Globally, governments have been forced to act quickly in response to COVID-19 and to find new ways of working. In many instances this has been effective, but it has also come at the expense of some of the usual rigor and diligence that is expected and required of governments. To support people and economies, governments have had to relax spending rules, implement changes rapidly and take shortcuts that may expose them to risk.
The risk landscape in the post-pandemic new reality will likely be one that has accumulated through each phase of the crisis, for instance:
The recovery phase is posing a new set of risks in balancing health and economic imperatives, embedding alternative delivery methods (e.g. virtual courtrooms and wider transformation programs to maintain the pace of change).
Short term urgent issues need to be identified and patched up. Services and systems need to be tested for cyber weaknesses, processes need to be reviewed to give leaders assurance and the control environment needs to catch up with the new reality to help ensure that government processes are secure, robust and effective.
In managing risk, leaders should ensure that the control environment accelerates rather than forcing the business of government to slow down. Digital tools enable live reporting so government should become comfortable using that information to make decisions, rather than returning to reliance on lengthy, retrospective program reviews and academic evaluations before acting. In testing for payment integrity and compliance, governments can leverage analytics and rules engines to quickly identify suspect applications to focus the time and effort of their teams
With organisational structures up in the air, leaders need tools that give a current and clear understanding of how risks affect the operation of their business. Across large and complex organisations, a cyber-attack will have wide operational consequences and leaders need to understand potential weaknesses and impacts to be able to prepare for them. The same applies as large government programs adapt to the new reality. This work will likely come under significant scrutiny to achieve value for money, so leaders need a live view of progress, risks and confidence levels in program outcomes.
In addition to the internal control environment, COVID-19 has also fundamentally changed the external risk landscape and is expected to continue to do so. In taking direct roles in economic management by guiding how economies can open up, governments have taken an active role in safeguarding the health and livelihoods of their populations. Additionally, they will need to navigate complex policy factors arising from the crisis such as inequality, growth, sustainability and climate change
In this dynamic risk landscape, the previous understanding of risk as a static multiple of likelihood and impact no longer works. A risk register approved the week before may well be out of date, leaving leaders vulnerable when making decisions. Leaders need a current picture of their whole risk landscape, which reflects the interrelationships between risks, the contagion factor between those risks and how those risks will develop over time. Risk analytics tools and capability that convert live data from changing risks can enable leaders to be informed but still act fast.
Clearly the risks that governments face have changed significantly, both in terms of their people, operations and service delivery. Leaders need to have a clear and current understanding of risk across the organisation to be able to plug critical gaps, reform their appetite and build a new approach. Government has previously been risk averse and taken a necessarily conservative role behind the pace of society, but in the new reality the sector needs to become comfortable leading.