Assessing risk in a dynamic environment

Risks are always heightened during times of significant change.  Given the amount of disruption to business models, supply chains and working practices thrown up by the pandemic, it is critical for organizations to fully and proactively assess risks which may have built up over the past 18 months.

This is precisely the time where visibility of key risk areas would be most beneficial, but with remote working continuing for much of the world and international business travel remaining practically impossible for almost all routes, this poses a unique set of challenges for those tasked with risk mitigation.

While the cat’s away…….

Every organization has risks which have the potential to keep senior management awake at night. Pre-Covid, one important part of the risk mitigation toolkit was sending in control functions for on-site visits, be that internal audit looking at financial risks or auditing off-system processes, checks on suppliers such as due diligence, quality checks or exercising audit rights. As one example, we have repeatedly seen that an in-person supplier conference can be helpful in rooting out collusion and kickbacks, with the added benefit of visibly introducing competitive tension to the procurement process.

While some organizations have decentralized legal and finance functions, the reality is that for many companies there is necessarily a certain level of centralization in critical control functions including finance, legal, internal audit and IT. The inability of senior legal counsel or compliance teams to visit, conduct on-site investigations or simply be a visible presence, creates additional pressure on regional or local personnel who are often less likely to have the title or weight behind them to exercise control and hold senior executives to account. This environment creates a heightened risk of stored-up problems.

What risks should be front of mind?

  • Accounting or financial reporting fraud is usually considered a low likelihood, high impact risk. In times of increased uncertainty or financial distress, the pressure on financial results becomes a significant risk factor. Aggressive accounting issues can snowball over several quarters into material issues which are highly damaging to the organization and its investors.
  • Procurement fraud involving collusion is a perennial risk. As with accounting fraud, the pressure on suppliers to keep contracts is heightened during difficult or uncertain times, particularly if the contract represents a material part of the supplier’s business. Organizations can be reluctant to address procurement fraud due to the potential disruption to supply chains and operations. This needs to be weighed against the risk of selecting the wrong supplier. When suppliers are selected for unethical reasons the impact on quality, safety and ability to deliver on the contract can be overlooked, as well as the financial leakage involved.
  • Sanctions and export controls is a highly dynamic area  where the landscape has changed significantly given recent shifts in US foreign policy in the past few years. Up front analysis to understand supply chains is worth the investment in order to be in a position to quickly assess current sanctions exposure, and mitigate the risk of penalties and supply chain disruption as new entities are added.

What can be done to mitigate risks?

In the medium-term, the trend towards hybrid or fully-remote working and reduced business travel seems irreversible. This means an even greater onus on digital transformation. The shift is likely to bring certain advantages from a compliance perspective, with fewer off-system processes, better visibility and accountability, and higher data quality to help detect issues proactively.

In the short-term, timely messaging from senior management on the organizational commitment to zero tolerance of unethical behaviour, twinned with direct communication to control functions in higher risk areas to prompt deeper consideration of key risk issues will help empower and assist with early identification of potential concerns before they escalate into significant financial, regulatory or reputational issues.