Not enough testing is being undertaken on organisational risk and crisis plans, new research conducted against the backdrop of COVID-19 has found.
The Risk Management Survey, compiled by the Governance Institute of Australia in conjunction with PKF, surveyed 393 professionals in March 2020. Respondents included governance and risk management professionals, CEOS and C-suite professionals.
Not enough testing of risk and crisis plans
According to the research, almost two in five (40 per cent) of businesses are not regularly testing their risk and crisis plans, and just 11 per cent are regularly running scenarios around risk events to test how the organisation and employees will respond.
The results are troubling, and in the wake of the global coronavirus pandemic and on the back of Australia’s extreme bushfire season, Governance Institute CEO Megan Motto said that being actively prepared for risk must be a “major priority”.
“COVID-19 has exposed some significant gaps in many organisations’ crisis management and business plans,” she said.
The research also found that 60 per cent of respondents said they consider damage to brand or reputation to be among the top five risks over the next three years, with 59 per cent concerned by the impact of policy change and regulatory intervention.
Moreover, cybercrime featured in the top 10 identified risks (50 per cent of respondents nominated this as among the top five risks over the next three years), as did talent attraction and retention (48 per cent), disruption and failure to innovate (44 per cent), economic shock (40 per cent), employee conduct (39 per cent) and risk from increased competition (37 per cent).
The results offer needed insights into the current risk landscape for Australian businesses and organisations, Ms Motto insisted.
“Risk management issues have been pushed high up the agenda for so many organisations. It has been an extraordinarily difficult year with new risk challenges being thrown in the mix almost constantly,” she posited.
Other key risk findings
Elsewhere in the research, staff conduct (including corruption and bribery, and harassment/discrimination issues), legislative change and regulatory change (and intervention) were found to be risk issues that are currently being best managed with more than 50 per cent rating their management of these issues as “excellent” or “very good”.
“However, the risk associated with talent attraction and retention (including risks around visa rule changes for foreign workers), the threat of disruption (including technological disruption) and failure to innovate, the risk around environment and economic shock (including climate change risk) were the issues with the highest number of fair or poor ratings (more than 35 per cent),” Governance Institute noted in a statement.
Moreover, 51 per cent said their risk management framework incorporates whistleblower protection and a further 26 per cent include it elsewhere.
Only 15 per cent do not include whistleblower protection, which shows that organisations are committed to facilitating whistleblowing, which has been found to be an effective way to mitigate the risk of staff misconduct.
Finally, only 22 per cent said they incorporate modern slavery obligations in their risk management framework, and 19 per cent said that it is included elsewhere. Thirty-seven per cent of respondents said that it is not part of their framework.