drj logo

"*" indicates required fields

Name*
Region*
Please enter a number from 0 to 100.
Strength indicator
I agree to the Terms of Service and Privacy Policy*
Yes, of course I want to receive emails from DRJ!
This field is for validation purposes and should be left unchanged.

Already have an account? Log in

drj logo

Welcome to DRJ

Already registered user? Please login here

Login Form

Register
Forgot password? Click here to reset

Create new account
(it's completely free). Subscribe

x
DRJ Fall 2025 Dallas Show
Skip to content
Disaster Recovery Journal
  • EN ESPAÑOL
  • SIGN IN
  • SUBSCRIBE
  • THE JOURNAL
    • Why Subscribe to DRJ
    • Digital Edition
    • Article Submission
    • DRJ Annual Resource Directories
    • Article Archives
    • Career Spotlight
  • EVENTS
    • DRJ Fall 2025
    • DRJ Spring 2025
    • DRJ Scholarship
    • Other Industry Events
    • Schedule & Archive
    • Send Your Feedback
  • WEBINARS
    • Upcoming Webinars
    • On Demand
  • MENTOR PROGRAM
  • DRJ ACADEMY
    • DRJ Academy
    • Beginner’s Guide to BC
  • RESOURCES
    • New to Business Continuity?
    • White Papers
    • DR Rules and Regs
    • Planning Groups
    • Business Resilience Decoded
    • DRJ Glossary of Business Continuity Terms
    • Careers
  • ABOUT
    • Advertise with DRJ
    • DEI
    • Board and Committees
      • Executive Council Members
      • Editorial Advisory Board
      • Career Development Committee
      • Glossary Committee
      • Rules and Regulations Committee
  • Podcast

Distracted by COVID: Don’t Forget to Keep Tabs on Your Long-Term Risks

by Jon Seals | August 31, 2020 | | 0 comments

This post first appeared on the MHA Consulting website.

By RICHARD LONG

The challenges of the COVID-19 pandemic have understandably monopolized most business continuity professionals’ attention over the past six months. In today’s post, I want to remind you of what the five types of risk are, talk about which have been getting neglected lately, and explain why it’s important to keep track of all five types of risk at your organization, even during a pandemic.

Related on MHA Consulting: Rinse and Repeat: Using the Risk Management Process to Manage Uncertainty

Since the coronavirus pandemic began, the people involved in managing risk at organizations have focused almost exclusively on two of the five types of risks. They’ve almost completely ignored the remaining three types. (Keep reading for the details.)

This tendency is understandable and even reasonable during an acute situation, but it’s not sustainable over the long term.

It’s time for organizations to resume taking a broad view of risk, and to get back to thinking about the risks they’ve been ignoring over the past several months.

Before we look at which kinds of risk have been getting short shrift for the past half-year, let’s have a quick refresher on the five types of risk.

THE FIVE TYPES OF RISK

In risk management, the risks that organizations face as they carry out their missions are commonly divided into five types:

  • Operational. The possibility that things might go wrong as the organization goes about its business. Reflects the fact that assets, processes, and people can fail, leading to consequences for the business ranging from negligible to sizable to catastrophic.
  • Financial. The potential costs or loss related to threats. This is often included in other risks, but should be considered separately as well. Can include lost revenue; delayed revenue; restricted cash flow; and cost increases (such as for labor or supplies).
  • Strategic. The potential to limit the ability to execute strategies, achieve objectives, and make decisions. Strategic risks are those pertaining to the possibility the company is moving in the wrong overall direction. Could include changes in business demand or need; competitive changes or pressure; technological changes; senior management turnover; and stakeholder concerns or pressure.
  • Compliance. The potential to fall out of compliance with the guidelines, laws, or contracts that the organization is obliged to operate under. This could happen if, for example, the company becomes unable to perform a certain function or loses the ability to monitor compliance activities. Common compliance areas include: regulatory requirements; best practices (as in accounting); elective compliance with standards such as ISO or ITL; and contractual terms and conditions.
  • Reputational. The potential to lose financial, market, and social standing due to damage to reputation. This damage could be either warranted or unwarranted. Reputational risks include: management gaffes; criminal proceedings against the company or its employees; technology issues; strategic decisions; issues with product or service quality; and associations with vendors or partners. In recent years, social media has added a volatile new element to reputational risk.

RISK DURING COVID-19

The unique nature of the COVID-19 pandemic has had a curious result on how businesses think about risk. It has caused business to focus intently on two of the five areas of risk and virtually ignore the other three.

The pandemic has increased the focus on the two areas that can be thought of as short-term risk and led to the almost-complete neglect of the areas of risk that pose more long-term threats to an organization.

Can you guess what the two areas are that are currently getting all the attention?

The answer is: operational risk and financial risk.

This is understandable. Those are the areas that are about making the operational changes needed to keep the organization running during the pandemic (such as having staff work from home) and looking at the financial impacts on the organization of the current challenging environment.

Meanwhile,  strategic, compliance, and reputational risk—which tend to be about longer-term threats and are the foundation of an organization’s long-term viability—have been virtually forgotten.

KEEPING TABS ON LONG-TERM RISK

It’s time we resume keeping tabs on our long-terms risks. In addition to considering operational and financial risks, we need to get back to looking at the threats posed to the organization by strategic, compliance, and reputational issues.

Operational and financial matters can seem more urgent in the short term. But strategic, compliance, and reputational problems have the power to do grave injury to the company over the medium and long term.

This is why it’s not wise to neglect those kinds of risks. They also need to be assessed, planned for, and mitigated in order to protect the company’s viability into the future.

It’s great when the operational side of the company is humming along like a well-tuned car. But if the company has made a mistake in terms of strategy, then that well-tuned car has been driving in the wrong direction. How long can your company survive while doing that?

Have you ever stayed up all night to finish an assignment for school or work? In the short term, finishing the assignment seemed more important than getting your sleep, and maybe it was. Does that mean you could do without sleep indefinitely? Sleep is a survival requirement for human beings. It’s similar for a company when it comes to keeping track of and mitigating its long terms risks in the areas of strategy, compliance, and reputation. Perhaps during an emergency, it’s justifiable to defer looking at these risks, but they can’t be ignored indefinitely, at least not safely.

The responsible company—the company that wants to protect its future—assesses and mitigates its risks across all five areas: operational, financial, strategic, compliance, and reputational.

MANAGING YOUR RISKS ACROSS THE BOARD

The following are some steps you could take to help your company get on top of its risks over all risk types (for more detailed information on how to manage risk, see the posts on risk listed below under FURTHER READING):

  1. Assess your risks over all five areas and identify those that have the highest probability of occurring and those that would have the greatest impact if they did occur.
  2. Develop a set of actions (such as avoiding, accepting, sharing, or reducing the risk) to align the risks with the company’s risk tolerance and risk appetite.
  3. Establish and implement policies and procedures to help ensure that risk responses are effectively carried out.
  4. Identify, capture, and communicate important information in a format and timeframe that enables people to carry out their responsibilities.
  5. Monitor the company’s risk management process and position and modify them if necessary.
  6. Assess the residual risk after you have developed plans and mitigation strategies.

THERE’S NO NEED TO GAMBLE

The risks businesses face in carrying out their activities can be divided into five types: operational, financial, strategic, compliance, and reputational. The COVID-19 pandemic drove many companies to focus almost exclusively on operational and financial risks, ignoring the other three. This was not an unreasonable thing to do in the early stages of the pandemic, but there’s no need to continue gambling in this manner. It’s time every organization got back to looking at the types of risks it faces over all five areas. To do otherwise is to needlessly jeopardize the organization’s long-term viability.

FURTHER READING

For more information on the types of risk, long-term risks, and other hot topics in risk management, check out the following recent posts from MHA Consulting and BCMMETRICS:

  • Rinse and Repeat: Using the Risk Management Process to Manage Uncertainty
  • Don’t Just Hope: Choosing Strategies to Mitigate Risk
  • Weighing the Danger: The Continuing Value of the Threat and Risk Assessment
  • Everything You Always Wanted to Know About Managing Risk but Were Afraid to Ask
  • BCM’s COVID-19 Challenge: Coping with Chronically Degraded Capacity
  • Take It Easy: It’s OK to Go Slow With Your COVID-19 Back-to-Work Plan
  • Back in the Saddle: Resuming Regular BCM Activities

Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.

Related Content

  1. Disaster Recovery Journal
    The State of Enterprise Risk Management 2016
  2. Disaster Recovery Journal
    Innovative Enterprise Risk Management Tools
  3. Disaster Recovery Journal
    Ask the Executive with Al Davis

Recent Posts

SecurityBridge Teams Up With Microsoft To Enhance SAP Security With Microsoft Sentinel

May 13, 2025

Backblaze Drive Stats for Q1 2025

May 13, 2025

Sectigo and Altron Security Announce Strategic Channel Partnership to Enhance Certificate Lifecycle Management in South Africa

May 13, 2025

Asigra Unveils SaaSAssure 2025 Featuring Granular Restore and Autodiscovery for Key Business Apps

May 13, 2025

STACK Infrastructure Closes $1.4 Billion in Green Financing to Support its Growing Portfolio of Stabilized Hyperscale Assets

May 13, 2025

Stackpack Raises $6.3M to Solve the $475B Vendor Chaos Problem

May 13, 2025

Archives

  • May 2025 (32)
  • April 2025 (91)
  • March 2025 (57)
  • February 2025 (47)
  • January 2025 (73)
  • December 2024 (82)
  • November 2024 (41)
  • October 2024 (87)
  • September 2024 (61)
  • August 2024 (65)
  • July 2024 (48)
  • June 2024 (55)
  • May 2024 (70)
  • April 2024 (79)
  • March 2024 (65)
  • February 2024 (73)
  • January 2024 (66)
  • December 2023 (49)
  • November 2023 (80)
  • October 2023 (67)
  • September 2023 (53)
  • August 2023 (72)
  • July 2023 (45)
  • June 2023 (61)
  • May 2023 (50)
  • April 2023 (60)
  • March 2023 (69)
  • February 2023 (54)
  • January 2023 (71)
  • December 2022 (54)
  • November 2022 (59)
  • October 2022 (66)
  • September 2022 (72)
  • August 2022 (65)
  • July 2022 (66)
  • June 2022 (53)
  • May 2022 (55)
  • April 2022 (60)
  • March 2022 (65)
  • February 2022 (50)
  • January 2022 (46)
  • December 2021 (39)
  • November 2021 (38)
  • October 2021 (39)
  • September 2021 (50)
  • August 2021 (77)
  • July 2021 (63)
  • June 2021 (42)
  • May 2021 (43)
  • April 2021 (50)
  • March 2021 (60)
  • February 2021 (16)
  • January 2021 (554)
  • December 2020 (30)
  • November 2020 (35)
  • October 2020 (48)
  • September 2020 (57)
  • August 2020 (52)
  • July 2020 (40)
  • June 2020 (72)
  • May 2020 (46)
  • April 2020 (59)
  • March 2020 (46)
  • February 2020 (28)
  • January 2020 (36)
  • December 2019 (22)
  • November 2019 (11)
  • October 2019 (36)
  • September 2019 (44)
  • August 2019 (77)
  • July 2019 (117)
  • June 2019 (106)
  • May 2019 (49)
  • April 2019 (47)
  • March 2019 (24)
  • February 2019 (37)
  • January 2019 (12)
  • ARTICLES & NEWS

    • Business Continuity
    • Disaster Recovery
    • Crisis Management & Communications
    • Risk Management
    • Article Archives
    • Industry News

    THE JOURNAL

    • Digital Edition
    • Advertising & Media Kit
    • Submit an Article
    • Career Spotlight

    RESOURCES

    • White Papers
    • Rules & Regulations
    • FAQs
    • Glossary of Terms
    • Industry Groups
    • Business & Resource Directory
    • Business Resilience Decoded
    • Careers

    EVENTS

    • Fall 2025
    • Spring 2025

    WEBINARS

    • Watch Now
    • Upcoming

    CONTACT

    • Article Submission
    • Media Kit
    • Contact Us

    ABOUT DRJ

    Disaster Recovery Journal is the industry’s largest resource for business continuity, disaster recovery, crisis management, and risk management, reaching a global network of more than 138,000 professionals. Offering weekly webinars, the latest industry news, rules and regulations, podcasts, the industry’s only official mentoring program, a quarterly magazine, and two annual live conferences, DRJ is leading the way to keep professionals up-to-date and connected in an ever-changing world.

    LEARN MORE

    LINKEDIN AND TWITTER

    Disaster Recovery Journal is the leading publication/event covering business continuity/disaster recovery.

    Follow us for daily updates

    LinkedIn

    @drjournal

    Newsletter

    The Journal, right in your inbox.

    Be informed and stay connected by getting the latest in news, events, webinars and whitepapers on Business Continuity and Disaster Recovery.

    Subscribe Now
    Copyright 2025 Disaster Recovery Journal
    • Terms of Use
    • Privacy Policy