What We Think
November 9, 2020
Making organisations more resilient in difficult times
Nobody wants to hear the dreaded word recession. However, there is no denying that the COVID-19 pandemic, and the shutdown measures issued to contain it, will contract economies around the world. The economic outlook is highly uncertain and several reports are predicting the global economy to shrink by as much as 8% this year, followed by a sluggish recovery in 2021. Over the course of the past months, boards of directors have become increasingly aware of their responsibilities related to effective overight of enterprise-wide risk management processes.
Organisations factoring risk into their strategic planning process are already taking steps to help them subsist the unravelling economic downturn. Enterprise risk management (“ERM”) helps an organisation to become more proactive and identify the areas of their organisation which will be most impacted by a downturn. Robust ERM processes equip organisations with the ability to prepare and adapt to the difficulties an economic downturn brings with it.
Many organisations are seeking to develop processes which provide management and the board of directors with valuable data about potential events which may affect their organisation. Whilst most organisations monitor a number of Key Performance Indicators (“KPI”), these indicators shed insights about risk events which have already impacted an organisation. Boards are therefore looking to develop a set of metrics, which help monitor potential new emerging risks. These metrics are frequently referred to as Key Risk Indicators.
Key risk indicators (“KRI”) are critical predictors of unfavourable events and may generally act as early warning systems, triggering management to potential risks. They monitor changes in the levels of risk exposure and contribute to the early warning signs that enable organizations to report risks, prevent crises and mitigate them in time. Developing effective KRIs is crucial to the attainment of an organisation’s objectives. Linking the top risks to core strategies helps identify the most relevant information, that might serve as an effective leading indicator of an emerging risk.
A crucial component of any KRI is the quality of the data available to monitor a specific risk. Close attention should be paid to the source of the information, whether this is internal to the organisation, or whether is it drawn from external sources. Existing sources of information are likely to exist and may help inform the choice of KRIs to be used. Internal data related to prior risk events may be readily accesible, providing information about potential future exposures. Having said this, internal data will not be available for various risks, especially those which have not been previously encountered.
Data relating to risks which have had significant impacts on business is likely to arise from external sources. Varying economic condication, shifts in interest rates and the introduction of new regulatory requirements and legislation are all examples of potential risks arising from external sources. KRI data sourced from external and/or independent parties provides the benefit of objectivity An example of an economic related KRI where sufficient data exists for organisations to monitor is market volatility. In this case, if the indicator reaches a certain threshold, it could serve as a warning sign that a downturn is in its early stages. This will prompt a board of directors to determine how to mitigate the risk to ensure it does not develop into a bigger problem.
Risk is part and parcel of business. It is becoming increasingly rare to find businesses where discussions on risks are not becoming inherently frequent. Designing and setting up KRIs is critical to a successful ERM process. While the potential advantages of creating an effective set of KRIs has been highlighted, it is equally important to set the design elements and protocols for their proper communication and flow within the sphere of corporate governance.