Underlying risks set to be exacerbated by COVID-19 pandemic
“Strategic assumptions” remained the top concern for senior executives in first quarter of 2020 as numerous other risks are set to be exacerbated by the current COVID-19 crisis, in Gartner’s latest Emerging Risks Monitor Report.
Gartner surveyed 107 senior executives across industries and geographies on the top concerns facing their businesses with results showing that “strategic assumptions” remained the top emerging risk for the second consecutive quarter (see Table 1). The survey was in the field from mid-February to early March of 2020 and reflects only the early stages of the coronavirus crisis.
“Executives had been concerned with the validity of their strategic assumptions well before the current crisis situation,” said Matt Shinkman, vice president with the Gartner Risk and Audit Practice. “The economic and operational fallout as a result of the global COVID-19 pandemic have forced many executives, particularly in the hardest hit industries, to start from scratch, even with a great deal of uncertainty still ahead.”
Crisis Forces Faster Reckoning with Emerging Risks
In addition to the damage caused to already shaky strategic assumptions, senior executives and their Enterprise Risk Management (ERM) teams now face a reckoning with many additional emerging risks that have become heightened from the current crisis. Three additional risks in the top five, cyber-physical convergence, the upcoming U.S. presidential election and the potential for macroeconomic stagnation have all taken on new dimensions and urgency as the crisis has worsened the global economic outlook.
“COVID-19 is a uniquely challenging risk for most organizations to manage in and of itself, but it also acts as a kindling that will spark adjacent risks into much greater intensity,” said Shinkman. “It’s clear that enterprise risk professionals will be stretched as previous ‘wait and see’ risks require urgent action today.”
Shinkman pointed to cyber-physical convergence as just one example of an emerging risk that has taken on new dimensions during the crisis. With an increasing number of employees forced to work from home, and a previous Gartner survey indicating that 74% of CFOs plan to make at least some portion of their in-house staff permanently remote, insufficient security practices around operational technology (OT) will only become more vulnerable and easy to exploit in this environment.
ERM Considerations for COVID-19
In additional conversations with more than 100 senior risk executives on March 27th and April 3rd, Gartner identified three common areas of concern and actions underway among this group:
- Business continuity – Heads of ERM report that they feel unprepared for long-term, ubiquitous remote work, and they are rapidly moving to update policies to manage risks from cybersecurity, privacy and decreased employee productivity, among others. A second business continuity concern relates to supply chain disruptions, with ERM leaders reassessing supply chain risks in real time and driving efforts to review contingency plans for dramatic disruptions.
- Impact on the risk universe – ERM leaders are currently grappling with how to classify COVID-19 within the risk spectrum and its impact on other pre-existing risks. Some teams have increased the frequency with which they meet with risk owners to better understand how the landscape has shifted since the emergence of the pandemic. Others are conducting regular COVID-19 updates to explain how risk ratings have changed. Heads of ERM also recognize that they will need to revisit/evaluate their organization’s risk appetite statement as a result of the pandemic.
- How ERM can demonstrate value – Many risk leaders are also reckoning with how to better drive action on risks such as pandemics, which were typically rated as a “low probability, high-velocity,” risk, and how to better drive action among their leadership teams for future risks that could be equally disruptive to their organizations. Some ERM teams are also taking an active role to ensure cost optimization efforts currently underway do not expose their organizations to excessive risks, nor drive excessive risk aversion.