The COVID-19 pandemic has had Australian business leaders scrambling to revert business continuity plans to the way they were in early 2020. While some organisations had disaster responses ready to roll, others had to learn the hard way that risk management can get very messy, very quickly.
If this sounds all too familiar, it may be time to put governance, risk management and compliance (GRC) at the top of your board's agenda.
We've identified five key chief operational risks to watch out for, specifically tailored to local enterprises in 2022 – and how you can best prepare for these risks.
Supply chain disruption
Supply chain issues have been standard in business for many years, and no signs point to them slowing down anytime soon. Regardless of the industry, the process of getting materials in and out of a business can run into trouble at any given time due to a variety of factors. Factory shutdowns and transport hold-ups can be tricky to predict but having end-to-end visibility of the entire value chain and supplier network can make it easier to foresee emerging risks and their potential impact.
ICT and cyber-risks
Throughout the pandemic, hackers and cybercriminals have refined their craft, with phishing and malware attacks becoming more sophisticated and frequent – and in turn, leading to costlier damage. Medium-sized businesses were liable for an average of approximately $33,000 per incident in FY2020-21, according to that year's Australian Cyber Security Centre's Cyber Threat Report. Businesses have also found themselves with significantly larger attack surfaces to protect, with remote work opening a new level of risk. Organisations with a comprehensive, well tested disaster recovery plan during a cyber incident will likely be better prepared for rapid recovery.
Complex extended organisation
In 2022, few businesses can say that they are not reliant on other organisations for business-critical goods and services. This third-party relationship can create significant efficiencies, but at the same time, can also create significant risks if a key partner is impacted by an accident or incident in the real or virtual worlds. Mapping the links between your business and others in its ecosystem can help to determine where risks lie.
Employee wellbeing & cybersecurity risks of WFH
The pandemic reinforced that irrespective of the nature of the business, employees are an organisation's most important asset. Since the start of the pandemic, millions of Australian workers have worked overtime to keep operations running smoothly. This was all done while transitioning to a remote work environment The shift towards work-from-home not just amplified the ongoing cybersecurity challenges but also put the employees at risk, disrupting their work and personal lives. All this had a direct impact on the employee productivity which in turn affected the overall business productivity. It also left many vulnerable to bad actors as we saw a huge increase in cyber threats as a result a rapid work from home deployment.
Environmental, social and governance issues
ESG has become the new buzz word in the corporate world today, emerging as an imperative that businesses cannot ignore. This stems from the fact that today, businesses are being held more accountable for their corporate practices surrounding environmental policy, societal practices, and board governance. Organisations that have implemented an ESG-enabled GRC platform have already taken a major step forward in being able to measure and report their ESG scores.
Harnessing the power of technology
Historically, the management of GRC has been a highly manual affair. But in today's complex, fast moving commercial landscape, the inadequacy of old school methodologies is becoming increasingly apparent. Leveraging advanced technologies and analytics to continuously monitor threats and vulnerabilities can help organisations improve their risk visibility and foresight. Additionally, it can help them develop a robust, recovery-centric mindset. In today's uncertain times, the investment in this modern technology, and in turn, operational resilience, and continuity, is one that few can afford not to make.