One year on from the Russian invasion of Ukraine, it is clear geopolitical uncertainty is here to stay. Boards should act by ensuring their organisations have robust scenario-planning processes in place. That is one of the key messages for boards coming out of the new Chartered IIA and Airmic report ‘Navigating Geopolitical Risk’.
The report is aimed at encouraging boards, internal audit, and risk management to collaborate more closely and build resilience for an increasingly challenging world of interconnected risks. The report makes several key recommendations for how boards, internal audit, and risk management can work together and tackle geopolitical risk.
When I speak to people working in audit and risk, including non-executive directors that sit on Audit and Risk Committees, I am sometimes told that geopolitical risk can seem like quite an intangible risk. But a key point to make is that geopolitical risk should not be viewed as a standalone risk or one that sits in a silo. Instead, it should be viewed as a strategic risk, one that exacerbates and intensifies a myriad of other business-critical risks. For example, sanctions have exacerbated legal, regulatory and compliance risk. Cyber-attacks originating from hostile states mean organisations are now facing an increasingly weaponised cyber-attack landscape. Supply chains are being disrupted like never before and organisations reputations are on the line unless they act swiftly to end their links with hostile states. At the same time the spike in energy prices is a threat to organisations’ financial stability and in some cases their very survival – the thirty energy suppliers that have recently gone bankrupt is a case in point. This means boards need to work with their internal audit and risk functions to make sure that geopolitical considerations are integrated into how the organisation manages and mitigates this vast array of interconnected risks.
In ensuring that organisations are prepared for unforeseen geopolitical incidents having robust scenario-planning and horizon-scanning plans and processes in place is critical. None of us can predict future geopolitical events or has a crystal ball – but we can do scenario planning. By making plans based on plausible potential events, organisations can be better prepared to weather geopolitical disruption. Simulation exercises and practice are therefore vital in managing and mitigating geopolitical risk. Pandemics have happened before, wars in Europe have happened before, financial crises have happened before, so there is no excuse not to plan and be prepared for when the worst does happen.
With two ‘once-in-a-generation’ events happening in quick succession in the last few years alone, first the pandemic followed by the invasion of Ukraine, boards must be agile in responding to crises. The board should work with internal audit and risk management and seek assurance that the organisation is in a permanent state of readiness. This should include ensuring robust business continuity and crisis management plans and processes are in the place, that are reviewed and updated regularly so they remain relevant and fit for purpose.
As geopolitical tensions continue to rise around the globe, now more than ever, boards must collaborate with internal audit and risk management to navigate more risky, volatile, and uncertain times and build greater resilience. In this new era of geopolitical uncertainty, there can be no doubt that boards need to ensure their organisations are adequately prepared for continual disruption from geopolitical incidents.
Related post: Risk 2023: the “perfect storm” of risks faced by boards
Written by Gavin Hayes, Head of Policy and External Affairs at the Chartered Institute of Internal Auditors and one of the co-authors of ‘Navigating Geopolitical Risk’ available to download at www.iia.org.uk
Not yet a NEDonBoard member? Join us today and become part of a large community of talented professionals operating at board level, sharing wisdom and insights so we collectively accelerate global sustainable development.