By Ken Weldin, Wayne Gilbert, Ken WeldinJoint Head of Audit
04 08 2020
At the beginning of March 2020, PKF partnered with the Governance Institute of Australia to carry out a survey of governance and risk professionals operating in the Australian market at that time, to identify the key pressure points for them both now and into the future.
The survey received close to 400 responses and identified areas that respondents felt they were prepared for and those they felt exposed to. Offering valuable insights into the risk landscape, the survey has revealed that almost 40 per cent of businesses are not regularly testing their risk and crisis plans — leaving them exposed and under-prepared for major crisis. The survey was conducted just as the enormity of COVID-19 was becoming apparent, but even then, some respondents were beginning to manage this risk.
COVID-19 is the ‘current storm’
- The COVID-19 pandemic has exposed gaps in the crisis management and business continuity capabilities of both businesses and governments.
- 39 per cent of respondents do not run scenarios around risk events to test how the organisation and its people will respond, and only 11 per cent do this frequently.
- 28 per cent said they felt their business was well prepared for the impact of COVID-19 and an equal 28 per cent said they felt their business was not well prepared.
- A key factor in these responses was the capacity, capability and willingness to work from home. As lockdown conditions slowly ease it will be interesting to reassess going forward what flexibility in this space will become the new norm.
Ken Weldin, PKF Partner noted:
“The message is loud and clear from this research: there is a long way to go and there is a lot to learn around improving the number of organisations who actually do scenario planning, never mind its effectiveness. Within that one scenario which may be forgotten is how to maximise business as usual.
The key risks that were keeping you busy in January and February are most likely still there so it is worth reflecting on what you may be forgetting about or de-prioritising with the understandable focus on COVID-19.”
Companies remain unprepared for the same risks
Respondents cited talent, the threat of disruption or failure to innovate, the environment, cyber and economic shock as the risks their companies were the least well prepared for.
The same results were recorded in last year’s survey. This suggests that, while respondents are aware that their organisations are lacking in these areas, they have not yet been able to make significant steps to address this over the last year.
Insufficient focus on environmental risk
The lack of focus on environmental risk is perhaps of particular concern as shareholders and society as a whole continue to prioritise this issue. Remembering 2020 started with a disastrous bushfire season it would be unwise for companies to overlook this risk in future.
Respondents cited damage to brand and reputation as their top risk over the next three years. It is worth considering that one of the most likely reputational risk factors over the coming years could come from a failure to address environmental concerns.
Exposure to modern slavery reporting risk
Thirty-seven per cent of respondents said they do not include modern slavery obligations in their risk management framework and only 22 per cent said they do include it. A mandatory reporting requirement on modern slavery risk has been introduced, which is applicable to a large grouping of Australian companies.
- Under the new reporting obligations, a modern slavery statement must be submitted within nine months after the end of the entity’s first full financial year that commences after 1 January 2019 (this was increased from six months due to COVID-19).
- The six-month deadline for reporting periods ending after 30 June 2020 remains unchanged.
PKF Partner, Baidy Laffan comments,
“It is easy to be distracted from our modern slavery obligations by the challenges arising from COVID-19. Unfortunately, these conditions put those most vulnerable within our supply chains at more risk than ever and businesses need to be ensuring they are actively monitoring this within their supply chains. Now more than ever we need to be leaning in to our social responsibility to protect these people.”
Fifty one per cent of respondents incorporate whistleblower protection in to their risk management framework and a further 26 per cent include it elsewhere. Only 15 per cent do not include whistleblower protection.
This shows that organisations are committed to facilitating whistleblowing, which has been found to be an effective way to manage the risk of staff misconduct. As the report states, this may relate to recent legislative change - from 1 July 2019 the whistleblower protections contained in the Corporations Act 2001 were expanded.
PKF Integrity's Wayne Gilbert comments:
“Whistleblowing, including the use of independent third-party hotlines continue to deliver positive results for organisations. Giving employees, and other eligible disclosers multiple channels for reporting is a sound method which can be utilised by organisations of any size.”
Structures need to be backed up with culture
It is easy to say you value risk management, as 84 per cent of respondents did, but in order for risk management to be effective it must be backed up with a strong risk culture.
- At times the voice of risk is not being heard. This is reflected in the survey findings: 43 per cent of respondents agree slightly that risk management is widely understood in their organisation, but 19 per cent disagree slightly and 7 per cent disagree strongly.
- All parties, boards, C-suite and risk professionals need to promote how establishing a risk function pays off across the organisation.
As with most risk areas flagged in this report, the ability to translate words in a risk policy or statement into a set of meaningful actions and controls remains the secret to effective risk management in practice and having it come to life across the organisation.
In conclusion, Ken comments;
‘At the heart of risk management as a discipline is the ability and capacity to manage change, and from that uncertainty. For many Australian businesses the recent six months have seen many challenges coming from changed circumstances and high levels of uncertainty.
Disruption from bush fires and, of course, now COVID-19 have seen many of our leaders open their communications with one word: Unprecedented.
Is there still hope for the risk management profession? Absolutely. A helpful starting point in re-pivoting risk functions across the country whether they be large or small can come from studying the themes and the lessons from the Governance Institute’s Risk Management Survey 2020.’