5 Ways to Set Your Risk Department Up for Success in 2023
A new year is an opportunity to start anew — not with an entirely clean slate but with the lessons from previous years. This concept also applies to risk professionals.
The beginning of the year is a wonderful time to evaluate the status of your risk department and create a strong foundation so you can set it up for success in the new year.
In this blog, we will provide some best practices to set your risk department up for success in 2023. Let's not waste any time and dive in!
1. Assess and update your internal processes.
An essential task a risk professional can do in the new year is to review your internal processes with a critical lens. Here are some questions to ask yourself:
How would you rate your risk department's processes for dealing with disruptions and new exposures in the past year?
What are some weaknesses in your current processes?
Does the current status quo and processes in place make sense?
How can you improve your internal processes to enable more agility in dealing with disruptive events?
If your answers to these questions reveal gaps in your operations or your processes no longer make sense, it's time to improve them and set a new system in place!
In the last few years, we've experienced multiple disruptive events, from the COVID-19 pandemic, supply chain issues, geopolitical instability, natural disasters, and unstable market conditions. All these events have lasting effects that will ultimately impact how 2023 plays out. And if these disruptions have taught us anything, it's that we need an effective and streamlined process that can help us weather unpredictable landscapes. The vital task of ensuring that your organization can handle these risks and exposures falls to the risk department.
To set your company up for success in 2023's business climate, you need to take time to analyze the effectiveness of your processes and how they have held up in the past few years. A team-wide policy and process review can identify gaps in your current processes and help you compare how your company stacks up to generally accepted best practices. By doing this, you'll be able to mitigate and improve your department's weaknesses, use insights to prepare for future disruptions, and create a strong foundation for your risk department to operate on.
2. Create incident response plans.
For the reasons described above, the last few years have been volatile and demanding for risk professionals. We've been reminded repeatedly that being prepared is not an option but a necessity.
Savvy risk professionals know that building organizational resilience doesn't happen by chance — but rather by choice through strategic planning and execution. One way to build resilience is by creating a robust capability to respond to incidents. Having necessary incident response plans in place will, in turn, inform your organization's business continuity plans.
You should put a lot of thought into creating your incident response plans and use them as a guide to help you withstand disruptions when it occurs. It's impossible to account for every single situation, but incident response plans will help you recover quickly in the face of damaging occurrences.
When creating these plans, it's important to account for the possibility of adverse events occurring simultaneously or in rapid succession. As you are drafting your incident response plans this year, remember to also account for these aspects:
Have effective crisis management.
Ensure that you'll be able to respond quickly.
Create a system that allows you to remain up-to-speed in rapidly changing situations.
Incident response plans equip organizations with strategies to handle a wide range of scenarios and to build resilience.
3. Strengthen communication within your team and with other teams in your organization.
In the world of business, we are constantly bombarded with the message that communication is everything. Communication is even more important for risk professionals since there can be a lot of confusion and misconceptions surrounding the work a risk manager does.
Within the risk department, it's imperative to create a space and culture where people feel safe to express their opinions and communicate with one another. This means ensuring that the risk department has seamless communication on what's going on inside the department and what each person is working on, as well as promoting collaboration within the team.
Effective communication is also a big component of business continuity plans. It's important to make sure that your risk department is on the same page for the most part about how to handle risks. It's natural to have differing opinions but prioritize working together to figure out strategies the majority of your team can agree on.
When it comes to communicating with people in other teams in your organization, it is up to your risk department to communicate in a way that's easy to understand. Not everyone speaks the language of risk and insurance, so you have to break down what you're trying to convey in a way that people can understand and care about. Here are some best practices to do this:
Use easy, everyday terms instead of complicated language or insurance jargon.
Simplify risk management processes.
Demonstrate how certain risks can impact the person's day-to-day roles and responsibilities.
Show people why it's necessary to mitigate risks and how you plan to do it.
Build a case that shows the importance of risk management for the company's overall success.
It's also important to use data to drive your communications when you are conveying the health of your risk programs. Use data to draw a picture for people and showcase what you do.
Communication is the key to success for many risk departments. It will be what earns risk managers a seat in strategic conversations. Take the time this year to figure out how you can strengthen your communication within your team and with other teams in your organization. Once you improve your communication, you can work to build a more risk-aware culture in your company.
4. Make sure you have proper technologies and tools in place.
No matter where you've been turning your attention, Southwest Airlines have been making waves in the news for their holiday travel meltdown. A severe winter storm that swept through a large part of the nation was a catalyst for mass cancellations. However, Southwest had to cancel over 16,000 flights in an 11-day period, significantly more than any other airline.
Upon closer inspection, the reasons for the large-scale cancellations were due to the company's antiquated operating systems, from its flight coordination model to its internal scheduling systems. The holiday meltdown could potentially cost Southwest up to $825 million, and now, they're scrambling to upgrade their technology systems. Southwest could have avoided this entire crisis if it had upgraded its technology, but now, they are suffering from reputational damage that might take years to repair. Even if you aren't in the commercial aviation sector, there's a lot to learn from the entire debacle.
The first lesson is that there are a lot of new technologies out there that can help you do your job effectively. You may be used to the ways you’ve been doing things, but there are always new and better alternatives. Be open to exploring new technologies, and don’t let the fear of new technologies stand in your way. If you are slow to adopt new technologies, it may cost you more in the long run, which was the case for Southwest.
The next lesson from this mess is that it's important to implement procedures where you regularly review your tech stack and operating systems to make sure you have the necessary tools in place to succeed in your job. You can begin the year by ensuring you have what you need and identify any new tools you may need for the risk department for the rest of this year. With a periodic review throughout the year, you can identify gaps in your tech stacks early on and acquire any necessary tools to aid you in your risk management.
5. Have the right amount of coverage.
One of the essential parts of sustaining a business requires getting the necessary amount of insurance coverage to protect the organization from a wide variety of situations.
Even though this is a question risk managers grapple with every day, it's becoming more decisive in 2023 as we are still in the midst of an economic downturn. With precarious market conditions, the number of risks and exposures expands. Risk managers like yourself need to be prepared and create incident response plans for all kinds of scenarios as we previously mentioned, but you also need to protect your companies by buying the necessary and right amount of insurance. There can be dire consequences for not procuring the proper level of insurance, such as major losses, adverse impacts on operations, increased liabilities, and more.
You'll also want to avoid over-insuring your company, as this is a waste of money and resources at a time when the economy could force you to tighten your budget. Spend some time at the beginning of the year to make sure your company has the right level of insurance coverage.
Although the best practices we've highlighted throughout this article seem like a huge undertaking, do not be deterred by them. They are necessary steps to help you start the year off on the right foot. It will make all the difference as you navigate through 2023.
By taking the time to review and implement these practices, you can help your company minimize risks and exposures and build resilience no matter what the year throws at you. These best practices should not just be a beginning-of-the-year practice, but a continual process as things evolve over the year.
Wishing you the best in the new year as there's a lot of work to be done!