptions

Let’s start with supply chain disruptions, which will remain among manufacturing organizations’ greatest risks and may even increase moving forward. As the globalization of markets continues at pace, these organizations have a greater reliance on global supply chains. This, in turn, makes them more susceptible to geopolitical issues and events that occur far from their place of business.

In other words, the Butterfly Effect can be devastating in business. For some, make or buy decisions that were previously ‘off the table’ have become key strategic agendas, as their outsourcing exposure has increased.

Further supply chain related topics to consider are:

>

Third-party risk

Organizations relying on a single or sometimes even sole source supplier must have control of their suppliers. Where possible, finding an alternative supplier (or bringing production inhouse) is necessary. When looking for new suppliers, a thorough audit should be conducted to ensure suppliers have the right systems, contracts and safeguards in place to deliver on time and at the expected volumes and quality.

>

Lack of resources and commodity pricing

From rising raw materials costs, such as oil and metals, to shortages of skilled labor, the lack of resources and commodity pricing is becoming a growing risk in many industries. This may limit companies’ ability to meet customer demand and complete projects. Proactive sourcing, resource optimization and supplier relations strategies are imperative moving forward to protect an organization.

>

Security of supply

Supply chain concerns have had a trickle-down effect as manufacturers’ clients have started requesting delivery guarantees, leaving producers even more exposed. Securing the supply chain becomes business critical. Understanding the entire supply chain and exactly which organizations are involved and what may impact delivery must be reviewed on a regular basis. Can you trust your suppliers’ third-party suppliers? Do they meet all relevant regulations? Again, having a contingency plan in the form of another supplier is good business practice, particularly if you have customer guarantees in place.

>

Increasing need of safety stock

During the pandemic, it became clear that organizations may have to limit their dependencies on suppliers and logistics and instead increase their stock of critical materials and supplies. Something that continues today in certain industries. The just-in-time principle can no longer be relied upon if you want to guard against business disruptions. This, of course, comes with additional financial risks as asset and storage costs increase.

2

Macroeconomic development

Rising inflation and higher expenditure have reduced many people’s spending power, which is having a considerable impact on businesses across the board. With salaries not rising in line with inflation, large-scale strikes and walkouts are taking place at many public organizations and critical infrastructure providers, causing disruptions to businesses. At the same time, consumers are looking to cut costs, which reduces demand for goods and services, a chain effect that leads all the way to the demand for raw materials.

Businesses must plan for this and look to identify costs-savings if and when they need to be made. For some companies however, such times can be a period of growth, your risk appetite will define which strategy you take.

3

Continued reliance on IT

IT resilience is a perennial focal point that should always be top of mind as the ever-increasing reliance on IT sees organizations’ exposure to data breaches and other cyberthreats grow. Businesses today must map IT dependencies as part of their risk framework, and have a well-thought through strategy and contingency plan for managing cyberattacks, no matter the severity.

How to build Cyber-Resilience

4C Strategies integrate IT risk, disaster recovery and crisis management, to go beyond mere technological solutions towards an organisation-wide culture of cyber resilience. Book a free consultation with one of our consultants to discuss your requirements.

4

New Regulations

New regulations, such as the Digital Operational Resilience Act (DORA), the Critical infrastructure Risk Management Program, and EU Taxonomy, are forcing organizations to improve their understanding of their operations, and in particular, the wide-ranging impact they have on the markets, providers, the environment, and customers. Understanding what the regulatory landscape demands with new regulations will be crucial.

Organizations will need to know:

  • What are the risks to the business with this?
  • Will findings impact costs, supply chains, the services you supply?

As these regulations trickle down to other industries, many more organizations will have to evaluate the risks to their operations and take appropriate action to comply.

5

Managing risks in a state of Permacrisis

In the past, risk management practitioners could evaluate the likely impact of one crisis and what would be required to mitigate or control it. The domino effect of a crisis, i.e., one causing another, has long existed, but we are now beginning to see unrelated crises coinciding in a state of perma-crisis, in which we are never far away from the next critical event.

A good example of this being the pandemic and the Suez Canal blockage, two unrelated events that had a devastating impact on supply chains. Organizations must be prepared for multiple crises, in their risk management and in their mindset.

How do you ‘permasolve’ a permacrisis?

Collins dictionary has revealed the official word of 2022, ‘permacrisis’. Is this just a sign of the times, or does it reveal a widespread vulnerability in crisis response?

In conclusion…

A standardized organization-wide view of risk is instrumental for identifying the right risks and making accurate assessments. This means moving beyond traditional risk management models, which only analyze likelihood and impact; and instead, looking at the overall exposure by defining control effectiveness over risks.

In order to stay vigilant and continue to grow in the current market climate, organizations must gain control of their risks. And the best way to do that is by utilizing a risk model that incorporates control, as well as a data-driven digital tool that promotes an organization-wide approach to risk and covers the entire resilience ecosystem.

Categories

Recent news & insights

Subscribe to our Newsletter

Related articles

Get in touch

Book a demo or receive information regarding our solutions

Contact us