Wars, terrorist attacks and also pandemics, such as influenza A in 2009. The risk management departments of large companies had all kinds of potential risks to their activity on their radar, but the intensity of Covid-19, which is about to turn one year and has caused the deaths of more than 2.3 million people, has exceeded all forecasts. When the pandemic passes, a new conception of the risk management department will remain, which prioritizes the strategic over the operational.
The effects of Covid-19 on business risk management, an area where sustainability policies and technology also have a role to play, featured in a recent meeting organized by EL PAÍS Retina and Five days in collaboration with Deloitte. The speakers, moderated by José Antonio Vega, director of the newspaper, agreed on the growing importance of risk management, which is increasingly evident both in the boards of directors and in the management committees.
“Risk management in Senior Management is becoming a tool to direct the strategy of companies in a sensible and sustainable way”
Ricardo Martínez, partner of Risk Advisory at Deloitte, responsible in Spain for Strategic Risks and Global Risk of the Consumer Industry.
If we talk about risks, the first thing the company has to preserve is the continuity of its operations itself, something that was always taken for granted … until the almost complete stoppage of economic activity last spring. But there are many more risks to face, such as physical security, cybersecurity, environmental, reputational or third-party risks, as a supply chain is only as strong as its weakest link. For this reason, for Ricardo Martínez, partner of Deloitte Risk Advisory, responsible in Spain for Strategic Risks and Global Consumer Industry, “we must not speak of risks as silos, but as something interconnected”. This close interaction therefore generates “risk intelligence, an area in which technology, through Artificial Intelligence, will have a lot to say in the future.”
Faced with this need to connect the dots and have a broad and dynamic vision, there is “the problem of the bureaucratization of the risk structure”, in terms of José Luis Serrano, director of Internal Audit at Ilunion, “which then ceases to add value . The work of those of us who are dedicated to this is to integrate all that management of the different risks to facilitate the management and decision-making of senior management ”, said the representative of the business group linked to ONCE.
“In an environment of high uncertainty, adequate anticipation and comprehensive management of risks by the Board of Directors and the management team is essential”
Xavier Angrill, Partner at Risk Advisory and head of the Deloitte Center of Excellence for Corporate Governance.
“We no longer work on risk as something static, now everything evolves at an ever faster speed”, highlighted Dimitris Bountolos, Chief Information & Innovation Officer of Ferrovial.. Therefore, “we cannot be hostage to static models; static and deterministic conceptions prevent you from giving adequate answers ”.
“Risks evolve at an ever faster rate, with cross impacts that give a very different picture. We cannot be hostage to static models “
Dimitris Bountolos, Chief Information & Innovation Officer of Ferrovial.
More difficult, more important
Risk management has become complicated, but, at least, it has gained more respect and weight within large companies. Martínez stressed the change in the role of risk management at the company level, from operational to strategic, as a consequence of the pandemic, an idea that other speakers also highlighted. Rufino Pérez, COO and director of NH Hotel Group, was convinced that these last twelve months “will serve to understand that risk management has a strategic and permanent value. They are not a procedure or something exogenous, but something that must be incorporated into day-to-day management in a natural way ”. “A change is perceived at all levels of companies and now there is more collaboration: it is no longer a nuisance that Risks appears,” said Mercedes Barreiro, director of Systems and Digital Transformation at Grupo Vithas, who is dedicated to private healthcare.
The prominence acquired by risk management has also had an effect on the dynamics of the relationship between the boards of directors and the management committees, according to Xavier Angrill, partner at Deloitte Risk Advisory and the head of the Center of Excellence for Corporate Governance. : “The directors are concerned about the speed of transformation of these risks and, consequently, about the company’s ability to anticipate.”
“Risk management has to be incorporated into the day-to-day, naturally and not as a procedure. Risk management has a strategic and permanent value. “
Rufino Pérez, COO and director of NH Hotel Group.
From that concern comes a greater approach of the boards to the executive management, says Angrill: “The pandemic is changing many things, from the attitude of the client to the attraction and retention of talent. There is also more focus on ethics and business culture ”. With these new conditions, the traditional model, in which the Council carries the long lights and the steering committee, the short lights, must adjust “towards a more hybrid relationship.” And tangible changes are already taking place: “Counselors have to be experts in more and more subjects, and they feel dizzy. So they are surrounding themselves with experts that subjects that before, when everything was much more financial, were considered less important ”.
Another reflection in the corporate governance of this phenomenon is the greater weight of the Sustainability commissions, a concept even more on the front page “due to the increase in environmental awareness as a consequence of the Covid”, as highlighted by Ricardo Martínez.
“Risk management was once an almost theoretical discipline, and now it is strategic. It becomes more important in managing uncertainty “
Luis Cabra, General Director of Energy Transition, Sustainability and Technology at Repsol; Deputy to the CEO; member of the Executive Committee.
How are sustainability and risk management related? For Rufino Pérez, “If we are proactive in risk management, we will take an important step forward in sustainability”, understood in its broadest sense, “guaranteeing the viability of the business and its contribution to society.” “A common agenda has been created that combines sustainability and risk management,” said Dimitris Bountolos, Ferrovial’s Chief Information & Innovation Officer. “Sustainability is not an option or a dynamic that is imposed on us, but a lever to improve productivity,” he said.
“The environment is changing, technologies allow us to gain ground and we have to be very sensitive. It is a global responsibility, although some national regulations lag behind, ”said Bountolos.
“In cybersecurity, many do not want to hear about risks, they only want it to be fast and cheap. But the mentality is changing and now there is more collaboration ”
Mercedes Barreiro, Director of Systems and Digital Transformation at Grupo Vithas
But it is not just a regulatory issue; the so-called ‘social license’ also comes into play. Luis Cabra, Repsol’s General Director of Energy Transition, Sustainability and Technology, attached to the CEO and member of the Executive Committee of the energy company, highlighted the example of Blackrock: The world’s largest fund manager announced in January 2020 that it would put sustainability at the center of its investment decisions. “Large companies have to meet a series of criteria not only to obtain a social license to operate, but also for shareholders to invest in us. All of this requires a very analytical and down-to-earth risk analysis, looking at five years, but also at 2050, ”said Cabra. “Society demands integrity and ethical decisions, which do not only think about the benefit of the company, and the boards take this into account,” explained Angrill.
The growing importance of sustainability comes, sooner or later and with different intensities, to regulation. It is something key in the management of sectors such as energy, in the spotlight for the fight against climate change, but it goes beyond the rules. There is a reputational risk that also depends on less tangible factors. “The issue is not regulatory compliance,” said Serrano, of Ilunium, “your reputation depends on the people you interact with perceive your authenticity. If that authenticity is not perceived, you are going to have problems “
“The issue is not regulatory compliance. Your reputation depends on the audiences you interact with perceiving your authenticity, and that goes beyond regulatory compliance ”.
José Luis Serrano, Director of Internal Audit at Ilunion
Risk management consequently entails the analysis, surveillance and management of all kinds of variables: from environmental regulation to the labor practices of a supplier in Asia, through cybersecurity and the ethics of its senior managers. And the greater the uncertainty, as at present, the greater the need to manage risk. It is the lesson that many companies have learned from the pandemic, but it was already there waiting to be addressed.
Memories and lessons. Nearly a year ago now, risk departments, and the people who run them, saw detected threats go from paper to reality. Several of those attending the round table were in charge of piloting those weeks, and they recalled their feelings in this regard during the panel.
A huge impact. The risk of a pandemic was already considered by the companies, and several companies present, such as Ferrovial and Repsol, began to react to Covid-19 in the first two months of 2020. But what exceeded expectations was the depth of the impact. “We had all the risks contemplated, but what we were not prepared for were the tolerance thresholds that we had to reach,” summarized José Luis Serrano, Director of Internal Audit at Ilunion. “We have stopped selling coupons [de la ONCE] for the first time since the Civil War ”.
Combination of risks. Basic services, such as waste collection, water management and sanitation services, had to function normally. At the same time, the companies in charge of its management had to face, like so many others, liquidity problems, which in turn led to paralyzing investments and cutting expenses. And to top it all, as reported by Mercedes Barreiro, Director of Systems and Digital Transformation at Grupo Vithas, the ‘hackers’ seem to have taken it with sectors such as hospitals: “We have done, and continue to do, a tremendous job of prevention and projection, because each weekend we suffer the hobbies of these people ”.
Situation saved. In this often dramatic context, the existence of detailed procedures and advances in digitization allowed companies to operate with something quite close to normal. “The management committee made very quick decisions in those months, because there was no other option, without going through the Board of Directors,” said Xavier Angrill, head of Deloitte’s Center of Excellence for Corporate Governance. Now comes the time to readjust and take stock.