COVID’s Risk Planning Lessons

CIOs are at the forefront of the winds of organizational change due to the COVID-19 crisis. What is their response?

To many respects, COVID has changed everything. I like to say it put us all on a new space/time continuum because we will never get back to “normal.” Instead, we will eventually get to a “new normal” with regular waves of COVID like the seasonal flu.

As many of my neighbors are fighting COVID-19 at this very moment — some for the second time — I believe we will continue from here a bit more careful and cautious. For example, I went to my third conference recently and tried to keep a mask on for most of the conference. Clearly, I couldn’t do this completely. With this said, how should organizations consider risk after the crisis?

I asked CIOs.

Creating Better Readiness for an Ever-Changing Future

CIOs had many thoughts about what we all had just gone through and about managing the risks that remain on the horizon. Miami University CIO David Seidl captured most people’s reactions when he said, “the risks we thought we were facing — a few weeks of remote, etc. — turned into a multi-year shift, huge impacts to our businesses, changes in society plus culture, long term health issues for many, mental health concerns that we will see for year.”

In terms of how organizations managed themselves during the crisis, the answered is it depends. Some CIOs are candid to say there wasn’t as much planning during the pandemic. For the less mature and less agile, there was much more reacting. For this reason, it is critical that these CIOs provision now for flexibility and redundancy at scale in the future.

Related Article: How Can CIOs Manage Strategy Through Uncertainty?

Risk Needs to Consider People

CIOs are clear that corporate risk approaches cannot be just about technology being up or down. CIOs believe people should have always been part of equation and should now receive even more attention in risk planning. Process is critical, but so is how people manage risk and processes. Many CIOs are clear people are the answer. For this reason, we have to do a better job at risk planning.

Additionally, CIOs claim dynamic risks require greater empowerment of employees. This includes the ability to make faster, short-term decisions. As well, the crisis brought front and center the currency of employee skills. Without question, the organizations that did the best kept their employees learning.

Risk Is Complex, and Change Is Inevitable

CIOs assert that risk planning needs to consider many factors, not just one. As well, CIOs and business leaders need to take a more objective approach to risk management. Part of this is that organizations shouldn’t think they know what type of a risk event could happen.

Additionally, CIOs believe the crisis showed how tech debt and complexity can impact risk. They believe, in fact, that complexity multiplies the impact of risk for an organization. For this reason, it is important to focus now on simplifying what you can. This includes creating business flexibility.

At the same time, change is inevitable and remains the only constant. Today, CIOs claim the speed of change is increasing. At the same time, they stress there is no such thing as being totally ready. For this reason, CIOs believe business leaders need to embrace the ambiguity. They need to make certain they are comfortable with the unknowns including the unforeseeable. CIOs suggest as well business leaders be on first-name basis with the monsters in the closet and own their demons.

CIOs, also, said something unexpected. They said that crises happen all the time in IT. CIOs every day have to deal with micro-crises such as a technical issue with a business service and evolving macro-crises including digital transformation and pandemic. For this reason, CIOs say they need to operate for the micro crisis and plan-invest-execute for coming macro crisis.

Related Article: CIOs: Time to Sense Transformational Needs, Create Agility

Learning From Mistakes Made

CIOs say it is important that their organizations determine what worked and what didn’t work during the crisis. At the same time, it is time to move the organization — especially IT — out of heroism mode. This may have helped in the early days of the crisis, but it is no longer healthy.

In terms of taking stock, CIOs say it is important to create a safe place to talk about and learn from the mistakes made. The starting place for this can be finding people who are willing to publicly talk about their own mistakes. To make this work, it is important to build a process to get to the root cause of the mistakes without placing blame. With this, it is critical to fix stuff and reward those who do this. CIOs need to be patient in this process. CIOs suggest as well that for experiments or projects, it is important to fail early because failing later has higher costs and consequences.