risk assessment

Assessing Business Risks in Trying Times

Enterprise risk assessment professionals seek out dangers before troubles start.

It may be an understatement to say that businesses are currently operating in uncertain times. The COVID-19 pandemic has companies of all sizes, in mostly all industries, in survival mode as they cope with multifaceted concerns ranging from the health of employees and the implementation of remote working strategies, to cash liquidity and the overall economic impact of business shutdowns. 

The global pandemic is unprecedented, but companies that have been continuously undertaking business or enterprise risk assessments may be weathering this economic period better than others. With the help of risk assessment experts, they have looked at the various segments of their operations and taken the remedial steps of safeguarding all aspect of their companies. 

Brian Schwartz, a risk assurance partner at PwC US, explains that a business risk assessment is “a process for identifying and prioritizing key business risks at any given point in time as the company strives towards its strategic plans or objectives.” 

PwC’s risk assurance practice is comprised of more than 3,500 professionals in the US and 16,000 globally. According to Schwartz, these professionals examine various business processes when conducting a risk assessment audit. These include: strategic processes – transactions such as acquisitions and divestitures, the roll out of new products or services, or shifts in the political environment, for example; operational – which looks at a company’s day-to-day functions, including human resources, IT and more; financial – which delves into regulatory financial reporting, financial market risks, and interest rates (anything that drives the financial decisions that a company makes); and compliance – which deals with internal policies and procedures plus external laws and regulations. 

Regarding a situation such as the COVID-19 pandemic, Schwartz candidly says, “Pandemic risks are something we have always covered in risk assessments, but they have always been considered ‘black swans’ by clients, meaning that even though [pandemics] would have super high impacts, they were [seen as] very unlikely to happen. … As we see with COVID-19, there are no more black swans left in the world.” 

Schwartz says that 10 years ago, risk assessments were conducted annually. “Today,” he says, “companies change rapidly due to, for example: advanced technologies, which change internal and external processes; or acquisitions that shift business models where, for example, a tech company may find itself providing banking services, or a retail company may find itself providing healthcare services. Because of this, businesses are conducting risk assessments on a quarterly basis.” 

In coping with the coronavirus, Schwartz explains PwC is pushing out real-time information to clients. “We’ve been spending the past weeks putting [PwC experts] together to provide thought leadership. Businesses have to look at this as a way of getting control of their crisis management programs,” he says. 

PwC has been conducting a rolling COVID-19 CFO Pulse Survey. Results from the most recent one reveals that businesses are focused on managing cost, liquidity and trying to reassess what business demand will be like going forward. 

According to Tim Ryan, PwC chair and senior partner, “Every model or all past indications don’t work in this [current] environment. Figuring out where customer or consumer demand is going to be is a challenge going forward. … Many companies [are] … also making sure they’re taking actions that would skew more towards planning for the worst to make sure they do everything they can to make sure [they] survive and even thrive in this environment.” 

Meanwhile, at international consulting firm Protiviti – a subsidiary of Robert Half International – risk assessment solutions span critical business problems in technology, business processes, analytics, compliance, transactions and internal audits. Charles Soranno, managing director of the company’s Woodridge office, says that risk assessments are “a validation of a company’s operating model and make sure the vision of that model is scalable in the future.” 

Given the current pandemic, Soranno says Protiviti’s clients – 60% of FORTUNE 1000® companies and 35% of FORTUNE Global 500® companies – are mostly concerned with their employees’ health and safety. “We are addressing their needs from a practical human perspective and business perspective,” he says, adding that (at press-time) he has not seen any large-scale business shutdowns, just companies transferring employees to work from home. 

In one of Protiviti’s “Insights” reports found on its website, the company offers the following suggestions for businesses to consider when responding to COVID-19:  

  • Foster an environment for new leaders to emerge in these extraordinary times 
  • Take advantage of the opportunity to learn about working remotely 
  • Focus on and connect with customers 
  • Make sure you have the [technical] tools to play 
  • Make it a priority to regroup periodically 
  • Keep employees informed constantly 

Asked if there is anything that concerns him regarding the further impact COVID-19 will have on businesses, Soranno says, “It’s the uncertainty … when are things going to peak?”

Whatever the case, firms such as Protiviti and PwC are busy assessing the risks companies are facing today and will face tomorrow. 

Overall, how important are risk assessments? According to PwC’s Schwartz, “If a company doesn’t monitor, assess and manage risk on a continuing basis, it will cease to exist.”

Board Actions During the COVID-19 Crisis 

Through calm and steady guidance, board members can provide clarity and confidence.

In a recent “EY Center for Board Matters” report, the multinational professional services firm focused on what a corporate board should do to “provide strategic insight, oversight and foresight across short- and long-term horizons while continuing to exercise its fiduciary responsibilities.” The report offers the following considerations:

Clearly communicate a strong tone from the top … validate that crisis-related decisions, actions and communications are consistent with the company’s purpose, culture and values. 

Verify that management is taking the appropriate actions to identify and manage material contractual commitments, insurance agreements, covenants and other obligations from both a legal and practical business perspective. 

As companies shift to alternative and remote working arrangements, reassess key communication, operational and financial systems to confirm IT resiliency and appropriate levels of cybersecurity and data privacy, and that key controls are operating as intended. 

Maintain appropriate protocols and information flow with management and external advisors. 

Continuously challenge the scope, composition and decision-making authority of the company’s crisis management team to enhance its capabilities and effectiveness. 

As business models are adjusted to address the crisis in the short term, challenge how those changes uncover new opportunities along with operational effectiveness and efficiencies over the long term. 

Obtain timely updates related to the company’s emerging risks and material threats, vulnerabilities and potential impacts, and adjust risk appetite and tolerances accordingly. 

Once the crisis is mitigated, conduct post mortems and assess lessons learned, including how the company’s business continuity plan is working and what actions the company needs to take to help build resiliency for future events. 

To access more business news, visit NJB News Now.

Related Articles: